[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Re: [Apparmor-general] SLES10 Security Certification

shashi wrote:
> As AppArmor will implement a type of MAC in SLES10, is Novell has
> submitted (or) going to achieve EAL4+ LSPP ?
LSPP is the Layered Security Protection Profile; a specification for
systems providing MLS (Multi-Level Security). MLS, in turn, is a form of
strict policy (applies system wide to everything and everyone).

The strength of MLS is that it is very good at protecting privacy:
keeping your secrets secret. The cost of MLS is that it makes the system
very difficult to use: unless you have very strict secrecy requirements,
you probably don't want to turn on MLS.

AppArmor, conversely, is very good at protecting the integrity of your
data: keeping bad guys from corrupting it, especially hacker intrusions.
AppArmor also can protect the privacy of your data somewhat, but not as
well as MLS can. And AppArmor is much easier to live with than MLS.

> As SLES9 already certified for EAL4+ CAPP, i didn't heared SLES10 about
> this.
We are working towards CAPP certification for SLES10, but no specific
plans have been announced yet.

We are considering whether to seek LSPP certification, which would
involve adding additional security features to SLES. We are unsure how
many customers would actually need LSPP.

Do you actually have a specific need for LSPP? Can you tell us about it?


Crispin Cowan, Ph.D.                      http://crispincowan.com/~crispin/
Director of Software Engineering, Novell  http://novell.com
     Hack: adroit engineering solution to an unaticipated problem
     Hacker: one who is adroit at pounding round pegs into square holes

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here