Application software is flawed and will remain flawed for the foreseeable future. Nonetheless, we must find ways to create secure systems despite these inevitable flaws. Real security cannot be achieved without better underlying operating system security. The goal of SELinux is to provide this improved security in a mainstream operating system (that is, Linux).
The reference monitor concept is a common means of describing access control in operating systems. In a reference monitor, resources are encapsulated into distinct objects, and accesses between subjects (that is, processes) and objects are mediated by the reference validation mechanism according to the system security policy.
Operating systems have two forms of access control: discretionary access control (DAC) and mandatory access control (MAC). Standard Linux security is a form of DAC. SELinux adds a flexible, configurable MAC to Linux.
DAC has a fundamental weakness in that it is subject to a variety of malicious software attacks. MAC is a way to avoid these weaknesses. Most MAC features implemented so far are a form of multilevel security modeled after governmental classification controls.
SELinux implements a more flexible form of MAC called type enforcement and an optional form of multilevel security.
