1.1. The Inevitability of Software Failure
Appropriately enough, we derive the title of this first section of a book on SELinux from a paper
that the principal
of SELinux coauthored before the SELinux project was even started. The authors of that paper pointed out that software is flawed, and that too much of the software being developed assumes that applications can enforce security without the support of the underlying operating systems. As they note:
The necessity of operating system security to overall system security is undeniable … If it fails to meet this responsibility, system-wide vulnerabilities will result.
A design that
to create security without the support of the underlying operating system is a "fortress built upon sand"
with no secure foundation upon which to sit.
since that paper was published in 1998, the problem of flawed application software has become practically an everyday news headline. Rarely does a week go by that some new virus, computer theft, or system vulnerability is not announced. The fact of life in the computer era is that application software is flawed and will
the efforts to make software better and more reliable, but flaws will undoubtedly remain an ongoing problem for the foreseeable future. Some people will always try to exploit these flaws. Our challenge as a community is to find ways to have secure systems knowing that flawed application software will always exists. We cannot meet this challenge successfully without first finding firm ground upon which to build (that is, the operating system).
Thus we find the goal of SELinux:
, to promulgate a better form of operating system security. As we discuss in this book, the state of the art in operating system security is inadequate. We as a computer security community have known this for nearly 40 years. We have
much research but have had limited success improving this situation for mainstream operating systems. Finally, with SELinux, we believe real progress has been made in a way that we will
. SELinux is indeed a
to the Linux operating system. This enhancement can effectively mitigate the problem of flawed application software, including those flaws not yet
or created. This same enhancement can also enforce many security goals,
from data confidentiality to application integrity to improved robustness.
With SELinux, we have made a great stride toward moving our "fortress" off the shifting sands on which it currently sits.