XACE Demonstration and Discussion

Short Talk
Scheduled: Thursday, September 24, 2009 from 2:30 – 2:55pm in Salon E


XACE can be used to make a nifty secure desktop on Xorg. But is XACE relevant with graphics interfaces moving into the kernel?


A brief demonstration of X Access Control Extension (XACE) functionality using the SELinux extension for Xorg and a few supporting applications, including a compiz plugin for displaying window labels and input manager that supports the new XI2 extension and multiple mouse pointers.

Afterwards, a discussion about the movement of memory management, command submission, and mode setting interfaces into the kernel, as they relate to fine-grained security controls. Is XACE relevant in environments such as Wayland? Would instrumentation of the kernel interfaces with LSM hooks be possible or appropriate?


X, security, XACE, SELinux, desktop


  • Eamon Walsh

    National Security Agency


    Eamon Walsh is a member of the Security Enhanced Linux development team
    at the National Security Agency, and has been performing computer
    security research and development for the NSA’s Information Assurance
    Research Group since 2003.

Leave a private comment to organizers about this proposal