XACE Demonstration and Discussion*
XACE can be used to make a nifty secure desktop on Xorg. But is XACE relevant with graphics interfaces moving into the kernel?
A brief demonstration of X Access Control Extension (XACE) functionality using the SELinux extension for Xorg and a few supporting applications, including a compiz plugin for displaying window labels and input manager that supports the new XI2 extension and multiple mouse pointers.
Afterwards, a discussion about the movement of memory management, command submission, and mode setting interfaces into the kernel, as they relate to fine-grained security controls. Is XACE relevant in environments such as Wayland? Would instrumentation of the kernel interfaces with LSM hooks be possible or appropriate?
X, security, XACE, SELinux, desktop
National Security Agency
Eamon Walsh is a member of the Security Enhanced Linux development team
at the National Security Agency, and has been performing computer
security research and development for the NSA’s Information Assurance
Research Group since 2003.