NSA aims for secure access to storage
- By Joab Jackson
- Mar 14, 2008
The National Security Agency, building on its effort toward secure Linux computing, wants to extend its access control work into network file storage.
The effort involves integrating NSA's Flask mandatory access control (MAC) architecture into the Network File System (NFS) protocol widely used for network-attached storage devices.
David Quigley, of NSA's National Information Assurance Research Laboratory, presented the latest work on the project, called Labeled NFS (GCN.com/997) at the 71st meeting of the Internet Engineering Task Force last week in Philadelphia. IETF oversees the NFS protocol.
NSA initiated and led the effort to develop SELinux, an implementation of NSA's Flask MAC architecture for Linux (GCN.com/998).
With MAC, programs and users are assigned attributes such as security levels.
Whenever a program spawns a process thread or calls a file, the attributes are checked against the organization's authorization rules.
By deploying MAC, organizations can ensure that machine intruders don't hijack programs to execute malicious tasks, and they can prevent employees from accessing documents they don't have permission to view
Joab Jackson is the senior technology editor for Government Computer News.