NSA aims for secure access to storage

The National Security Agency, building on its effort toward secure Linux computing, wants to extend its access control work into network file storage.

The effort involves integrating NSA's Flask mandatory access control (MAC) architecture into the Network File System (NFS) protocol widely used for network-attached storage devices.

David Quigley, of NSA's National Information Assurance Research Laboratory, presented the latest work on the project, called Labeled NFS (GCN.com/997) at the 71st meeting of the Internet Engineering Task Force last week in Philadelphia. IETF oversees the NFS protocol.

NSA initiated and led the effort to develop SELinux, an implementation of NSA's Flask MAC architecture for Linux (GCN.com/998).

With MAC, programs and users are assigned attributes such as security levels.

Whenever a program spawns a process thread or calls a file, the attributes are checked against the organization's authorization rules.

By deploying MAC, organizations can ensure that machine intruders don't hijack programs to execute malicious tasks, and they can prevent employees from accessing documents they don't have permission to view

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Featured

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected