NSA aims for secure access to storage

The National Security Agency, building on its effort toward secure Linux computing, wants to extend its access control work into network file storage.

The effort involves integrating NSA's Flask mandatory access control (MAC) architecture into the Network File System (NFS) protocol widely used for network-attached storage devices.

David Quigley, of NSA's National Information Assurance Research Laboratory, presented the latest work on the project, called Labeled NFS (GCN.com/997) at the 71st meeting of the Internet Engineering Task Force last week in Philadelphia. IETF oversees the NFS protocol.

NSA initiated and led the effort to develop SELinux, an implementation of NSA's Flask MAC architecture for Linux (GCN.com/998).

With MAC, programs and users are assigned attributes such as security levels.

Whenever a program spawns a process thread or calls a file, the attributes are checked against the organization's authorization rules.

By deploying MAC, organizations can ensure that machine intruders don't hijack programs to execute malicious tasks, and they can prevent employees from accessing documents they don't have permission to view

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected