TresysのSELinux本「SELinux by Example :Using Security Enhanced Linux」

そういえばSELinuxMLで思い出しました。
TresysのSELinux本について
http://www.selinux.gr.jp/selinux-users-ml/200608.month/1713.html

概要については以下のサイトにあり

SELinux by Example
Using Security Enhanced Linux
Frank Mayer, Karl MacMillan, David Caplan
http://vig.prenhall.com/catalog/academic/product/0,1144,0131963694-PRE,00.html

おおまかな章立てについて↓

Part I

　・　Overview of mandatory access control
　・　Type enforcement concepts and applications
　・　SELinux architecture and mechanisms

Part II

　・　Details of the SELinux native policy language syntax and semantics
　・　Object labeling in SELinux

Part III

　・　Two primary methods developed to build SELinux policies: the example policy and the reference policy
　・　Impacts of SELinux on system administration
　・　How to write policy modules for SELinux

各章の概要について↓
全14章＋付録の456ページ
MLSやReference Policyについてももちろんあり。

Part I, "SELinux Overview."

This part provides the background of SELinux evolution and an overview of its security concepts and architecture.

　・　Chapter 1, "Background."
In this chapter, we discuss the evolution of access control in operating systems, kinds of access control mechanisms, their strengths and weaknesses, and the kind of access control SELinux brings to Linux.

　・　Chapter 2, "Concepts."
In this chapter, we provide a conceptual overview of SELinux security mechanisms in the form of a detailed tutorial. This chapter is a good, concise discussion of the security enhancements SELinux brings to Linux.

　・　Chapter 3, "Architecture."
In this chapter, we provide an overview of the SELinux architecture and implementation and an overview of the policy language architecture.

Part II, "SELinux Policy Language."

This part contains a detailed description of the entire SELinux policy language syntax and semantics. Each chapter addresses a portion of the language. This part of the book can be viewed as a policy language reference.

　・　Chapter 4, "Object Classes and Permissions."
In this chapter, we describe how SELinux controls kernel resources using object classes and defines fine-grained permissions to those object classes.

　・　Chapter 5, "Type Enforcement Policy."
In this chapter, we describe all the core policy language rules and statements that enable us to write a type enforcement policy. Type enforcement is the central access control feature of SELinux.

　・　Chapter 6, "Roles and Users."
In this chapter, we discuss the SELinux role-based access control mechanism and how roles and users in the policy language support the type enforcement policy.

　・　Chapter 7, "Constraints."
In this chapter, we discuss the constraint feature of the SELinux policy language, which is a means to provide restrictions within the policy that support the type of enforcement policy.

　・　Chapter 8, "Multilevel Security."
In this chapter, we describe the policy language features that allow for optional multilevel security access controls in addition to the core type of enforcement access controls.

　・　Chapter 9, "Conditional Policies."
In this chapter, we discuss an enhancement to the policy language that enables us to make portions of the type enforcement policy conditional on Boolean expressions whose values can be changed during the course of operation on a production system.

　・　Chapter 10, "Object Labeling."
In this chapter, we finish our discussion of the policy language by examining how objects are labeled and how we manage those labels in support of SELinux-enhanced access control.

Part III, "Creating and Writing SELinux Security Policies."

In this final part, we show you how to make use of the policy language, discussing methods for building security policies and insights into administering an SELinux system and writing and debugging SELinux policy modules.

　・　Chapter 11, "Original Example Policy."
In this chapter, we discuss the example policy, which is a method (source files, build tools and conventions, and so on) for building an SELinux policy that has evolved over the years from the original example policy released with SELinux by the National Security Agency. Fedora Core 4 and Red Hat Enterprise Linux come standard with policies based on the example policy.

　・　Chapter 12, "Reference Policy."
In this chapter, we discuss a new method for building an SELinux policy that provides all the features of the example policy along with support for emerging SELinux technology. The more recent Fedora Core 5 uses reference policy as its policy foundation.

　・　Chapter 13, "Managing an SELinux System."
In this chapter, we discuss how SELinux impacts the administration of a Linux system.

　・　Chapter 14, "Writing Policy Modules."
In this final chapter, we bring all that you have learned throughout the book into a guided tour on writing a policy module for both the example and reference policies.

Appendixes.

We have included several appendixes with additional reference material:

　・　Appendix A, "Obtaining SELinux Sample Policies."
This appendix provides instructions on how to obtain the sample policy source files we discuss in this book.

　・　Appendix B, "Participation and Further Information."
This chapter lists sources of additional information on SELinux and describes how you can further participate in the development of SELinux.

　・　Appendix C, "Object Class Reference."
This chapter provides a detailed dictionary of all SELinux kernel object classes and associated permissions.

　・　Appendix D, "SELinux Commands and Utilities."
This chapter provides a summary of utilities and third-party tools available to help with developing SELinux policies and managing SELinux systems.

もっと詳細な章の項目はこっち↓
http://www.loc.gov/catdir/toc/ecip0612/2006012657.html

この本について知ったのは「Frank Mayer氏と語る会」のとき
去年の5月だったんだなあ
開催レポートはこちら↓
http://www.selinux.gr.jp/selinux-users-ml/200505.month/773.html

来日したのはRSAカンファレンス2005のときなのでいくつか取材もされてました。

C3-2 セキュリティ強化Linux：型強制（TypeEnforcement）とSELinux
https://ssl.medialive.jp/rsa2005fm/jp/seminar_C3-2.html

「米政府機関でSELinuxのプロジェクトが進行中，複雑さを解決する技術も開発」---SELinux Symposium Chairman Frank Mayer氏
http://itpro.nikkeibp.co.jp/members/ITPro/oss/20050614/162694/

――米政府機関とSELinuxのかかわりは。

SELinuxは，長い間NSA内部の研究プロジェクトでした。2000年にオープンソース・ソフトウエアとして公開しました。
実際の適用についてはセンシティブなのでお話できませんが，政府組織で多くのネットワーク・サーバーや組み込みシステムに使用されています。

こんなURLがあったけど、関係ないサイトでした。
http://www.frankmayer.com/
ハーレーのホイールウエイトのディスプレイ作った会社でした。
http://www.frankmayer.com/sh_harleydavidson.htm