おっSunからこんなプレスが

National Security Agency And Sun Microsystems Lead OpenSolaris Community Project To Advance Mandatory Access Controls
http://www.sun.com/aboutsun/pr/2008-03/sunflash.20080313.1.xml

The joint research project is intended to complement the security benefits of the mandatory access controls provided by the Solaris Trusted Extensions feature and will be evaluated by the OpenSolaris community.
The Flask architecture supports a wide range of security policies, enabling the integration of different policy engines and the configuration of the security policy to meet the specific security goals for a wide range of computing environments.

FMACと言うらしい

OpenSolaris Project: Flexible Mandatory Access Control
http://opensolaris.org/os/project/fmac/

This project will add the Flux Advanced Security Kernel (Flask) architecture and Type Enforcement (TE) to OpenSolaris.
Flask and TE provide a flexible form of mandatory access control (MAC) that has been gaining popularity since its introduction in SELinux, SEBSD, and SEDarwin. Flask/TE has also been integrated into the Xen hypervisor and has been applied to applications such as the X server, D-BUS, and PostgreSQL.

NSAからのメッセージも

"We are committed to promoting transfer of those technologies to the private sector to improve the assurance of commercial products that are becoming more critical to the future of the US Government infrastructure."

もうちょっと調べます

追記

Glenn FadenのブログにもFMACについて
http://blogs.sun.com/gfaden/date/20080315

慎重なメッセージも

Flask has been implemented in SELinux, SEBSD, and SEDarwin, but has not yet achieved much acceptance outside of the research community. When faced with the level of complexity and the effect of the policy on common applications, most end-users have elected to disable it.
We don't want this to happen in OpenSolaris, so we will need to balance improvements in the safety of running untrusted applications while making it transparent to normal users.

NSAのStephen Smalleyからのスレッドも
Project Proposal: Flexible Mandatory Access Control (fmac)
http://opensolaris.org/jive/thread.jspa?threadID=52141&tstart=0

日本語ニュースきました
Sunと米国家安全保障局がセキュアOSを共同開発へ，SELinuxのOpenSolaris版
http://itpro.nikkeibp.co.jp/article/NEWS/20080317/296369/

Sun、NSA のセキュリティ技術を『Solaris』に統合へ
http://japan.internet.com/webtech/20080317/12.html

初期段階でユーザーは、Flask と (従来の Trusted Extensions の) ラベリングを同時にではなく、どちらか一方のみを使用できるという。
将来的には、NSA から引き続き支援を受け、OpenSolaris コミュニティ内で、両方式の同時使用実現に取り組む計画だ。

おまけメモ

FGAPなんてのも

OpenSolaris Project: Fine Grained Access Policy (FGAP)
http://opensolaris.org/os/project/fgap/

This project will extend the existing Process Rights Management infrastructure in Solaris so that specified objects can be associated with individual privileges. The current Solaris privilege model does not allow one to express policy requirements such as:
・only allow binding to port 80/tcp
・only allow read access to file foo
・only allow write access under $HOME/.mozilla

RBACのツールネタ
Sun Role Manager
http://www.sun.com/software/products/rolemanager/index.jsp

Sun Role Manager (formerly Vaau's RBACx product) provides comprehensive role lifecycle management and identity compliance capabilities to streamline operations, enhance compliance, and reduce costs.