Linux Security Summit 2013/Abstracts/Johansen2

From Linux Kernel Security Subsystem
Jump to navigation Jump to search


The AppArmor Labeling Model


John Johansen, Canonical


This presentation would cover in greater detail the AppArmor labeling extension. Specifics of how ApppArmor's labeling model works, and design decisions that where made around the model and implementation.

This will include a discussion of the interaction of object labeling with access path based rules. The relationship between AppArmor's labeling and types, how types can be derived from AppArmor policy, and why labeling is not always a type.

Some performance analysis and comparisons with older versions of AppArmor will can be covered if time permits.