Lolpolicy for defining Linux security #LinuxCon
By Sean Michael Kerner on August 9, 2010 8:44 AM
From the 'Useful Lolcats' files:
BOSTON. Ever wonder how lolspeak, the language of lolcats could be used to secure Linux?
At LinuxCon, Joshua Brindle from Linux security vendor Tresys (pic left) detailed something he called lolpolicy for making SELinux security policies easier to manage.
Lolpolicy is Brindle's half-serious implementation of something he referred to as -CIL (Common Intermediary Language) - which is an intermediate policy language for SELinux. It's an attempt to clean up some of the management layer of SELinux, Brindle said.
Now lolpolicy is one potential language overlay for CIL. So say for example you want to create a policy for your staff - Brindle said you just input 'I iz staff' and if you want full access input 'om nom nom' (yeaah lolspeak is...weird).
An *interesting* idea for sure and certainly, I've never seen a practical use for lolcat/lolspeak before, but hey why not.
The real root of Brindle's lolpolicy though is about making security policies more usable and understandable (and if lolcats are you thing...).
The other reason why he has come up with lolpolicy is -- simply put -- he didn't want to be a stuffy security person.
Overall, I agree with the idea of trying to make policy easier for admins to setup and users to understand. Do I personally ever expect to implement lolpolicy on my servers? Likely not, but some sort of CIL use for simplified SELinux security policy might be.
KthnxBai!