Thanks, Tom, I was going to mention that.
The question comes up every now and then, but hasn't been generally
applied to the general Java community because of the lack of wide-spread
underlying OS support. Generally the approach taken by most folks is to
run JVM's at different levels, or develop their own multi-level
context-switching using JNI's. Do check out
John (dot) Weeks (at) sun (dot) com is the person most familiar with the
current state of the art. Do check out his presentation mentioned by
Tom, but keep in mind it's about two years old now.
You might also check out the joint NSA/Sun Micro project on Flexible MAC
being done in OpenSolaris:
http://opensolaris.org/os/project/fmac/
Stephen Smalley and co are bringing the Flux Advanced Security Kernel
(Flask) and Type Enforcement (TE) technologies OpenSolaris. Flask is a
flexible form of mandatory access control (MAC) that has been gaining
popularity since its introduction in SELinux, SEBSD, and SEDarwin.
Some other info on Sun's Trusted Extensions:
http://www.opensolaris.org/os/community/security/projects/tx/
Hope this helps.
Brad
P.S. I worked with John on Trusted Solaris in another life before Java.
Tom Hawtin wrote:
michel wrote:
I am researching on java security model and I decided to have an
implementation of MAC(mandatory access control ) in jvm.
While studying trusted os I got familiar with Selinux(Security Enhaced
linux) and I surprised if we can use selinux policy in jvm.
No idea if it will help, but you might be interested in the JavaOne 2007
presentation "Leveraging Solaris Trusted Extensions to Implement
Platform Security Services for the Java Language".
http://developers.sun.com/learning/javaoneonline/j1sessn.jsp?sessn=TS-1427&yr=2007&track=5
Tom Hawtin
