Cluster computing has certainly evolved from a luxury affordable to few, to an ever increasing necessity. The growing deployments of clusters to solve critical and computationally intensive problems imply that survivability is a key requirement through which the systems must possess Reliability, Availability, Serviceability and Security (RASS) together. In this paper, we conduct a feasibility study on SELinux and the existing cluster-aware RASS framework by C.B. Leangsuksun et al. (2005). We start by understanding a semantic mapping from cluster-wide security policy to individual nodes' mandatory access control (MAC). Through our existing RASS framework, we then construct an experimental cluster-aware SELinux system. Finally, we demonstrate feasibility of mapping distributed security policy (DSP) to SELinux equivalences and the cohesiveness of cluster enforcements, which, we believe, leads to a layered technique and thus becomes highly survivable
展开▼
