GCN Tech Blog

By GCN Staff

Blog archive

Is SELinux leveling multi-level security?

Is SELinux commoditizing the market for multi-level security products? At the Red Hat Users and Developers Conference last week, Trusted Computer Solutions (TCS) chief Operating Officer Ed Hammersla certainly made the case that this was taking place.

SELinux, of course, is a version of Linux that uses mandatory access controls. First developed by the National Security Agency, it allows administrators to set fine-grained permissions for what users can do on a machine.

Interest in multi-level security in the intelligence and Defense agencies seems to be high right now, because it would allow analysts to access networks of multiple security levels with one machine. Now (so we hear) analysts may have two or three PCs in their office, one for each security level.

If you want to reduce those machines to one, there are only three operating systems sufficiently secure to allow a single computer to access different security levels to government standards, Hammersla related in his presentation. One is Sun's Solaris with Trusted Extensions. One is SELinus. The third is BAE Systems'Secure Trusted Operating Program, which runs BAE Systems' XTS-400.

Hammersla compared the costs of Sun's DODIIS Trusted Workstation (DTW)'which TCS helped develop'with a SELinux system offered by his own company. The Sun implementation would cost, per client $3,024, while the SELinux TCS package would cost about $609.

When I spoke with him later, Hammersla was quick to point out that price comparisons are always tricky endeavors, as the numbers could be jiggered to make any product look good.

But one of the things that help TCS cut the price of its own offering is the SELinux is hardware agnostic. If TCS wants to provide trusted workstations to an organization that uses Dell computers, it doesn't insist on bringing in its own hardware. It can use the Dell machines. DTW, on the other hand, would require Sun thin clients and servers (though, in all fairness, Solaris can run across x86 servers and clients as well).

Later that day, when we spoke with Erik Lillestolen, who is the government program manager, for Hewlett-Packard's open source and Linux organization, he seconded this opinion. HP's services organization recently started a program to offer agencies multi-level security platforms, using Red Hat Enterprise Linux 5 with SE Linux.

"There are a lot of advantages to use a standards-based system. It gives the customer the decisions as to where they want to get the hardware, and you definitely have a cost-advantage," he said.

Posted by Joab Jackson on Nov 08, 2007 at 9:39 AM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.