Is SELinux leveling multi-level security?
Is SELinux commoditizing the market for multi-level security products? At the Red Hat Users and Developers Conference last week, Trusted Computer Solutions (TCS) chief Operating Officer Ed Hammersla certainly made the case that this was taking place.SELinux
, of course, is a version of Linux that uses mandatory access controls. First developed by the National Security Agency, it allows administrators to set fine-grained permissions for what users can do on a machine.Interest
in multi-level security in the intelligence and Defense agencies seems to be high right now
, because it would allow analysts to access networks of multiple security levels with one machine. Now (so we hear) analysts may have two or three PCs in their office, one for each security level.
If you want to reduce those machines to one, there are only three operating systems sufficiently secure to allow a single computer to access different security levels to government standards, Hammersla related in his presentation. One is Sun's Solaris with Trusted Extensions. One is SELinus. The third is BAE Systems'Secure Trusted Operating Program, which runs BAE Systems' XTS-400
Hammersla compared the costs of Sun's DODIIS Trusted Workstation (DTW)
'which TCS helped develop'with a SELinux system offered by his own company. The Sun implementation would cost, per client $3,024, while the SELinux TCS package would cost about $609.
When I spoke with him later, Hammersla was quick to point out that price comparisons are always tricky endeavors, as the numbers could be jiggered to make any product look good.
But one of the things that help TCS cut the price of its own offering is the SELinux is hardware agnostic. If TCS wants to provide trusted workstations to an organization that uses Dell computers, it doesn't insist on bringing in its own hardware. It can use the Dell machines. DTW, on the other hand, would require Sun thin clients and servers (though, in all fairness, Solaris can run across x86 servers and clients as well).
Later that day, when we spoke with Erik Lillestolen, who is the government program manager, for Hewlett-Packard's open source and Linux organization, he seconded this opinion. HP's services organization recently started a program to offer agencies multi-level security platforms, using Red Hat Enterprise Linux 5 with SE Linux.
"There are a lot of advantages to use a standards-based system. It gives the customer the decisions as to where they want to get the hardware, and you definitely have a cost-advantage," he said.
Posted by Joab Jackson on Nov 08, 2007 at 9:39 AM