GCN Tech Blog

By GCN Staff

Blog archive

Is SELinux leveling multi-level security?

Is SELinux commoditizing the market for multi-level security products? At the Red Hat Users and Developers Conference last week, Trusted Computer Solutions (TCS) chief Operating Officer Ed Hammersla certainly made the case that this was taking place.

SELinux, of course, is a version of Linux that uses mandatory access controls. First developed by the National Security Agency, it allows administrators to set fine-grained permissions for what users can do on a machine.

Interest in multi-level security in the intelligence and Defense agencies seems to be high right now, because it would allow analysts to access networks of multiple security levels with one machine. Now (so we hear) analysts may have two or three PCs in their office, one for each security level.

If you want to reduce those machines to one, there are only three operating systems sufficiently secure to allow a single computer to access different security levels to government standards, Hammersla related in his presentation. One is Sun's Solaris with Trusted Extensions. One is SELinus. The third is BAE Systems'Secure Trusted Operating Program, which runs BAE Systems' XTS-400.

Hammersla compared the costs of Sun's DODIIS Trusted Workstation (DTW)'which TCS helped develop'with a SELinux system offered by his own company. The Sun implementation would cost, per client $3,024, while the SELinux TCS package would cost about $609.

When I spoke with him later, Hammersla was quick to point out that price comparisons are always tricky endeavors, as the numbers could be jiggered to make any product look good.

But one of the things that help TCS cut the price of its own offering is the SELinux is hardware agnostic. If TCS wants to provide trusted workstations to an organization that uses Dell computers, it doesn't insist on bringing in its own hardware. It can use the Dell machines. DTW, on the other hand, would require Sun thin clients and servers (though, in all fairness, Solaris can run across x86 servers and clients as well).

Later that day, when we spoke with Erik Lillestolen, who is the government program manager, for Hewlett-Packard's open source and Linux organization, he seconded this opinion. HP's services organization recently started a program to offer agencies multi-level security platforms, using Red Hat Enterprise Linux 5 with SE Linux.

"There are a lot of advantages to use a standards-based system. It gives the customer the decisions as to where they want to get the hardware, and you definitely have a cost-advantage," he said.

Posted by Joab Jackson on Nov 08, 2007 at 9:39 AM


inside gcn

  • artificial intelligence (ktsdesign/Shutterstock.com)

    Machine learning with limited data

Reader Comments

Fri, Nov 9, 2007 John Totah CA

Most people should realize that the cost comparisons between SELinux and Solaris Trusted Extensions are not difficult to understand if you eliminate the additional costs of the TCS package.We value the SELinux community and other vendors contributions to help solve the tough problems that our customers must deal with.This discussion is not so much about hardware, but if their claim is true, it appears that TCS will cost an additional $609 for their SELinux offering on an Axim Pocket PC PDA. --John

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

resources

HTML - No Current Item Deck
  • Transforming Constituent Services with Business Process Management
  • Improving Performance in Hybrid Clouds
  • Data Center Consolidation & Energy Efficiency in Federal Facilities

More from 1105 Public Sector Media Group