GCN Tech Blog

By GCN Staff

Blog archive

Is SELinux leveling multi-level security?

Is SELinux commoditizing the market for multi-level security products? At the Red Hat Users and Developers Conference last week, Trusted Computer Solutions (TCS) chief Operating Officer Ed Hammersla certainly made the case that this was taking place.

SELinux, of course, is a version of Linux that uses mandatory access controls. First developed by the National Security Agency, it allows administrators to set fine-grained permissions for what users can do on a machine.

Interest in multi-level security in the intelligence and Defense agencies seems to be high right now, because it would allow analysts to access networks of multiple security levels with one machine. Now (so we hear) analysts may have two or three PCs in their office, one for each security level.

If you want to reduce those machines to one, there are only three operating systems sufficiently secure to allow a single computer to access different security levels to government standards, Hammersla related in his presentation. One is Sun's Solaris with Trusted Extensions. One is SELinus. The third is BAE Systems'Secure Trusted Operating Program, which runs BAE Systems' XTS-400.

Hammersla compared the costs of Sun's DODIIS Trusted Workstation (DTW)'which TCS helped develop'with a SELinux system offered by his own company. The Sun implementation would cost, per client $3,024, while the SELinux TCS package would cost about $609.

When I spoke with him later, Hammersla was quick to point out that price comparisons are always tricky endeavors, as the numbers could be jiggered to make any product look good.

But one of the things that help TCS cut the price of its own offering is the SELinux is hardware agnostic. If TCS wants to provide trusted workstations to an organization that uses Dell computers, it doesn't insist on bringing in its own hardware. It can use the Dell machines. DTW, on the other hand, would require Sun thin clients and servers (though, in all fairness, Solaris can run across x86 servers and clients as well).

Later that day, when we spoke with Erik Lillestolen, who is the government program manager, for Hewlett-Packard's open source and Linux organization, he seconded this opinion. HP's services organization recently started a program to offer agencies multi-level security platforms, using Red Hat Enterprise Linux 5 with SE Linux.

"There are a lot of advantages to use a standards-based system. It gives the customer the decisions as to where they want to get the hardware, and you definitely have a cost-advantage," he said.

Posted by Joab Jackson on Nov 08, 2007 at 9:39 AM


Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.