Tresys white papers provide education on a wide set of topics ranging from the financial benefits of implementing Flexible Mandatory Access Controls (MAC) and Security-Enhanced Linux (SELinux) to lessons learned in solving complex security problems.

• Tresys VM Fortress: Real Virtual Machine Security
• Rethink Security for Virtualized Environments
• Flexible MAC beats traditional security measures
• Enabling Government and Business Transformation With MAC Security
• Towards Intuitive Tools for Managing SELinux: Hiding the Details but Retaining the Power
• CLIP & Sentinel 3: Solid Foundation, Secure Messaging Solution
• Enforcing Flexible Access Control in a Networked Policy Domain
• FCGlob: A New SELinux File Context Syntax
• Securing Inter-Process Communications in SELinux
• Lessons Learned Developing Cross-Domain Solutions on SELinux
• Experiences Implementing a Higher-Level Policy Language for SELinux
• Higher-Level Policy Language for SELinux
• Design and Implementation of the SELinux Policy Management Server

At Tresys, we solve complex security problems for governments and businesses. Our mission is to give customers confidence that their information systems are secure. From infrastructure to mission critical applications, we develop and deploy the strongest and most flexible security solutions available.

• XD Air (FiST) enables secure use of USB devices for US DoD mission critical environments

  USB 'thumb drives' are widely used to share vital information in forward locations, move data between coalition partners, deliver command instructions and situation briefs and a wide variety of other applications. Unfortunately, these devices also provide an avenue of attack against critical systems through advanced viruses and malware. Until development of FiST, the risk associated with USB data sharing was deemed so significant that USB devices were banned or restricted. FiST is a unique solution that disinfects USB devices and files to enable secure use of the device for mission critical environments.

  Expand

• Certifiable Linux Integration Platform (CLIP) expedites DCID 6/3 and NIST compliance by providing a certified OS foundation for building secure solutions

  Security requires vigilance at the desktop and throughout the network. Tresys developed a base platform and desktop lockdown solution that allows customers to be compliant with Director of Central Intelligence Directive (DCID) 6/3 [CNNSSI 1253] and the National Institute of Standards and Technology (NIST) Special Publication 800-53. CLIP expedites the evaluation process while ensuring that systems are inherently developed with security in mind. CLIP includes a Tresys-developed secure configuration baseline of the Red Hat Operating System (OS) and the relevant documentation to support certification and accreditations. This package serves as a certified starting point OS on which vendors can build their solutions - thereby eliminating evaluation of OS requirements for each accreditation effort.

  Expand

• Secure Desktop Virtualization allows Australian Defense agency to realize the benefits of virtualization in highly secure environments

  Server and desktop virtualization offer tremendous benefits to organizations. Security, however, can be a barrier to virtualization in high risk environments. Tresys was asked to assist this Australian Defense organization to experience the benefits of desktop virtualization without compromising endpoint security. Tresys was able to deploy VM Fortress that locks down the desktop environment using strong type enforcement via SELinux, enables operational reliability via 'sandbox' environments, and eases administrator and user management.

  Expand

• Cross Domain Toolkit facilitates adoption of strong MAC for US DoD / Intelligence Agencies

  Integrating systems and networks to enable controlled sharing of information across varying security levels presents complex challenges. These solutions, commonly called cross-domain solutions (CDS) or "guards", require complex rule sets that normally do not have a user-friendly interface for accessing or defining the required rules. Tresys developed a toolkit and language definition project to assist DoD/Intel agencies with the adoption of mandatory access controls (MAC) in their environments - a Cross Domain Solution (CDS) Framework Toolkit. The CDS Framework Toolkit enables users to define the appropriate security domains, associated rules, and generate the SELinux policy required to implement the necessary security objectives.

  Expand

• Secure Chat Solution enables instant messaging between users in different security domains for US DoD Combat Command

  Sharing information real-time across the battlefield is a requirement to support today's war fighter. A DoD Unified Combatant Command of the U.S. Military that provides mission-ready, joint-capable forces, and supports the development and integration of joint, interagency, and multinational capabilities required a cross domain solution (CDS) for protection and dissemination of classified information between security enclaves - using instant messaging clients. The solution is the Collaboration Gateway (CG) - an instant messaging (IM) server that enables secure chat between users in different security domains using Jabber IM clients. This gateway ensures rightful data is shared between the intended recipients while meeting required securing policy.

  Expand

• SELinux Tools enable US Intelligence Agency to rapidly analyze and test and assess their SELinux security policies on next-generation workstations

  A U.S. intelligence agency tasked with providing solutions, products, and services that enable defensive information operations needed to define a way to ensure that their community of application developers (i.e., employees, vendors, contractors, etc.) is able to quickly assess the robustness of security policies on their secure, next-generation workstations. To meet this requirement Tresys designed, developed (and today supports) the necessary Open Source tools: SETools. SETools allows users to expedite analysis and testing of these Security Enhanced Linux (SELinux) security policies and gives users the ability to perform both interactive and complex, automated analysis of their security policy.

  Expand

• SELinux Reference Policy developed as open source solution for USG agency to provide the basis for security policy in COTS Linux distributions

  Securing information infrastructures critical to U.S. national security interests is a primary mission of this USG agency. A key requirement of the agency is the development of security policies that can provide a higher level of information assurance for government and commercial organizations. To meet this need Tresys was asked to develop a modular, comprehensive, well-documented, and secure mandatory access control (MAC) security policy that could be adopted by COTS Linux distributions. Tresys developed and today maintains the Open Source "Reference Policy" - a modular, comprehensive, well-documented, and secure SELinux security policy. It is now the basis for the standard SELinux security policy shipped by vendors (e.g., Red Hat(TM)) and is present in Linux COTS products such as Red Hat(TM) Enterprise Linux (RHEL).

  Expand

• N-Tier Application Mandatory Access Control (MAC) allows UK Government to secure an IBM WebSphere environment

  Retrofitting or developing an application to meet very high security requirements is a challenging prospect. Tresys combines the strongest technologies with unmatched expertise to ensure that applications are secure. Tresys worked with IBM and Belmin Group Ltd for this UK Cabinet Office to secure an IBM(TM) Websphere(TM) environment using strong Mandatory Access Control (MAC) and demonstrate that there was strong financial value to doing so.

  Expand

• TurretGate provides a high performance environment for routing sensitive data between US DoD networks of differing security levels and policies

  TurretGate routes Java Message Service (JMS) messages, based on security-related properties in the message. The Tresys JMS TurretGate solution supports bi-directional JMS communication between networks of differing levels, release policies and other security characteristics. It provides the ability to quickly and securely route alerts, monitoring messages, control messages and other JMS messages only to the intended target networks. The initial release of the Tresys TurretGate Platform targets a DCID 6/3 PL 4 environment. Future releases will target PL5.

  Expand