A founding goal of Tresys was to innovate new technology to solve complex security challenges. An extensive research and development program focuses on achieving that goal. Tresys shares the results of our research with the open source community in order to broaden adoption and use of SELinux.
Security Enhanced Linux (SELinux) is an open source security feature included in the Linux kernel and shipped as part of Red Hat Enterprise Linux, Ubuntu, WindRiver Linux, and other leading Linux distributions. The mandatory access controls features provided by SELinux, which are the result of years of research by the National Security Agency, provide the right features to address the root causes of todays' computer security challenges. Key benefits of using SELinux include the following:
- Limits the threat of zero-day attacks
- Reduces exposure due to poor patching
- Provides security at the platform level, reducing the security burden placed on applications
- Controls insider threats
- Limits the damage caused by software bugs
- Constrains administrative accounts
- Provides ability to enforce secure application sandboxes
As such SELinux is the basis for many trusted and high assurance operating environments in the Department of Defense, Intelligence, financial, and critical infrastructure environments. Accordingly, Tresys contributes to many open source projects. Specific to SELinux, Tresys leads the following open source projects:
- Certifiable Linux Integration Platform (CLIP)
- SETools Policy Analysis Suite
- Reference Policy
- Loadable Policy Modules
- SELinux Policy IDE (SLIDE)
- CDS Framework IDE
- Policy Management Server
- Secure Inter-process Communications (SIPC)
Open Source Projects
See the latest on Tresys participation in open source community projects related to high security.
- SELinux Community and Development
maintained by Tresys engineer
Joshua Brindle - Reference Policy Project
maintained by Tresys
Christopher PeBenito - Hardened Gentoo Project
SELinux lead
Christopher PeBenito