SELinux provides the most secure
operating system security available...
and Tresys is the single largest
commercial contributor to its
code base.

 
Open Source Server (oss.tresys.com)
The home for collaborative software development of tools and technology originating from our R&D program.
SETools Release 3.3
Now available for download.
Reference Policy Version 20071214
Now available for download.
SLIDE Release 1.3
Now available for download.

MITIGATION NEWS

Many companies will not publish details of known attacks or exploits. Here are some recent exploits prevented solely and specifically by SELinux:

 

    2008 APR  Cross-Plat. Flash Vulnerability

                      - Original Paper

                      - SELinux Mitigation

    2008 JAN  OpenPegasus Services

    2007 OCT  hplip Security Flaw

    2007 JUL Mambo Exploit

    2007 JUN Apache DoS

    2007 MAY Samba Buffer Overflow

    2006 JUL Local Privilege Escalation

    2006 MAR Sendmail Code Execution

    2005 JUL PHP XML-RPC Remote Code

    2005 MAR Sendmail Code Execution

 
 
SELinux brings the best security technology available for operating systems. For many years Tresys has contributed to a variety of open source projects and technologies that make SELinux better and stronger. Building upon our open source technology and application experiences, Tresys has introduced a line of commercially available products that make SELinux even better and easier to use.  Our work with SELinux primarily consists of the following areas:

SELinux Open Source Technology
For many years, Tresys has been a leader in developing open source technology to make SELinux easier to use. Our current technologies include the industry standard reference policy, the loadable policy module infrastructure, the SeTools Policy Analysis Suite, and the new SELinux policy IDE and new CDS Framework IDE. See our open source technology site for more information.

SELinux Consulting & Development Services
Tresys has unmatched experience building secure systems using the power of SELinux. Our technology leadership gives us an unique insights into how to efficiently use SELinux, the best security technology available. Our services include helping other make use of SELinux to developing custom SELinux-based applications. We are also a leader in SELinux training. See our services page for more information about our SELinux consulting and development services.

SELinux Training
Tresys offers the best available SELinux training.  We provide two courses:

  • a 1-day introductory course focused on developing SELinux security policy modules for your applications, and

  • a 3-day in-depth overview of all aspects of an SELinux policy and development.

SELinux Products
Tresys is developing a number of products that will make it even easier for Linux administrators and user to tap into the power of SELinux. Tresys Razor is specifically designed to enhance the security of enterprise and embedded Linux applications. Tresys Brickwall Security Suite allows Linux administrators to customize network security of individual applications without special SELinux knowledge. See our products page for more information.

Additional Information

SELinux by Example
 The definitive and most complete book on SELinux. Written by Tresys engineers and largely based on Tresys' successful training class on SELinux policy development, this is the first and only book that comprehensively explains the SELinux policy language and how to use the power of SELinux to create secure systems.

White Papers
 Learn more about our technical contributions. Topics range from "Enforcing Flexible Access Control in a Networked Policy Domain" to "Lessons Learned Developing Cross-Domain Solutions on SELinux".

SELinux Object Classes and Permissions
Document containing a list of all of the object classes and permissions for SELinux including a brief description of of the semantics of each permission.

Still want to know more about SELinux? Then click here!

 
 
    Home                Technology          Services            Products        SELinux         About Us