Tresys Technology | Solution Brief

Solution Brief

Tresys architects and builds a

modular, comprehensive,

well-documented security

policy that is at the heart of

major Linux distributions.

Customer Profile
This U.S. Government agency provides solutions, products, and services that enable defensive information operations. This includes securing information infrastructures critical to U.S. national security interests. A key requirement of the agency is the development of security policies that can provide a higher level of information assurance for government and commercial organizations.

Business Challenge
The implementation of Security Enhanced Linux (SELinux) for Mandatory Access Control (MAC) was the most pragmatic approach to providing higher levels of information assurance for a commercially supported operating system. An SELinux reference policy was required that was modular, extensible and could easily be adapted to the security goals of multiple projects. In addition, it was necessary to engage the SELinux community to ensure that the resulting technology could be transferred to Linux distributions and commercial Linux products.

Tresys Solution
Tresys developed the Open Source "Reference Policy" - a modular, comprehensive, well-documented, and secure SELinux security policy. It is now the basis for the standard SELinux security policy shipped by vendors (e.g., Red Hat) and is present in Linux COTS products such as Red Hat Enterprise Linux (RHEL).

Benefit
With Reference Policy it is possible for security policy developers to easily create new SELinux policies tailored to specific security requirements. The well-documented, modular architecture enables policy developers to include only those parts of the base policy that are needed. By using Reference Policy as a basis, SELinux security policies can be written with less effort and with a greater degree of confidence that the desired security goals will be met.

About Tresys Technology
Tresys Technology is a principal open source contributor to Security Enhanced Linux (SELinux), with an emphasis on making SELinux easier to use and manage. In addition to its extensive Secure Linux technology development, services, and training experience, Tresys provides many technology solutions that allow Linux users and administrators to easily leverage the power of SELinux. Tresys also provides business and government organizations with expert security engineering services, including security testing, evaluation and certification support, cryptographic solutions, and security technology innovation.