Karl MacMillan (RedHat) wrote this response to Glenn Faden’s comparison between Sun’s new Solaris Trusted Extensions and SELinux.

Excerpt
The biggest misconception of this article that I want to address is that Red Hat Enterprise Linux 5 is a “trusted operating system”. It is not and hopefully never will be. Instead, Red Hat Enterprise Linux is a general purpose operating system that can meet the same requirements that traditionally required a special-purpose trusted operating system. This distinction may seem small, but it has large implications on the relevance and long-term viability of Red Hat Enterprise Linux and SELinux.

Full article

Comments: No Comments

Glenn Faden, Distinguished Engineer at Sun Microsystems has published this very insightful article about the differences between the Trusted Solaris successor - Solaris Trusted Extensions and Red Hat Enterprise Linux which contains SELinux functionality.

Excerpt:
Overview of the Trusted Extensions and RHEL5 LSPP Systems

The Solaris 10 Operating System provides new frameworks for containment (zones), user rights management (roles and authorizations), and process rights management (privileges). The Trusted Extensions software, introduced in the Solaris 10 11/06 OS, extends these frameworks by adding sensitivity labels to provide a mandatory access control (MAC) policy base that implements multilevel security. Since the Trusted Extensions software preserves all the basic Solaris OS functionality, new features added to the Solaris OS are, by definition, compatible with Trusted Extensions.

The Red Hat Enterprise Linux 5 OS includes SELinux, which is a framework for describing a security policy based on security contexts. A security context consists of a user identity, a role, a type, and an optional MLS level or range. The user identity attribute in the security context is independent of the ordinary Linux user identity attributes. The SELinux mandatory access controls remain completely orthogonal to the existing Linux access controls. As a result, a process must pass standard policy controls before anything from the SELinux module applies.

Neither RHEL5 LSPP nor the Solaris 10 11/06 OS enables the use of sensitivity labels by default.

Link to full article

Comments: 1 Comment

Tresys, a company that has built expertise around SELinux (Security Enhanced Linux) just announced that they are now offering a new version of their SETools product suite.

While SELinux was never for the faint of heart, one of the main issues around the configuration of SELinux have always been policy management and configuration. It seems that Tresys has put a lot of effort into making it easier to accomplish that.

Some of the tools that are included allow the administrator to:

SE Linux which was originally developed by the NSA has gained increasing popularity within the High Assurance Community.

Comments: No Comments