• About ISSO
• Research Areas
• Projects
• Finished Projects and Archive
• Opensource Projects

NSA Security-Enhanced Linux:

Flexible Mandatory Access Controls for Linux

NSA Security-Enhanced Linux (SELinux) implements flexible and fine-grained mandatory access controls for Linux. These controls can be used to confine processes (including superuser processes) to least privilege, to protect the integrity and confidentiality of processes and data, and to support protected subsystems or assured pipelines. SELinux is available under the GNU General Public License.

SELinux is based on the Flask security architecture for flexible mandatory access controls. The Flask security architecture encapsulates the security policy logic in a separate component of the operating system called the security server. Security labels are encapsulated by policy-independent data types called security contexts and security identifiers. SELinux inserts code into the process management, file system, and networking code of the Linux kernel that makes calls to the security server to obtain security decisions and that applies these decisions to label and control processes and kernel objects such as files, sockets, and System V IPC objects.

The example security server provided with SELinux implements two specific models of security: Type Enforcement and Role-Based Access Control. However, other security models can be supported simply by replacing the security server. The example security policy configuration shows how to configure the Type Enforcement and Role-Based Access Control policies to meet particular security objectives, and can be used as a starting point for creating custom policy configurations.

The latest public release of the new SELinux prototype that uses the Linux Security Modules (LSM) kernel patch is available on the NSA SELinux web site. The LSM kernel patch provides general security hooks in the Linux kernel and is being jointly developed by several different security projects. The new SELinux prototype uses this patch rather than our own custom kernel patch, in contrast to the original SELinux prototype. The new SELinux prototype is still under active development.

SELinux is licensed under the GNU General Public License.

The SELinux software can be downloaded from the NSA web site at http://www.nsa.gov/selinux.

Two papers have been published about SELinux:

• Peter Loscocco and Stephen Smalley. Integrating Flexible Support for Security Policies into the Linux Operating System. In the Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference (FREENIX '01), June 2001. [PDF ].
• Peter A. Loscocco and Stephen D. Smalley. Meeting Critical Security Objectives with Security-Enhanced Linux. In the Proceedings of the 2001 Ottawa Linux Symposium, July 2001. [PDF ].

Technical reports about SELinux can be downloaded from the NSA web site at http://www.nsa.gov/selinux.

Information about the selinux mailing list is available at http://www.nsa.gov/selinux.

To contact the developers for this project, please e-mail ISSO-selinux@sparta.com. To contact the entire development team (including researchers at NSA and MITRE), please send e-mail to the selinux mailing list.