Let's go back in time for a moment, back to simpler age, to 1967. The Trusted Computer Security Evaluation Criteria (TSEC) (most of you should know this as the Orange book) was actually the first attempt to try to specify a standard for security management. The TCSEC defined four divisions: D, C, B and A. Division A was the highest security, with C2 perhaps the most well known and most commonly implemented. Each division represented a significant difference in the security practices that the organization can put on the evaluated system. For example, C2 provided Controlled Access Protection, which included; more finely grained DAC, audit trails, resource isolation and required documentation through user manuals.
What it did not provide, was Mandatory Access Controls; this was provided for in B1. No Linux distribution had ever met the stringent requirements of B1, though RHEL5 essentially gets us there. Red Hat Linux, though a partnership with IBM, has received a new level of security certification that should make the software much more appealing to government agencies and others that require mandated security. RHEL5 (when deployed on IBM's System z, x and p platforms) is officially certified at EAL4+.
EAL4+ is as far as you can go with an off-the-shelf OS, according to the protection profiles LSPP (labeling). LSPP is considered the modern day equivalent of the B1 TCSEC (Orange book) standard. B1 provides mandatory access control over objects (a necessary feature for a trusted system), which is part of what SEL offers.
As a practical matter, the new certification given to RHEL5 means that Linux is now officially considered appropriate for use as a "trusted" operating system, although with SELinux, it is clearly much more flexible and capable than most other implementations. While capable of restricting all processes in a system, most distributions -- such as Red Hat -- will target only the most vulnerable programs.
Many skeptics had thought it would not be possible to get an open source OS certified at this type of level, so RHEL5's implementation of SEL certainly proved them wrong. By integrating it into their standard distribution, it really has the potential to kick-start SEL in a big way, helping provide us with a much more secure future, in the Linux world. This is really exciting, as Linux continues to lead the forefront of innovation.
Dig Deeper on Linux servers
Related Q&A from Kenneth Milberg
Learn which makes more sense for your enterprise: building your own cloud-based diagnostic tooling or purchasing an existing product. Expert Ken ... Continue Reading
Learn about Helm Charts and how Kubernetes supports a microservices architecture. Expert Ken Milberg discusses what you need to know before delving ... Continue Reading
As blockchain matures, an ecosystem of tools continues to sprout up around it. Learn how these offerings, including the Hyperledger Fabric Client SDK... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.