1.4 SELinux History

SELinux, though only recently released to the public as a software product, has a substantial heritage. SELinux descends from work that began several decades ago. In 1973, computer scientists David Bell and Leonard LaPadula defined the concept of a secure system state and published a formal model describing a multilevel security system.

Later, in the 1980s, the work of Bell and LaPadula strongly influenced the U.S. government's development of the Trusted Computer System Evaluation Criteria (TCSEC, popularly known as the Orange Book). The TCSEC defined six evaluation classes with progressively more stringent security requirements: C1, C2, B1, B2, B3, and A1. Class C1 and C2 systems, like Linux, depended upon discretionary access controls. Class B1 systems and systems of higher classes had to, like SELinux, implement mandatory access controls.

During the 1990s, researchers at the U.S. National Security Agency (NSA) worked with Secure Computing Corporation (SCC) to develop a strong and flexible mandatory access control architecture. Initially, their work focused on theoretical proofs of the properties and characteristics of the architecture. Eventually, working with a research team at the University of Utah, they developed a working prototype of the architecture called Flask within Fluke, a research operating system.

Later, NSA researchers worked with Network Associates and the R&D firm MITRE to implement the architecture within the open source Linux operating system. Their work was released to the public in December 2000, as an open source product.

Subsequently, Linux 2.5 was modified to incorporate LSMs, a kernel feature intended to simplify integration among SELinux, similar products, and the Linux operating system. This modification was carried forward to Linux 2.6 when development of Linux 2.5 was deemed complete.

More recently, several Linux distributors have announced plans to support SELinux within their Linux distributions. Among these are Red Hat, distributor of the commercial Linux distribution with the largest market share in the U.S. and worldwide, and SUSE, distributor of Europe's leading Linux distribution. SELinux is already a standard component of Fedora Core, the noncommercial Linux distribution whose development is sponsored by Red Hat, and several other noncommercial Linux distributions, including Debian GNU/Linux and Gentoo Linux.

Several Linux distributions augment SELinux with other security mechanisms. For instance, Gentoo Linux can be configured to compile the Linux kernel and applications to work with either of two mechanisms:

PaX

Provides a variety of protections against attacks, including Address Space Layout Randomization (ASLR). See http://pax.grsecurity.net/docs/pax.txt.

Propolice

Provides protection against stack-smashing attacks. See http://www.research.ibm.com/trl/projects/security/ssp.

Clearly, SELinux ”originally a product of the highly secretive NSA ”is becoming a mainstream technology.