Prior to Dec. 22, 2000, IT security was viewed as almost a customized process, particularly in the public sector. When a particular government agency or branch wanted a secure IT platform for classified computing, they often had to request a “trusted” variant of an existing UNIX operating system, like Trusted Solaris or Trusted IRIX. This was an incredibly expensive endeavor for vendors, who had to allocate significant technical and engineering resources to the task, with these costs ultimately passed onto the small number of customers needing this functionality. The National Security Agency (NSA) eventually decided that they wanted security “by default” and turned to the burgeoning Linux operating system to build a solution that would answer this need.
On Dec. 22, 2000, the NSA released their code to the wider open source world in the form of SELinux, and in doing so forever changed the security landscape of not just Linux, but the technology world at large. A combination of policies and security frameworks, SELinux is one of the most widely-used Linux security modules. Without these innovations, Common Criteria, a crucial government security certification, would likely not exist for Linux.
This is not to say, however, that SELinux has remained static since inception. As computing has evolved, so too has SELinux, driven by a broad community of support with significant contributions from end users within US public sector and defense agencies, as well as from within Red Hat, our partners and the broader open source community. Originally built with singular systems in mind, SELinux policies have evolved to address many different security scenarios and use cases. Such scenarios can affect not only physical systems, but also virtual machines and cloud-based workloads as well as the growing set of security challenges facing Linux containers and the general boom in mobile and edge devices (like those for the Internet of Things).
Red Hat is proud to have been one of the earliest corporate backers of SELinux and we believe so strongly in the technology that we deliver it as the default standard for Red Hat Enterprise Linux, Red Hat Enterprise Linux OpenStack Platform, Red Hat Enterprise Virtualization, OpenShift by Red Hat, Red Hat Enterprise Linux Atomic Host, and our entire portfolio of technologies that build on the Red Hat Enterprise Linux foundation. For us, SELinux served as one of the earliest proof points for open source security features, providing a tangible and ready answer for individuals and organizations that tested the security features of the open source model.
With the question of open source security long behind us, we are now focused on providing an even more flexible security model through SELinux. With the rise of composite, distributed applications that can span hundreds of physical and virtual machines as well as disparate cloud instances and Linux container deployments, one-off usage of SELinux is not enough. Instead, we are focused on providing “defense in depth” for modern computing scenarios, effectively building and deploying SELinux policies at each level of the datacenter.
This “Russian nesting doll” style of security, delivered through the flexibility of SELinux, is designed to provide layers of protection, so that should one layer fail, more stand ready to face the threat. This is why Red Hat has built SELinux, and enabled it by default, across our portfolio, along with our other key security components including tools like OpenSCAP.
As should be very obvious from Red Hat’s widespread adoption of the technology, SELinux isn’t just for government and defense agencies anymore. SELinux also provides the default security features in Android (starting with the Lollipop release), moving beyond the datacenter and now securing a gamut of IT deployments, from mobile device systems to enterprise data center systems of record, offering security features from the mobile endpoint.
After 15 years, we, along with a robust community, continue to enhance the features and capabilities of SELinux, with a particular focus on integrating SELinux with management and monitoring tools to streamline administration and security operations. We are also constantly evaluating how SELinux handles a multi-tenant world, especially in cloud and Linux container scenarios, and are working closely with our customers and end users across the public and private sectors to drive these innovations.
So here's to the 15 years of SELinux and to the SELinux community, and to many, many more!
執筆者紹介
Gunnar Hellekson is vice president and general manager for the Red Hat® Enterprise Linux® business. Before that, he was chief strategist for Red Hat’s U.S. Public Sector group. He is a founder of Open Source for America, one of Federal Computer Week’s Fed 100 for 2010, and was voted one of the FedScoop 50 for industry leadership. Hellekson was a founder of the Military Open Source working group, a member of the SIIA Software Division Board, the Board of Directors for the Public Sector Innovation Group, the Open Technology Fund Advisory Council, New America’s California Civic Innovation Project Advisory Council, and the CivicCommons Board of Advisors.
Prior to Red Hat, Hellekson worked as a developer, systems administrator, and IT director for a number of internet businesses. He has also been a business and IT consultant to not-for-profit organizations in New York City. During that time, he spearheaded the reform of safety regulations for New York State’s electrical utilities through the Jodie Lane Project.
類似検索
チャンネル別に見る
自動化
テクノロジー、チームおよび環境に関する IT 自動化の最新情報
AI (人工知能)
お客様が AI ワークロードをどこでも自由に実行することを可能にするプラットフォームについてのアップデート
オープン・ハイブリッドクラウド
ハイブリッドクラウドで柔軟に未来を築く方法をご確認ください。
セキュリティ
環境やテクノロジー全体に及ぶリスクを軽減する方法に関する最新情報
エッジコンピューティング
エッジでの運用を単純化するプラットフォームのアップデート
インフラストラクチャ
世界有数のエンタープライズ向け Linux プラットフォームの最新情報
アプリケーション
アプリケーションの最も困難な課題に対する Red Hat ソリューションの詳細
オリジナル番組
エンタープライズ向けテクノロジーのメーカーやリーダーによるストーリー
製品
ツール
試用、購入、販売
コミュニケーション
Red Hat について
エンタープライズ・オープンソース・ソリューションのプロバイダーとして世界をリードする Red Hat は、Linux、クラウド、コンテナ、Kubernetes などのテクノロジーを提供しています。Red Hat は強化されたソリューションを提供し、コアデータセンターからネットワークエッジまで、企業が複数のプラットフォームおよび環境間で容易に運用できるようにしています。
言語を選択してください
Red Hat legal and privacy links
- Red Hat について
- 採用情報
- イベント
- 各国のオフィス
- Red Hat へのお問い合わせ
- Red Hat ブログ
- ダイバーシティ、エクイティ、およびインクルージョン
- Cool Stuff Store
- Red Hat Summit