Prior to Dec. 22, 2000, IT security was viewed as almost a customized process, particularly in the public sector. When a particular government agency or branch wanted a secure IT platform for classified computing, they often had to request a “trusted” variant of an existing UNIX operating system, like Trusted Solaris or Trusted IRIX. This was an incredibly expensive endeavor for vendors, who had to allocate significant technical and engineering resources to the task, with these costs ultimately passed onto the small number of customers needing this functionality. The National Security Agency (NSA) eventually decided that they wanted security “by default” and turned to the burgeoning Linux operating system to build a solution that would answer this need.
On Dec. 22, 2000, the NSA released their code to the wider open source world in the form of SELinux, and in doing so forever changed the security landscape of not just Linux, but the technology world at large. A combination of policies and security frameworks, SELinux is one of the most widely-used Linux security modules. Without these innovations, Common Criteria, a crucial government security certification, would likely not exist for Linux.
This is not to say, however, that SELinux has remained static since inception. As computing has evolved, so too has SELinux, driven by a broad community of support with significant contributions from end users within US public sector and defense agencies, as well as from within Red Hat, our partners and the broader open source community. Originally built with singular systems in mind, SELinux policies have evolved to address many different security scenarios and use cases. Such scenarios can affect not only physical systems, but also virtual machines and cloud-based workloads as well as the growing set of security challenges facing Linux containers and the general boom in mobile and edge devices (like those for the Internet of Things).
Red Hat is proud to have been one of the earliest corporate backers of SELinux and we believe so strongly in the technology that we deliver it as the default standard for Red Hat Enterprise Linux, Red Hat Enterprise Linux OpenStack Platform, Red Hat Enterprise Virtualization, OpenShift by Red Hat, Red Hat Enterprise Linux Atomic Host, and our entire portfolio of technologies that build on the Red Hat Enterprise Linux foundation. For us, SELinux served as one of the earliest proof points for open source security features, providing a tangible and ready answer for individuals and organizations that tested the security features of the open source model.
With the question of open source security long behind us, we are now focused on providing an even more flexible security model through SELinux. With the rise of composite, distributed applications that can span hundreds of physical and virtual machines as well as disparate cloud instances and Linux container deployments, one-off usage of SELinux is not enough. Instead, we are focused on providing “defense in depth” for modern computing scenarios, effectively building and deploying SELinux policies at each level of the datacenter.
This “Russian nesting doll” style of security, delivered through the flexibility of SELinux, is designed to provide layers of protection, so that should one layer fail, more stand ready to face the threat. This is why Red Hat has built SELinux, and enabled it by default, across our portfolio, along with our other key security components including tools like OpenSCAP.
As should be very obvious from Red Hat’s widespread adoption of the technology, SELinux isn’t just for government and defense agencies anymore. SELinux also provides the default security features in Android (starting with the Lollipop release), moving beyond the datacenter and now securing a gamut of IT deployments, from mobile device systems to enterprise data center systems of record, offering security features from the mobile endpoint.
After 15 years, we, along with a robust community, continue to enhance the features and capabilities of SELinux, with a particular focus on integrating SELinux with management and monitoring tools to streamline administration and security operations. We are also constantly evaluating how SELinux handles a multi-tenant world, especially in cloud and Linux container scenarios, and are working closely with our customers and end users across the public and private sectors to drive these innovations.
So here's to the 15 years of SELinux and to the SELinux community, and to many, many more!
저자 소개
Gunnar Hellekson is vice president and general manager for the Red Hat® Enterprise Linux® business. Before that, he was chief strategist for Red Hat’s U.S. Public Sector group. He is a founder of Open Source for America, one of Federal Computer Week’s Fed 100 for 2010, and was voted one of the FedScoop 50 for industry leadership. Hellekson was a founder of the Military Open Source working group, a member of the SIIA Software Division Board, the Board of Directors for the Public Sector Innovation Group, the Open Technology Fund Advisory Council, New America’s California Civic Innovation Project Advisory Council, and the CivicCommons Board of Advisors.
Prior to Red Hat, Hellekson worked as a developer, systems administrator, and IT director for a number of internet businesses. He has also been a business and IT consultant to not-for-profit organizations in New York City. During that time, he spearheaded the reform of safety regulations for New York State’s electrical utilities through the Jodie Lane Project.
유사한 검색 결과
채널별 검색
오토메이션
기술, 팀, 인프라를 위한 IT 자동화 최신 동향
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
오픈 하이브리드 클라우드
하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
오리지널 쇼
엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리
제품
- Red Hat Enterprise Linux
- Red Hat OpenShift Enterprise
- Red Hat Ansible Automation Platform
- 클라우드 서비스
- 모든 제품 보기
툴
체험, 구매 & 영업
커뮤니케이션
Red Hat 소개
Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.