Research Menu

Skip Search Box

SELinux Future Work

The National Security Agency's Security-enhanced Linux team created and uses SELinux for research purposes. This list of future work changes as our research progresses and we explore new areas. The focus of our work is not to create a marketable product, and usability and integration tasks often receive little or no priority.

It is expected that research in the below-identified areas of technology will continue. However, this list of expected research shall not be considered as a request for proposal or otherwise construed as a commitment by NSA to anyone for the procurement of equipment, services, or any obligation. The NSA reserves the right to not pursue research in any area identified below or to discontinue, at any time, research in progress in any of these areas.

This is a short list (in no particular order) of some of the many tasks remaining to be done. External participation is welcomed in these tasks as well as those which are less likely to receive SELinux team attention.

  • Integrate SELinux awareness into other userspace object managers.
  • Modify other applications to better leverage SELinux.
  • Enhance policy tools and infrastructure.
  • Enhance the SELinux reference policy.
  • Develop support for polyinstantiated ports.
  • Develop NFSv4 support for SELinux.
  • Revive extended APIs for System V IPC and sockets.
  • Investigate access controls for POSIX mqueues (beyond the file-based checks).
  • Develop framework and access controls for driver-specific operations.
  • Enhance device labeling.
  • Enhance revocation support.
  • Develop support for heterogeneous policies.
  • Integrate with non-MAC policies (e.g. crypto).
  • Develop flexible trusted path mechanism.
  • Expand set of SELinux testcases in LTP.
  • Improve network scalability and performance.
  • Improve baseline performance.

Linux is a registered trademark of Linus Torvalds


Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009