HomeWhat We DoResearchSE LinuxDocumentation

SELinux Documentation

Researchers in the National Information Assurance Research Laboratory of the National Security Agency (NSA) worked with Secure Computing Corporation (SCC) to develop a strong, flexible mandatory access control architecture based on Type Enforcement, a mechanism first developed for the LOCK system. The NSA and SCC developed two Mach-based prototypes of the architecture: DTMach and DTOS. The NSA and SCC then worked with the University of Utah's Flux research group to transfer the architecture to the Fluke research operating system. During this transfer, the architecture was enhanced to provide better support for dynamic security policies. This enhanced architecture was named Flask. The NSA integrated the Flask architecture into the Linux® operating system to transfer the technology to a larger developer and user community. The architecture has been subsequently mainstreamed into Linux and ported to several other systems, including the Solaris™ operating system, the FreeBSD® operating system, and the Darwin kernel, spawning a wide range of related work.

Two papers provide background information for the project:

The documentation for the security-enhanced Linux consists of papers and presentations describing the goals, design, implementation and policy configuration of the project. There are also a number of external resources for SELinux documentation, such as the resources linked from http://selinuxproject.org, and there are a number of external papers and talks published on http://selinuxsymposium.org.

Published Papers & Technical Reports

To access our published papers and technical reports, please visit the

Research Publications section of the Digital Media Center


Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
FreeBSD® is a registered trademark of the FreeBSD Foundation.
Solaris™ and OpenSolaris™ are trademarks or registered trademarks of Sun Microsystems, Inc in the United States and other countries.
Secure Computing® is a registered trademark of Secure Computing Corporation