The following project was given to the Institute of Information Technology of the Zurich University of Applied Sciences Winterthur by armasuisse as a final thesis. Parallel to our thesis armasuisse is researching other ways to ensure excellent system security. Our job, in this bigger context, is to install and configure a SELinux system and then install cordoned off virtual machines (VMs) on top of it. SELinux is a minimal and secure Open Source security system which was created by the U.S. National Security Agency (NSA). It allows the use of Mandatory Access Control.

The first step in our SELinux conquest was to test the level of SELinux integration in many of the known Linux distributions. As a result of this, we chose to work with Gentoo Linux, because it insured good SELinux functionality in a small and stable system. During this time we also got to know SELinux, its build-up, its functionalities and its originalities. Parallel to our work with SELinux, we also researched VMWare and QEMU. These two programs can be used to implement VMs on a SELinux base system. We tested these programs to find out which resources and files are accessed by the respective VMs. As we continued our work, we installed and configured a SELinux system which could be run in enforcing mode. At this point we had to configure the SELinux security policy, in order to make the X11 system and VMWare would work properly.

Finally, we can say that SELinux and MAC are mighty tools, which take an important step towards making operating systems more secure. At the moment, the only downside to the SELinux concept is that SELinux development is only really progressing in the server area. The desktop area has not enjoyed the focus of attention yet. As a result, the extensive graphical user interfaces, like Gnome and KDE are only minimally supported. In this area, one has to do extensive research to find out if these GUIs minimise the security level of a SELinux system in a major or minor way.