Star Lab’s Titanium Security Suite offers the most robust Linux system-hardening and security capabilities available on the market today for operationally-deployed Linux systems. Designed using a threat model that assumes an attacker will gain root (admin) access to your system, the Titanium Security Suite maintains the integrity and confidentiality of critical data and configurations while assuring operations.

simplifies mandatory access control

Denies by default access to protected entities even from root-level users

Controls and restricts direct access to system hardware resources, such as peripherals and storage devices

Prevents malicious modifications of system BIOS and firmware

Enables secure software updates                      

Encrypts and authenticates MAC policies as part of the secure boot process

The Titanium Security Suite simplifies Mandatory Access Control (MAC) policy creation, requiring only policies for protected applications, libraries, scripts and data files.

Enables OS hardening + Attack surface reduction

Disallows unsigned module loading or process debugging

Removes Kernel functionality and features      

Eliminates the chance of hardened configurations being modified or bypassed in the field

Titanium Security Suite removes unnecessary OS functionality which could help an attacker analyze system configuration, execution flow and protected applications.

remains secure during Runtime and rest

Enforces runtime protections such as debug prevention, copy protection, unauthorized reading of memory and protection against the unauthenticated loading of code into protected applications

Authenticates protected entities, verifying that they have not been altered, and only decrypting files as needed (decryption keys are protected and stored out-of-band from attacker)

Ensures sensitive applications, data files and configurations are cryptographically bound to particular deployment hardware, defeating any effort to copy and run applications on non-authentic or instrumented hardware

Cryptographically authenticates data and configuration files before permitting access by protected applications

The Titanium Security Suite never sleeps, protecting sensitive data, configuration files, and executables during runtime and rest.

Provides comprehensive certifications and compliance

Titanium is currently under evaluation against a total of four distinct Common Criteria (NIAP) protection profiles for both file-based and software full disk at rest / data at rest. Additionally, Titanium enables customers to rapidly and affordably address the majority of their technical IA / cybersecurity controls with a single product.


White Paper: Guidelines for Securing Combat Systems