DSEC Platform v1.0 — Early Access

Security-First
Application Hosting Platform

Enterprise-grade container hosting built on hardened Rocky Linux with mandatory SELinux enforcement, AppArmor profiles, and zero-trust policy architecture — managed through a bespoke, elegant interface.

Request Early Access Explore Platform
Rocky Linux 9.x
SELinux Enforcing
AppArmor Active
CIS Hardened
dsec-platform — security audit
dsec@platform:~$ dsec audit --full --verbose # Initialising security layer scan... SELinux enforcing mode: ACTIVE AppArmor profiles loaded: 247 / 247 Kernel hardening (sysctl): COMPLIANT Rootless container runtime: ENABLED Network policy isolation: ENFORCED Unencrypted port 8080: REVIEW CIS Benchmark score: 97.4 / 100 Security level: HARDENED Threat surface: MINIMAL dsec@platform:~$
97.4
CIS Benchmark Score
Zero
Trust Architecture
247
AppArmor Profiles
<2ms
Policy Enforcement Overhead
Security Architecture

Defence in Depth,
by Design

Every layer of the DSEC platform is engineered with a security-first mindset — from the kernel upward.

01
SELinux Mandatory Enforcement
SELinux operates in enforcing mode at all times. Custom type enforcement policies scope every containerised workload, preventing privilege escalation and lateral movement.
selinux enforcing
02
AppArmor Profile Engine
Bespoke AppArmor profiles are automatically generated and enforced per container, limiting filesystem access, network capabilities, and system call surface to the minimum required.
apparmor profiles
03
Rocky Linux Hardened Base
Built on Rocky Linux 9.x with full CIS Level 2 benchmarks applied. Kernel parameters tuned for security, unnecessary services stripped, and cryptographic policies enforced system-wide.
cis level 2
04
Network Isolation & eBPF Policy
Each container occupies a private network namespace. eBPF-based policy enforcement monitors all egress and ingress traffic with per-process granularity, blocking unauthorised flows in real time.
zero-trust networking
05
Encrypted Storage & Secrets Vault
All persistent volumes use LUKS2 encryption at rest. Application secrets are managed through an integrated vault, injected at runtime with no plaintext footprint on disk.
luks2 + vault
06
Immutable Audit Log
Every privilege use, configuration change, and container lifecycle event is captured in a tamper-evident, append-only audit journal — providing complete forensic trail and compliance evidence.
audit framework
Platform Architecture

Layered Platform,
Unified Control

A coherent security stack from kernel to interface — each layer hardened and verified before the one above is permitted to operate.

Proxmox-Inspired Orchestration
Familiar container and resource management concepts, rebuilt with a security-native architecture and mandatory access controls baked in from day one.
Portainer-Class Simplicity
A bespoke, elegant web interface puts the complexity of the hardened platform behind clean, intuitive controls — no CLI expertise required for day-to-day operations.
Docker-Native Workloads
Deploy any container workload with confidence. DSEC enforces security contexts at the runtime level, independent of image configuration.
DSEC Web Interface
UI / UX
REST API + Auth Gateway
API
Container Orchestration Engine
ORCHESTRATION
Docker Runtime + Namespace Isolation
RUNTIME
SELinux + AppArmor + eBPF
SECURITY
Hardened Rocky Linux 9.x Kernel
OS BASE
SECURITY POSTURE
HARDENED
Platform Capabilities

Everything You Need
to Host Securely

From deployment to monitoring, DSEC provides a complete, hardened hosting environment.

CAP / 01
Bespoke Management Interface
A purpose-built web dashboard designed for clarity and efficiency. Deploy containers, monitor security posture, manage network policies and inspect audit logs — all from a single, elegantly unified interface.
  • Real-time container health & metrics
  • Visual security policy editor
  • One-click deployment with security defaults
  • Integrated audit log viewer
CAP / 02
Rootless Container Runtime
All workloads run without root privileges. Container processes are mapped to unprivileged user namespaces, dramatically reducing the impact of any container escape scenario.
  • User namespace remapping
  • No privileged containers by default
  • Seccomp syscall filtering
CAP / 03
Policy-as-Code
Define security policies in declarative YAML. Version-control them alongside your application code. DSEC validates and applies them atomically, with rollback on violation.
  • Git-integrated policy pipeline
  • Policy drift detection & alerting
  • Atomic apply with rollback
CAP / 04
Multi-Tenant Isolation
Strict tenant boundaries enforced at the kernel level. Each tenant's workloads are isolated by SELinux MCS labels and separate cgroups v2 hierarchies — shared infrastructure without shared risk.
  • MCS label-based separation
  • Independent network namespaces
  • Per-tenant resource quotas
Built on proven, open foundations
Rocky Linux
SELinux
AppArmor
Docker
eBPF
LUKS2
CIS Hardened
Early Access Programme

Ready to Host
Without Compromise?

Join the DSEC Platform early access programme. We're onboarding a select group of security-conscious teams who demand more from their hosting infrastructure.

Request Early Access Learn About Us