Slashdot Mirror
NSA Backing Secure Linux OS Development
ColPanic writes "Looks like the NSA is gonna have a Linux OS of their very own soon. They have selected Secure Computing to develop a high security version of Linux."
← Back to Stories (view on slashdot.org)
Not to start a war, but why not OpenBSD?
Wouldn't it be better to audit OpenBSD for their purposes, since it's already designed for that purpose. Or even FreeBSD?
I asked the question because I am honestly interested in the answer, not some zealot telling me, "LINUX IS SECURE!" or something inane like that.
Is it just me or is there something wrong with this picture? The NSA, arguably one of the most secretive agencies in the US government using LINUX, one of the most open and freely available software platforms in the world today? I guess we can assume that the NSA version will not remain Open Source.
OTOH, they have kindof a history of being..uh..a bit abusive of their "friends."
For all of you that aren't as fascinated by the NSA as I am, you need to read The Puzzle Palace by James Bamford.
Remember, the GPL only requires you to give source to people you give binaries to. If Secure Computing only gives binaries to the NSA, there is no reason they need to give source to Linus.
---
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
If the NSA were to develop this in-house, which they have every right to do, then I wouldn't think they are contractually obligated to release any of the updated source code to the general public. However, if they're commissioning another company to do this, then that company is essentially selling the new version of Linux to the NSA and then, by the GPL, aren't they required to make that source code somehow available for free? My understanding of the GPL may be fuzzy, but if I remember correctly, they have to make kernel changes (which I would assume that this would probably require) available. Does anyone have details on exactly how 'Type Enforcement' works, and whether it takes any kernel changes to implement?
Of course, if they can do it without kernel changes, the point's moot.
Good for the NSA. I'd much rather see them try to hide any backdoors in open, human readable source than inside unfathomable MS-Windows. Or do they plan on having some "binary only" bits?
Perhaps the NSA realizes that making US computers more secure is better than trying to weaken everybody to help their spying.
-- Robert
From the article, it sounds like NSA is "simply" contracting to have a commercial product using already patented technology ported to Linux, rather than contributing Open Source security tools. Even if that's the case, improved non-open-source tools may stimulate the development of open-source equivalents, as illustrated by the excellent OpenSSH project.
Besides, if they want a secure UNIX, why wouldn't they go with DG/UX, which has already been rated at B2 and E2 in the USA and the UK. It runs on Intel platforms too, and would take a lot less work to get to whatever level of security they want with a lot less potential legal hassles than if they tried to build on Linux.
And somehow I don't see them willingly releasing anything as Open Source. That's just not like them.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Will this pave the way for an NSA-Linux IPO? ;-)
-----------
"You can't shake the Devil's hand and say you're only kidding."
Their "Patented Type Enforcement Security" described here sounds an awful lot like the capabilities support already under development for the linux kernel.
The scope of the "type enforcement" implies it would have to be done in the linux kernel. If so, there's going to be a serious licensing question here because there's no way that kind of change can be put in a module.
--
314-15-9265
As Michael H. Warfield points out in this linux-kernel message, it's a golden opportunity to get IPSEC into the 2.4 kernel, and US-based Linux distributors can now bundle PGP, SSH, etc., with their next versions.
Maybe the spooks (or at least, the spook-meisters) are doing a 180 turn on how to deal with cryptography distribution, from "don't let anyone else have it" to "if everyone else has it, we want it, too".
--
"But, Mulder, the new millennium doesn't begin until January 2001."
send all spam to theotherwhitemeat@ropine.com
I have a friend who's father consulted for the government. They developed a portable Gas Chromatograph setup, with lots of bells and whistles, to help them detect the production of biological and gas weapons. They used patented and copyrighted technology from about 3 or 4 commercial products, and did not have to pay any licenses, or even consult with the companies that held these patents/copyrights.
When does the government get off on patenting technology? We pay the taxes, now it wants to exclude us and maximize its profits? Damn, I always knew the US government is the world's biggest business.
I expect the intention is to make the resulting system open to the public.
1) Linux is becoming a big player in commercial network sites.
2) The government wants a secure national network. Including secure private sites. Part of the NSA mandate is to protect private citizens and companies.
3) The government is going Linux. Try estimating what the government would have to spend to "update" to Windows2000.
4) Linux is the ideal platform, with GPL released code, everybody (except those sending money to Redmond) are on an equal footing with the released code. There is no perceived government backing of private enterprise which would be the case if the NSA $ were going to Redmond.
Then I remembered a previous GPL argument, when a company had made -internal- changes and did NOT have to make the changes public, as the GPL does NOT cover these.
The NSA version would fall into the same category, I suspect, with contractors deemed a part of the same organisation, as far as the GPL is concerned. Always assuming the contractor developed any of the secret stuff. The NSA has more than enough top people to code that part themselves, just to make sure there isn't a GPL conflict.
Then, I wondered why they didn't branch off from OpenBSD. That's already mostly secure, there's a good base to work from, and it's stabilty is phenominal. Then I realised. They've probably already GOT ultra-secure versions of OpenBSD for PC-based, single-processor servers, but Linux isn't just for PC's or just for one processor.
If you want a lightweight system that'll run on embedded devices (such as wiretaps), massive-scale multi-processor devices (such as extreme number-crunchers eg: code-crackers, etc), or obsolete hardware (such as stacks of IBM S/390's) then Linux is the one to go for. It's ideal for such functions and such platforms. OpenBSD, etc, would require too much work to make them both multi-processor and multi-platform -enough- to be useful in a meaningful timeframe.
This isn't to start any kind of flame-war, but I'm sure OpenBSD is used in it's primary environment (because it's GOOD), and Linux is going to be used everywhere else (because it's GOOD -and- THERE.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Grep /usr/src/linux/drivers/net/znet.c...
Linux makes a whole lot of sense for NSA as it is stable, free, and runs beowulf quite well. Beowulf maybe to crack codes?
Anyone seen someone from NSA at a Linux meeting (DOD?)?
NT only made C2 when NOT on a network, and there may have been some funny stuff going on. B2 is needed for multi-level security stuff (secret, confidential, and unclassified on the same machine). Does this code provide B2.
As for GPL, they would only have to release their patches to ones using their code -- so long as it is inhouse, they don't have to release it. OGA could use it too, but the OGA would have to be able to get the code. They could even make the patches classified and no one outside their sphere would have access, GPL or no GPL.
Man, talk about a version conflict...
=================================
ERROR 10948:
Red Flag Linux detected. You did
not see this error, and troops have
been dispatched to your location, you
filthy traitor. Remain seated and your
death shall be quick and painless.
=================================
-- RED, WHITE, AND BLUE FLAG LINUX
"Yes, we're developing a distribution.. but if we told you anything more we'd have to kill you (and the binaries)."
Read more closely. They allow you to post the source-code. The binaries appear to be another kettle of fish...
Take a look at a longer description that I got from Frank Hecker in email.
Cheers,
Ben
My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
According to this summary of Sidewinder's system, the only way you can get this level of access is by booting the "administrative kernel", and when the administrative kernel is running, all network connections are disabled. While running the normal "operational kernel", every process can be restricted to handling certain file types and system calls. This way, for example, your netnews server and FTP server can have administrators who can't access one another files or processes. If, say, a Belgian spy compromises your netnews administrator's account, the spy still couldn't send out anything over FTP.
--
"But, Mulder, the new millennium doesn't begin until January 2001."
send all spam to theotherwhitemeat@ropine.com
If I modify the Linux kernel so that it works with a PCI card that I built in my basement, am I required to give people the source?
NO.
However, if I modify the Linux kernel and give it or sell it to other people, THEN I have to give them the full source along with that. There's no rule that says I have to share--I can keep my modifications to myself, as long as I don't give anyone the binary, either.
Of course, it would be Really Nice of them...
WMBC freeform/independent online radio.
I haven't been able to get through to their website. Do you think its the slashdot effect? They may get the wrong idea and suspect there is a massive DoS attack going on.
Work for Change & GET PAID!
I'm not sure he quite understood what was going on, but the company also works with their own variant of OpenBSD, which is supposedly even more secure than the original due to how they've separated certain sections of the OS from interacting with each-other. I don't claim to be an insider though, this is just what I've been told.
-----------
"You can't shake the Devil's hand and say you're only kidding."
It only makes sense if you think about it.
0. They have access to every line of code, so there are no surprises(unlike some OTHER OSes which has problably been burning them from time to time for years.)
1. They are still using an OS with strong features.
2. They can also see the source for every single app they decide to use(or not to use)
3. Now that there are multiple wordprocessing/Office packages out there which are able to handle MS Office's formats, the biggest complaint of all the nay-sayers from within has lost its footing.
From NSA's standpoint, this will finally give them control over the operating system on thier computers. They have probably had this in mind for years and only been waiting for Linux to mature to the point that it was highly useful and definitely beyond the point of losing its momentum. I can only see good in this right now(I have blinders on) because once NSA developes this, all the other branches of govornment will tend to jump on the bandwagon with them. Lets face it: that will only be good for Linux, having all those users in the govt being forced to use Linux at work. Then many will use it at home, too.
Drop me a line at:
Key ID: 0x54D1D809
My point is this: don't treat this like it's anything other than a regular company. They'll be releasing the source if they make any changes to existing software. They have to. If they don't, they're in violation of the GPL -- and that's a different story altogether.
-----------
"You can't shake the Devil's hand and say you're only kidding."
Secure Computing, from all indications, is probably the best of the major firewall/security vendors to have gotten involved with this sort of project in terms of "with-it-ness" and overall technological knowhow.
This project is probably something Secure Computing themselves were interested in already. Most of their products are run on heavily-modified versions of BSDI 1.x, for which they purchased a source license many years ago, which means they carry along all the baggage of what sort of hardware compatibility that ancient version has, namely very little at this stage in the hardware game. (For example, the last time I was around to help set up a Secure Computing firewall, we had to dig up an old ISA Adaptec 1542 SCSI controller for the box.) I'm sure they were just waiting for one of the FreeOS's to reach a state of stability that they could grab the sources and mod them to work for their own uses. I would guess that they picked Linux over one of the BSD's at this point based on hardware compatibility or market share as opposed to strictly technical reasons since they obviously have people who are very familiar with the BSD kernel on-staff already.
It will be interesting to see what they do with any mods they make to the kernel, since I predict they'll be using their hardened Linux kernel as the base for new product lines in the same manner they're using their hardened BSDI kernel now. Since they'll be shipping binaries to customers, the GPL will require them to also ship source code, unless they manage to figure out how to harden the kernel strictly using modules, which I don't see as possible.
-=-=-=-=-
-=-=-=-=-
My mom's going to kick you in the face!
It is interesting to see this news coming out when finally we are seeing US lawmakers trying to ease the use of encryption. So does this means that NSA decided to "if you cannot win them, join them"? Maybe. And that will be funny. Because then we are starting to face Open Source not as an outsider but its opponents. IBM is here (and some IBMers smiled at me a year ago when I said that IBM would join the bandwagon...). Intel, Sun, Apple, AT&T, Cisco are, with some caveats, here. Thousands of companies, corporations and individuals are here. Governments and state institutions are coming into it...
Novell seems on the outside somehow. It started with good intentions but nothing seems to move there. Strange when Noorda's second child, Caldera, is one of the big players. Microsoft seems to make one step further, two steps back all the time since 1998. A few seem to step back into old methods. But the fact is: Open Source is now the main software player.
Maybe that's the whole point. The NSA isn't just about keeping security out of the hands of Americans. They have for a long time assisted American buisness in keeping their information secure as they regard this as helping national security. If they release an open source secure OS then a lot of researchers are going to be intrested and their intrests in securing American buisness will be furthered.
The GPL apply to the case somebody modify a GPL'd software and sell it with/without the sources and try to forbid the user to redistribute it further, but I wonder what the GPL would say in this case.
If the NSA asks this company to make a secure Linux and buy it from them they can keep the sources for them but is their a loophole in the GPL allowing the NSA to make them sign a contract not to sell it to anybody else?
I don't say there is such one because I haven't read the GPL inn a long time but I wonder if their is a loophole in the case of the buyer trying to restrict the producer and not the other way around (goal for which the GPL was thought).
Anyone has got a clue???
"The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers." Bill Gates,
Not exactly offtopic, but obliquely connected - I've always thought things like this, the govt adopting, deploying, using an OPEN software referance model, would be the best way to solve the MS 'monopoly' problem without resorting to draconian 'break 'em up' or worse measures, kinda like all the technological 'spin off's' we got from the Space Program.
Boojum
try { do() || do_not(); } catch (JediException err) { yoda(err); }
I was a former employee of SCC, and I may partially agree with your statement, however that was in the past.
The CEO was a corrupt bugger and inflated the stock price and sold tons of stock.
Now there's a new guy in charge (formerly from Intel who is very well respected) as of last April, and he has been doing an amazing job turning the company around.
Take a look at the stock price today.
Their unix firewalls and authentication products are very good, but have very poor marketing and sales. The NSA and Air Force must like them as that's what they use.
The people I knew that worked in the penetration testing were some of the smartest folks I have ever met.
A little background.
I've been consulting, installing, and using Secure Computing's Sidewinder firewall for about 3.5 years now, which includes the "Patented Type Enforcement Technology". Here's the skinny..
Type enforcement was developed by Secure Computing to be run on a Motorola mini computer system for the NSA about 10-15 years ago. This was specificly designed to be a system to hold both classified and non-classified information, with both classified and non-classified users.
What type enforcement does is create a series of domains within the context of the operating system. Each file and user is assigned to a domain, or a series of domains, and cannot pass domain boundaries, unless explicitly allowed. Attempting to cross boundaries will result in the offending application being killed by the system kernel, the attempted logged, and alarms rung.
The important thing here is that the domain permissions and rules are set in the kernel itself, and changing those rules requires a recompile. I know that Secure Computing was working on a 'type enforcement lite', where the rules were enforced by a userspace daemon, but I hadn't seen anything about that for quite awhile.
Sidewinder is a damned effective firewall, due to the type enforcement. Even if someone breaks a proxy or service running on the outside of the firewall, you still haven't breached the firewall, since there is no logical path to the inside domains or the internal ethernet card, except through a series of named pipes between dual IP stacks (one for the 'outside' and one for the 'inside'). Breaking through those is extremely non-trivial, since every time you touch the wrong domain, you get kicked and logged.
Type enforcement is real, and it's been around for a very long time. And works very well.
jf
If the NSA wants TEed BSD, they already can get it from Secure Computing. Secure's Sidewinder and SecureZone firewall are hardened versions of BSDi. Very groovy, by the bye, at least Sidewinder is. Ergo, they have a BSD. They want Linux. Probably because someone Up There thinks Linux is the cat's pajamas. Prognosticating the future since the end of the First Galactic Empire, -Hari
oops - messed it up last time! Doh!
at this url: http://research-cistw.saic.com/cace/dte.html
(Hope that someone reads down far enough to moderate this up). The site has a good explanation of what DTE is, but I don't know how active they are.
They have a patch against 2.2.13, which was created on Dec 13 1999. So its not too out of date, though it will have to be forward ported to 2.3 I suppose...
Maybe the NSA should be spending their money elsewhere - or maybe they should clue up to what open source is all about.
I wonder what is covered by the patent Secure are so proud of?
Others have pointed out that an insider could simply sell/distribute the NSA Linux, and that the NSA wouldn't be able to do much about its further distribution.
But, if they keep the source code in a very secure place, and separate from most of their computers (which would only contain the binaries), then anyone who tried to disseminate the binaries could be sued by the NSA (since they have the copyright on their "derivative work") over GPL violations.
The NSA would simply claim that the GPL prohibits distribution of the binaries without the source code, and before anyone got the chance to reverse engineer the binaries, the NSA'd prosecute anybody caught distributing said binaries for software piracy.
Kind of a disgusting loophole... if anybody could come up with any passage from the GPL (or copyright law) that contradicts this, I'd sleep much better tonight!
-Hypr Geeque
Stay up hacking each weekend. Sleep is for the week.
Just some corroborating evidence. . .
The NSA may be able to pay the contracting company enough money that they won't want to distribute the code, but if they do distribute, the NSA doesn't have recourse to retaliate under the GPL, since the GPL forbids a more restrictive liscense from being imposed on GPLed code or code linked against GPLed code. It's probably irrelevent, though, since the NSA can always resort to national-security concerns and trample the people's rights that way. It's worked in the past.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
The GPL prohibits the use of code-obfuscation programs, but that doesn't mean they have to make their code particularly friendly to read, either. Maybe they have something really really subtle in mind. Or maybe they're actually sincere. Remember, this version is for THEIR networks, and they'd be insane to compromise those.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
National security or not, if what you say does happen then it violates the 5th amendment's guarantee of compensation for government takings and which doesn't make an exception for national security. It ought to be easy enough for the government to compensate owners for their intellectual property without necessarily explaining how the intellectual property is being used or even which property is used.
I have some idealism in me yet. Wait, I can feel it draining away; slowly, slowly, done. Ah, cynicism, my dear friend, we meet again. How're the wife and kids? Mine'll all die, I see that now, even the ones I don't have yet. Personal rights and liberties? No, this is government work. Constitutions as a means of restraining government which by its very nature is unrestrainable? Justice Marshall got it wrong, I see that now. I can see a lot now. I think I hear a knock at my door. Ah, two young men in blue hats. They want to talk to me. I'll be back soon.
NO CARRIER
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
There is another ongoing NSA Secure Linux project. It is being done by the Computer Security Research Division at NSA. They are attempting to port the Flask Security Architecture to Linux. Flask is a policy-flexible OS security architecture.
Their Secure Linux project page is available.
-----------
"You can't shake the Devil's hand and say you're only kidding."
The press release brags about "Secure Computing's patented Type Enforcement technology". Clearly, to make this work they need to put their type enforcement stuff in the kernel. However, the GPL in Clause 7 specifically states
This means that Secure Computing must grant a royalty-free license to all direct or indirect recipients to use their patented technologies in Linux kernels. Other clauses of the GPL forbid them from restricting redistribution. So are they giving up hope of making money on their patent? Do they know this?
An A1 rating of a high-rated system is worth reading. This gives you an idea of what it takes to get it right. At the lower levels, it's easier; Microsoft NT 4.0 with service pack 6A plus a "C2 hotfix set" finally got a C2 rating (the lowest offered), after years of failed attempts. Microsoft had to use the new "outside evaluator" system to do it, rather than having NSA itself do the evaluation. The difference is that NSA only gives you two tries to pass. You can pay an outside evaluator to let you try again and again. NSA allows this at the lowest security level to encourage vendors to try to meet the minimal C2 requirements.
It makes a lot of sense for NSA to fund an effort based on Linux; they'll get something they can run on popular hardware. But some major kernel changes will be needed to get into the B levels. (NSA never had much interest in C-level systems.)
I've been out of that world for a long time now, but from 1978 to 1982 I worked on KSOS, an early NSA-funded attempt to build a secure UNIX-like OS. The original design was done at SRI International, and we at Ford Aerospace implemented it. It eventually worked, but was too slow. It was for PDP-11 machines (0.5 MIPS, 64K address space per process), and was implemented in Modula I, since C was considered unsafe even back then. The combination of an inefficient Modula compiler and a small address space ruined the thing; we had to cut out speed optimizations to make it fit. This was one of the first systems designed against the Orange Book criteria, which, incidentally, started life as Grace Nibaldi's master's thesis.
BSD Unix, incidentally, was viewed as hopeless from a DoD security standpoint. The kernel was far too complicated. A rewrite in Ada was considered in the early 1980s, but rejected. The DoD view at the time was that BSD was a dead end, and Mach was the future. They wanted something at least as secure as Multics, which was a system from the late 1960s rated at B2 in 1985. But that's another story.
$ su - root /usr/src/linux
password:
# cd
# grep NSAKEY *.c *.h
ACCESS DENIED
# crap
bash: crap: command not found
giggle
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
"The club cannot (under GPL) restrict anyone from doing so."
Not quite. NSA employees are bound by secrecy laws and most certainly will be prosecuted for revealing secrets. Modified Linux would be one of them.
Outside the govt/military sphere, employees can be sued for disclosing their employers secrets. Unless the company authorizes publication, it can fire and sue people.
-- Robert
Basicly, they've already done this very thing to OpenBSD - Sidewinder firewall. Lotsa military bases use it. It's based on OpenBSD.
I've used OpenBSD, and I have found linux much easier to use. While for a company, you would just hire some guy who already knows the system, here you have to train them on it (or contract a civilian, who can't be deployed during contengency). So you have to use systems you can train people on easily, because (in the air force at least) an airman is only on station for between one to three years, and may change jobs two or three times during that period. I'd rather train them linux than OpenBSD, just 'cause non-geek airmen will probably understand it better.
Those who can't do, teach. Those who can't teach either, do tech support.
Was just curious about the NetBSD thing. I do know he can be rather brusque at times on the mailing lists, but shrug :) He doesn't pretend the system is for newbies/cluebies/doesn't have time for people asking FAQ'ed questions.
Open Source. Closed Minds. We are Slashdot.
hmm.. IANAL.. but it seems to me they contracted an outside corporation, secure computing. Secure computing doesn't keep the secure OS internal, which IMO means they release it. And release means the viral nature of GPL kicks in.
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
There's _already_ a project that's most of the way to B-level functionality. It's at http://www.rsbac.de/ and it already works.
I think we should question the use of our tax dollars to reinvent this wheel when there's an active *FREE* implementation already most of the way done that doesn't use patented technology.
Paul
http://www.pauldrobertson.com
Their job is to hunt down government contracts and get them.
I would guess that SAIC probably competed against Secure Computing to get the contract. Obviously, if they did, they lost.
My possibly true assumption : SAIC bid, possibly using their own tool as evidence of their prowess. For whatever reason, the NSA *still* passed them up on the deal.
Jack Valenti and the MPAA are to technology as the Boston strangler is to the woman home alone
I don't have a copy of the GPL to hand, but I think the wording and intent is that free licenses to use the patented technology must be distributed along with the GPL'd software and source code.
That is to say, if some patented technique is incorporated into YetAnotherLinux, then anyone who recieves a copy of YetAnotherLinux is automatically licensed to use the patented technology and redistribute it under the GPL.
Therefore I don't think this is a particularly great cause for concern - though some components may be patented, the company that incorporated them into the kernel in the first place has effectively given up the rights over the patent in the GPL domain.
Pretty clever contract, that GPL.....