Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Backing Secure Linux OS Development

Posted by emmett on from the nifty-keen dept.

ColPanic writes "Looks like the NSA is gonna have a Linux OS of their very own soon. They have selected Secure Computing to develop a high security version of Linux."

12 of 275 comments (clear)

  1. Pre-emptive strike against cluelessness by FascDot+Killed+My+Pr · · Score: 5

    Remember, the GPL only requires you to give source to people you give binaries to. If Secure Computing only gives binaries to the NSA, there is no reason they need to give source to Linus.
    ---

    --
    Linux MAPI Server!
    http://www.openone.com/software/MailOne/
    (Exchange Migration HOWTO coming soon)
    1. Re:Pre-emptive strike against cluelessness by nevets · · Score: 5

      Back in March, I talked to RMS himself on this very topic. And the original poster is correct. RMS stated that he is concerned that those that receive software have the same rights to that software (because they bought it or what not) as the one that gave it to them. If I wrote software for you, then you must have the same rights to sell that or give it away as I did. So, my take from this, is that you must give (not restrict) the rights to those that you distribute it to. If you only distribute it to one person, or company, than that person/company doesn't want to give it away, then noone has to.

      I mentioned the way I do business with my company, to RMS. We sell software to our customer (usually the government) and we give them the source and the rights to modify that source (just like GPL) but they don't in turn give it to anyone else, although we don't restrict them from doing so. He told me that, that is custom programming and he has nothing against it. The GPL would not affect that at all, except if the government wanted to imposed their own license.

      So, in theory, you can have a little club of people that have some modification of the Linux kernel that no one else can see. But all it takes is one person to give it away to anyone to destroy that. The club cannot (under GPL) restrict anyone from doing so.

      Steven Rostedt

      --
      Steven Rostedt
      -- Nevermind
  2. IPO by horsie · · Score: 4

    Will this pave the way for an NSA-Linux IPO? ;-)

  3. Wow by Foogle · · Score: 4
    I actually just talked to these guys on the phone today, regarding performing a security audit of our company. They're really with-it, especially about Open Source stuff. The NSA has been running their software for years now, and now they're moving towards Linux and OpenBSD.

    -----------

    "You can't shake the Devil's hand and say you're only kidding."

  4. if you can't beat 'em, join 'em by sethg · · Score: 5
    The latest draft of the US cryptography-export regulations let you post open-source crypto software without any government review or license; all you need to do is send the government the URL where it can be downloaded. These regulations are scheduled to go into effect tomorrow.

    As Michael H. Warfield points out in this linux-kernel message, it's a golden opportunity to get IPSEC into the 2.4 kernel, and US-based Linux distributors can now bundle PGP, SSH, etc., with their next versions.

    Maybe the spooks (or at least, the spook-meisters) are doing a 180 turn on how to deal with cryptography distribution, from "don't let anyone else have it" to "if everyone else has it, we want it, too".
    --
    "But, Mulder, the new millennium doesn't begin until January 2001."

    --
    send all spam to theotherwhitemeat@ropine.com
  5. Licencing thoughts and issues by jd · · Score: 4
    At first, I couldn't understand why the NSA would want to do this. Linux is GPLed, and they'd have to make any changes public.

    Then I remembered a previous GPL argument, when a company had made -internal- changes and did NOT have to make the changes public, as the GPL does NOT cover these.

    The NSA version would fall into the same category, I suspect, with contractors deemed a part of the same organisation, as far as the GPL is concerned. Always assuming the contractor developed any of the secret stuff. The NSA has more than enough top people to code that part themselves, just to make sure there isn't a GPL conflict.

    Then, I wondered why they didn't branch off from OpenBSD. That's already mostly secure, there's a good base to work from, and it's stabilty is phenominal. Then I realised. They've probably already GOT ultra-secure versions of OpenBSD for PC-based, single-processor servers, but Linux isn't just for PC's or just for one processor.

    If you want a lightweight system that'll run on embedded devices (such as wiretaps), massive-scale multi-processor devices (such as extreme number-crunchers eg: code-crackers, etc), or obsolete hardware (such as stacks of IBM S/390's) then Linux is the one to go for. It's ideal for such functions and such platforms. OpenBSD, etc, would require too much work to make them both multi-processor and multi-platform -enough- to be useful in a meaningful timeframe.

    This isn't to start any kind of flame-war, but I'm sure OpenBSD is used in it's primary environment (because it's GOOD), and Linux is going to be used everywhere else (because it's GOOD -and- THERE.)

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  6. Patriot by Signal+11 · · Score: 4

    Man, talk about a version conflict...


    =================================
    ERROR 10948:
    Red Flag Linux detected. You did
    not see this error, and troops have
    been dispatched to your location, you
    filthy traitor. Remain seated and your
    death shall be quick and painless.
    =================================
    -- RED, WHITE, AND BLUE FLAG LINUX

    "Yes, we're developing a distribution.. but if we told you anything more we'd have to kill you (and the binaries)."

  7. Actually they don't allow that by tilly · · Score: 4

    Read more closely. They allow you to post the source-code. The binaries appear to be another kettle of fish...

    Take a look at a longer description that I got from Frank Hecker in email.

    Cheers,
    Ben

    --
    My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
  8. Experience with "Type Enforcement"... by John+Fulmer · · Score: 5

    A little background.

    I've been consulting, installing, and using Secure Computing's Sidewinder firewall for about 3.5 years now, which includes the "Patented Type Enforcement Technology". Here's the skinny..

    Type enforcement was developed by Secure Computing to be run on a Motorola mini computer system for the NSA about 10-15 years ago. This was specificly designed to be a system to hold both classified and non-classified information, with both classified and non-classified users.

    What type enforcement does is create a series of domains within the context of the operating system. Each file and user is assigned to a domain, or a series of domains, and cannot pass domain boundaries, unless explicitly allowed. Attempting to cross boundaries will result in the offending application being killed by the system kernel, the attempted logged, and alarms rung.

    The important thing here is that the domain permissions and rules are set in the kernel itself, and changing those rules requires a recompile. I know that Secure Computing was working on a 'type enforcement lite', where the rules were enforced by a userspace daemon, but I hadn't seen anything about that for quite awhile.

    Sidewinder is a damned effective firewall, due to the type enforcement. Even if someone breaks a proxy or service running on the outside of the firewall, you still haven't breached the firewall, since there is no logical path to the inside domains or the internal ethernet card, except through a series of named pipes between dual IP stacks (one for the 'outside' and one for the 'inside'). Breaking through those is extremely non-trivial, since every time you touch the wrong domain, you get kicked and logged.

    Type enforcement is real, and it's been around for a very long time. And works very well.


    jf

  9. DTE for linux - available as a patch! by listen · · Score: 4

    oops - messed it up last time! Doh!

    at this url: http://research-cistw.saic.com/cace/dte.html

    (Hope that someone reads down far enough to moderate this up). The site has a good explanation of what DTE is, but I don't know how active they are.

    They have a patch against 2.2.13, which was created on Dec 13 1999. So its not too out of date, though it will have to be forward ported to 2.3 I suppose...

    Maybe the NSA should be spending their money elsewhere - or maybe they should clue up to what open source is all about.

    I wonder what is covered by the patent Secure are so proud of?

  10. Other NSA Secure Linux work by LnkStern · · Score: 5

    There is another ongoing NSA Secure Linux project. It is being done by the Computer Security Research Division at NSA. They are attempting to port the Flask Security Architecture to Linux. Flask is a policy-flexible OS security architecture.

    Their Secure Linux project page is available.

  11. Some NSA secure system history by Animats · · Score: 5
    NSA has funded a long series of special-purpose secure systems, many of which are on the Evaluated Products List. Unfortunately, many of the more secure systems were developed for unpopular platforms, such as Wang, Unisys, and Data General hardware.

    An A1 rating of a high-rated system is worth reading. This gives you an idea of what it takes to get it right. At the lower levels, it's easier; Microsoft NT 4.0 with service pack 6A plus a "C2 hotfix set" finally got a C2 rating (the lowest offered), after years of failed attempts. Microsoft had to use the new "outside evaluator" system to do it, rather than having NSA itself do the evaluation. The difference is that NSA only gives you two tries to pass. You can pay an outside evaluator to let you try again and again. NSA allows this at the lowest security level to encourage vendors to try to meet the minimal C2 requirements.

    It makes a lot of sense for NSA to fund an effort based on Linux; they'll get something they can run on popular hardware. But some major kernel changes will be needed to get into the B levels. (NSA never had much interest in C-level systems.)

    I've been out of that world for a long time now, but from 1978 to 1982 I worked on KSOS, an early NSA-funded attempt to build a secure UNIX-like OS. The original design was done at SRI International, and we at Ford Aerospace implemented it. It eventually worked, but was too slow. It was for PDP-11 machines (0.5 MIPS, 64K address space per process), and was implemented in Modula I, since C was considered unsafe even back then. The combination of an inefficient Modula compiler and a small address space ruined the thing; we had to cut out speed optimizations to make it fit. This was one of the first systems designed against the Orange Book criteria, which, incidentally, started life as Grace Nibaldi's master's thesis.

    BSD Unix, incidentally, was viewed as hopeless from a DoD security standpoint. The kernel was far too complicated. A rewrite in Ada was considered in the early 1980s, but rejected. The DoD view at the time was that BSD was a dead end, and Mach was the future. They wanted something at least as secure as Multics, which was a system from the late 1960s rated at B2 in 1985. But that's another story.