Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Backing Secure Linux OS Development

Posted by emmett on from the nifty-keen dept.

ColPanic writes "Looks like the NSA is gonna have a Linux OS of their very own soon. They have selected Secure Computing to develop a high security version of Linux."

6 of 275 comments (clear)

  1. Pre-emptive strike against cluelessness by FascDot+Killed+My+Pr · · Score: 5

    Remember, the GPL only requires you to give source to people you give binaries to. If Secure Computing only gives binaries to the NSA, there is no reason they need to give source to Linus.
    ---

    --
    Linux MAPI Server!
    http://www.openone.com/software/MailOne/
    (Exchange Migration HOWTO coming soon)
    1. Re:Pre-emptive strike against cluelessness by nevets · · Score: 5

      Back in March, I talked to RMS himself on this very topic. And the original poster is correct. RMS stated that he is concerned that those that receive software have the same rights to that software (because they bought it or what not) as the one that gave it to them. If I wrote software for you, then you must have the same rights to sell that or give it away as I did. So, my take from this, is that you must give (not restrict) the rights to those that you distribute it to. If you only distribute it to one person, or company, than that person/company doesn't want to give it away, then noone has to.

      I mentioned the way I do business with my company, to RMS. We sell software to our customer (usually the government) and we give them the source and the rights to modify that source (just like GPL) but they don't in turn give it to anyone else, although we don't restrict them from doing so. He told me that, that is custom programming and he has nothing against it. The GPL would not affect that at all, except if the government wanted to imposed their own license.

      So, in theory, you can have a little club of people that have some modification of the Linux kernel that no one else can see. But all it takes is one person to give it away to anyone to destroy that. The club cannot (under GPL) restrict anyone from doing so.

      Steven Rostedt

      --
      Steven Rostedt
      -- Nevermind
  2. if you can't beat 'em, join 'em by sethg · · Score: 5
    The latest draft of the US cryptography-export regulations let you post open-source crypto software without any government review or license; all you need to do is send the government the URL where it can be downloaded. These regulations are scheduled to go into effect tomorrow.

    As Michael H. Warfield points out in this linux-kernel message, it's a golden opportunity to get IPSEC into the 2.4 kernel, and US-based Linux distributors can now bundle PGP, SSH, etc., with their next versions.

    Maybe the spooks (or at least, the spook-meisters) are doing a 180 turn on how to deal with cryptography distribution, from "don't let anyone else have it" to "if everyone else has it, we want it, too".
    --
    "But, Mulder, the new millennium doesn't begin until January 2001."

    --
    send all spam to theotherwhitemeat@ropine.com
  3. Experience with "Type Enforcement"... by John+Fulmer · · Score: 5

    A little background.

    I've been consulting, installing, and using Secure Computing's Sidewinder firewall for about 3.5 years now, which includes the "Patented Type Enforcement Technology". Here's the skinny..

    Type enforcement was developed by Secure Computing to be run on a Motorola mini computer system for the NSA about 10-15 years ago. This was specificly designed to be a system to hold both classified and non-classified information, with both classified and non-classified users.

    What type enforcement does is create a series of domains within the context of the operating system. Each file and user is assigned to a domain, or a series of domains, and cannot pass domain boundaries, unless explicitly allowed. Attempting to cross boundaries will result in the offending application being killed by the system kernel, the attempted logged, and alarms rung.

    The important thing here is that the domain permissions and rules are set in the kernel itself, and changing those rules requires a recompile. I know that Secure Computing was working on a 'type enforcement lite', where the rules were enforced by a userspace daemon, but I hadn't seen anything about that for quite awhile.

    Sidewinder is a damned effective firewall, due to the type enforcement. Even if someone breaks a proxy or service running on the outside of the firewall, you still haven't breached the firewall, since there is no logical path to the inside domains or the internal ethernet card, except through a series of named pipes between dual IP stacks (one for the 'outside' and one for the 'inside'). Breaking through those is extremely non-trivial, since every time you touch the wrong domain, you get kicked and logged.

    Type enforcement is real, and it's been around for a very long time. And works very well.


    jf

  4. Other NSA Secure Linux work by LnkStern · · Score: 5

    There is another ongoing NSA Secure Linux project. It is being done by the Computer Security Research Division at NSA. They are attempting to port the Flask Security Architecture to Linux. Flask is a policy-flexible OS security architecture.

    Their Secure Linux project page is available.

  5. Some NSA secure system history by Animats · · Score: 5
    NSA has funded a long series of special-purpose secure systems, many of which are on the Evaluated Products List. Unfortunately, many of the more secure systems were developed for unpopular platforms, such as Wang, Unisys, and Data General hardware.

    An A1 rating of a high-rated system is worth reading. This gives you an idea of what it takes to get it right. At the lower levels, it's easier; Microsoft NT 4.0 with service pack 6A plus a "C2 hotfix set" finally got a C2 rating (the lowest offered), after years of failed attempts. Microsoft had to use the new "outside evaluator" system to do it, rather than having NSA itself do the evaluation. The difference is that NSA only gives you two tries to pass. You can pay an outside evaluator to let you try again and again. NSA allows this at the lowest security level to encourage vendors to try to meet the minimal C2 requirements.

    It makes a lot of sense for NSA to fund an effort based on Linux; they'll get something they can run on popular hardware. But some major kernel changes will be needed to get into the B levels. (NSA never had much interest in C-level systems.)

    I've been out of that world for a long time now, but from 1978 to 1982 I worked on KSOS, an early NSA-funded attempt to build a secure UNIX-like OS. The original design was done at SRI International, and we at Ford Aerospace implemented it. It eventually worked, but was too slow. It was for PDP-11 machines (0.5 MIPS, 64K address space per process), and was implemented in Modula I, since C was considered unsafe even back then. The combination of an inefficient Modula compiler and a small address space ruined the thing; we had to cut out speed optimizations to make it fit. This was one of the first systems designed against the Orange Book criteria, which, incidentally, started life as Grace Nibaldi's master's thesis.

    BSD Unix, incidentally, was viewed as hopeless from a DoD security standpoint. The kernel was far too complicated. A rewrite in Ada was considered in the early 1980s, but rejected. The DoD view at the time was that BSD was a dead end, and Mach was the future. They wanted something at least as secure as Multics, which was a system from the late 1960s rated at B2 in 1985. But that's another story.