Slashdot Mirror
NSA Inside?
Newsforge has an article covering a talk given by two of the developers working on NSA's security-enhanced Linux. It seems the NSA has plans to offer kernel code to implement mandatory access controls, a level of system control which goes beyond the normal user-based permissions. Sure, the code would be vetted thoroughly before it could ever make it into the kernel, but....
If they can see and exploit this potential, then good for them!
Poor choice of words there.
You have no way of knowing...
Ahem... some of us can read C and actually understand it.
They can't release any binaries without releasing the source code since Linux is licensed under the GPL. I'm sure Linus and/or some of his moby hacker pals will read this code before merging it. Others will read this code after the initial merge. Most of us will understand at least most of it, some of us could probably reimplement it from scratch.
I wouldn't worry too much, but do be suspicious of authority :)
How and why wouldn't it be optional?
You guys, I swear.....
--
* CmdrTaco is an idiot.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
So? If they give us something which only they can crack, we're still a lot better of than without it. They can get in anyway. As can many others who would not be able to bypass the NSA stuff.
As long as you get to see and change the source, so there really is no need to fear the things they give you. At most it's the ones they do not give you that should worry the paranoiacs out here.
--
Linux user since early January 1992.
Score -1 for lame "all your base" joke. Hell, its already been used in a *national comic strip*, it could not be more dead. Let it go.
-reemul
everything I know, I learned by killing smart people and eating their brains
You're just jealous 'cuz the voices talk to *me*
So don't count on it always being possible to brute-force crack things.
On the other hand, with any of the public key systems, there is always the chance that someone may discover a was to compute the inverse function that is less computationally intensive than brute force. For instance, a breakthrough in factoring could render the RSA cryptosystem useless. There is no proof that such methods are impossible, though most mathematicians think it unlikely that any will be found.
1st of april already?
I very much doubt it. Listening in on phone conversations, military radios, and the like is still the NSA's responsibility, and I'd suspect that they're even *more* important now than they were before - for one thing, the massive increase in mobile phone usage must provide the NSA with all sorts of interesting information. . .
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
Removing ACLs from files does not neccessarily
mean that MAC labels should also be removed from
files? They are two different beasts - I'm not
sure why you mentioned them in the same context.
Regardless of whether the ACLs and MAC labels
are stored with the file or seperately, the
file system will still require some modification.
The NSA are proposing are different MAC
scheme to the traditional orange book,
based on various research projects and
experience. I haven't yet installed it
but I am very interested in just what
the differences are.
I think that any concern about NSA adding
MAC to the linux kernel is almost certainly
misfounded, as long as they can make it an
optional module.
There is folly and foolishness on the one side, and daring and calculation on the other. - Admiral Pellew, Hornblower
(a) It's not my project, I just like it a lot.
(b) When I went looking for security, it took
two searches to find RSBAC
(c) It's been discussed on Linux Kernel a few
times.
(d) It's been announced on comp.os.linux.announce.
Collaboration at this stage wouldn't gain much- the security framework piece of RSBAC is in place, compartments, role-based computing, the privacy model, malcode detection, etc. is already in there. An entire new project to do the same thing is very counterproductive. We'll just fire up a project without seeing what's already out there doesn't sound that feasible to me, especially from people who would supposedly be hooked on Bell-LaPadula, and follow research in that area. Finally, the RSBAC guys presented at NISSC one year (1998) when the first module (Privacy) was done, and that's NSA's own security conference.
I'm not surprised that people who probably don't look for compartmented OSen by default haven't heard of RSBAC, I am surprised when an organization which spends significant money on such commercial systems ignores three or four years worth of significant work in that direction.
Paul
http://www.pauldrobertson.com
The RSBAC project has had MAC compartments for well over a year- no US Government help required. It also supports role-based computing, the European Privacy Model, and is a framework for developing new security models.
;)
http://www.rsbac.org/
RSBAC is already there, an NSA sponsored project doesn't seem to have much additional value to me- seems like they should spend my tax money on something that's not a "me too" project. Maybe they could help Verisign hand out certificates?
Paul
http://www.pauldrobertson.com
The NSA is better served with an open-source OS where they know where the divots are and they can fill them in than with an OS so riddled with holes that it has given rise to an industry based on closing the barn door after the virus-ridden, work-eaten, horse has died.
They'd rather make it uniformally hard to crack so that ONLY somebody with the resources of the NSA could attempt real-time decription.
Remember, security consists at least as much of keeping your cards close to your chest as of getting a peek at what the other guy is holding.
The 'Net is evolving into something that will use biometric information to grant (and track) access and to encrypt and decrypt. 64 bits on every desk top and a finger pad for authentication and a microphone for further authentication and as part of the UI.
All mathematical algorithms have a fundamental security hole. Anything that depends on computational difficulty to maintain security will be cracked with sufficient resources. PGP isn't if your foe has tens of thousands of processors.
Biometrics are fundametally existential. They are enormously wide keys that are reproducable and verifiable. Using them for encryption insures that you KNOW who the intended recipient is. Using them for decryption insures that you know who the sender was. They are based on what you ARE not just on what you, and anyone else, can know.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Microsoft said Linux is un-American! It must be true!
------------------
------------------
You may like my a cappella music
Disclamer, I am a Canadian. It's the NSA's job to spy on ME because I am in a foreign country.
Due to the nature of open source, having the NSA slip a "Back Door" in is VERY VERY VERY unlikely. About the only ways I can consider this is similar to the techniques in Cracking DES and including an encryption/transmission scheme that seems secure just like DES did. (For more information, read the book.)
However, the NSA wants to keep citizens in the U.S. secure because its their job to spy on other countries. The NSA probably wants American businesses to be secure!!! Especially if foreign countrys are developing more secure solutions faster than the U.S. you better believe that the NSA is concerned!!
Anyhow, the NSA does not so much care about breaking in to a system as they do intercepting transmissions between systems. They are after information in foreign countrys, they are not out for scoring points like:
"31337 Jo3 r00t3d j00! H4R!!! 3Y3 w3rk 4 th3 NSA h4r h4r h4r!!!!"
As long as they can obtain the data that they need, and can crack/analyze it, they just don't *CARE* about owning anyone, it's not their job.
Try to hack my 31337 firewall!
Gov't applications kinda have to implement some serious access controls. Read your orange book, guys.
The end result of this may just be a B-level certified Linux kernel, which would rock the house, and WinNT's C2 certification level (which, mind you, is useless--it's a certification for computers disconnected from a network)
Returned Peace Corps IT Volunteer
it will make their job (SIGINT) and that of other Intelligence agencies more difficult
The NSA has two jobs, SIGINT is one, the other is the exact opposite -- keeping things secret on behalf of the US government (and industry).
Will the Russian government trust their secrets to a system designed by the NSA? Doubtful, even if it is hack-proof. But by building a turnkey system that immediately makes it easier for OUR armed forces and government agencies to keep secrets (with the added bonus of being able to make it available to any American corporations) is a great opportunity for them.
Also, keep in mind that the NSA has a job so long as secrets exist. The US military learned the long way that the same people who build our missile systems build missile defense systems that make them impotent. You're guaranteed a job so long as one side of the equation doesn't advance too far ahead of the other.
Its an interesting conundrum -- having two diametrically opposed requirements for doing your job, keeping secrets or cracking them? You just learn to do both better all the time...
---------------------------------------------
Recursive: Adj. See Recursive.
I seem to remember that in the early days there was a version of the gcc compiler that has secret code built into is. You couldn't see it in the source, you had to disassemble it, but it copied a part of itself into the code that it was compiling without ever going near the source, so looking at the source didn't reveal anything. Since it was used to compile itself, it didn't need to show the secret part in the source for itself.
Moral: It's happened before, so it could happen again. Don't let your guard down. (OTOH, it could be really great, so don't just turn it down, either!)
Caution: Now approaching the (technological) singularity.
I think we've pushed this "anyone can grow up to be president" thing too far.
I'll chime in with a hearty "preach it brother".
I think you nailed it. This is the NSA wanting to give back to the community. I'm not seeing the problem here.
In this case we have every capability to look the gift horse square in the mouth and make sure the teeth are all straight and pearly white (or whatever color a horse's teeth are supposed to be).
If this was any other government agency (of any other government, for that matter) we'd be embracing this.
rocketscientist.
This is part of the beauty of open source. You don't have to accept all the parts. If there is something that you don't want, take the code out. From the article, it sounds like the NSA's MAC stuff is pretty neat. But it is not something that will break your system if you don't install it. I know that as a home user I would probably never implement the functionality. On some of the servers that I manage, I might. If I were running servers taking credit cards, for instantance, I would use this feature. If someone were working for, or lived in, another country, I would really look at the code. It all depends on your point of view.
But to just say no becouse it is the NSA, well that just does not make sense at all. If you know of another, better solution for this type of code, I would love to hear it. Or if there is a better reason than "it's the NSA" please let me know that also.
an intentional buffer overflow or other common bug that they could exploit would be enough. and easy enough that it could be hidden, or another one could be reintroduced whenever needed. but NSA wouldn't do that. they'd have someone else submit that patch, so it couldn't be traced to them.
besides, if NSA wanted to backdoor systems, doing it to apache or something would work better: network traffic is normal. its easier to remotely connect, probably less eyes looking at apache than at the linux kernel.
i don't believe NSA would do this, but if they did, i think they wouldn't put some elaborate backdoor into the kernel.
-- My Sig is a P228.
I searched the biggest header files and didn't see any firmware images. Could you provide some filenames?
No, I'm suspicious as to why The Man is suddenly playing nice. No, I don't believe that the NSA has had a change of heart and suddenly believes that The People can be trusted.
Why yes, I AM a rocket scientist!
Yep, and the CIA isn't supposed to operate in the US, and the FBI isn't supposed to operate outside the US. I don't know if you're naive or I'm paranoid, but I think you're silly to discount things like ECHELON and Carnivore.
Why yes, I AM a rocket scientist!
My point is that the NSA could just come and take the computer, if they wanted. MAC might make it harder for them to hack in and get data, but if they really believed you were worth it, they'd take the computer.
But it'd raise the bar for hackers, organizations without the NSA's govermental power would have to hack in to get what they wanted and MAC would mean that they would find few easy targets.
The NSA could use TEMPEST or many other things, to see what you're doing right now. But it wouldn't show them what's in the files you don't access. And I don't really think they can break SSH/SSL, at least, not easily. I'm sure they've got far more computer power than we think, but I don't think they can trivially read encrypted data like that.
So they'd use TEMPEST and other non-invasive methods to decide if you looked like a criminal. Then they'd take the computer and prove it. (and maybe take you too...)
I know. I was attempting to just sum up the basic. If the NSA (and thus the US Gov behind them) wanted to know exactly what was on any specific computer in the USA, or anywhere they had significant influence, they'd take it. Maybe they'd have MI5 call the FBI and get them to take it, maybe they'd call up CSIS in Canada and have it taken (if it was a Canadian computer).
But the point is that large government agencies don't bother hacking into a PC to collect evidence. They simply show that you're acting suspiciously (using encryption, etc) and they come and take it. They may have to wear a different TLA while they do it, but it gets taken.
The more-secure OS thus isn't a barrier to them. But it is a barrier to smaller countries' intelligence departments as well as groups like the mafia, terrorists, etc.
So it doesn't hurt them, and gets in the way of the groups/agencies that they oppose. Win/win from their point of view.
Well, Mandatory Access Controls are a good thing for security, but they don't do anything vs. the NSA. MAC just means that you don't accidentally forget to secure a file, and that you don't accidentally lessen security on a file without knowing it.
This is seperate from encryption. The NSA could come and take your HD with a MAC-enabled filesystem/OS on it and read all the files, by simply sticking the disk in another computer and reading the raw data.
But it'll make the computer more resistant to penetration. This wouldn't stop the NSA, they'd come through the front door with guns (and FBI agents) and simply take the computer, access controls be damned.
It helps 'us' by making 'our' (I'm not in the USA) country's computers more resistant to foreign spying, and lets them establish a secure OS (unlike Windows where it's hard to say what the source of a particular version is) that they can use for medium to low security jobs. (Beyond which you simply use the airwall method.)
If it's a good idea, run with it!
I think that this has great potential, though it will probably slow down the system some (the article mentions anywhere from 1% to 10% slowdown). Sure, that wouldn't be great for my 133 running Linux, but a faster computer probably won't notice too much. I assume that it can be turned on and off as desired by the admin.
If it helps to make Linux better, I really don't care if the NSA came up with the code (if fact, I'd probably trust their code to be more secure, especially if they start using the result).
"Save the whales, feed the hungry, free the mallocs" -- author unknown
It wasn't gcc, it was the Unix C compiler (pcc I believe). It hit not only the C compiler but the login program. For more info on this, see Ken Thompson (one of the original authors of Unix)'s paper "Reflections on Trusting Trust"
He later fessed up to actually implementing this, though I can't turn up that reference off the top of my head.
Sumner
rage, rage against the dying of the light
Once they certify a given set of Linux code, could they then more quickly certify kernel patches? (since they would in effect be much smaller than the full kernel), or would the fact that they need to examine the interaction of those patches slow things down? (or would the open availability of the code speed things up?)
;-)
I could see a time when a Slashdot headline reads "Kernel 2.6.4 Certified B2" (yes... I know only specific Systems (as a whole) are certified, and not OS. Wouldn't stop Slashdot from publishing though
This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
Yeah, I'm hoping they post their solution to the
integer factoring problem soon. I like this
new, open NSA.
www.timcoleman.com is a total waste of your time. Never go there.
Last night (must have been around 9:00 pm EST), there was a report about the NSA. CNN was even allowed inside, someone in charge was interviewed (they're doing this to improve their image).
I think that show was hosted by Jonathan Mann (sp?), so maybe it was Insight. Don't have time to look it up on the CNN homepage, but if there's a rerun, watch it!
As someone who's worked on classified projects in the past, I think this is great.
When I worked on secret projects, the government requirements for different levels of secrecy really prevented people from using current software and hardware. You just didn't have the luxury. I remember doing lots of typing into 500 pound tempest-approved terminals where the thought of a workstation... well, you just had to get over it.
Think of all the techies lost in the bowels of some government projects sitting at some albatross of system just salivating for an NSA-approved version of linux that they can use... at work!
(let alone the techies that will never work on goverment projects for the same reasons.)
This doesn't apply to just the NSA, it's other government agencies/military and LOTS of outside companies that work on military projects or within their requirements.
I wonder if their perl runs with taint checking always...
That said, having a government agency that is extremely security aware submitting patches is a SCARY thing, but not for the reason you think. I can hear the Microsoft marketing machine cranking up now to spread the FUD: "Linux is now receiving submissions from the NSA, the government agency responsible for protecting National Security. Make sure you don't put your tax records on Linux!"
Turnabout is fair play -- the Linux community have been doing this for quite some time regarding Windows.
Simon
Coming soon - pyrogyra
i know this theory may sound pretty far out to some of the /. crowd - but maybe o just myabe the nsa is acting in the interest of national security. the united states has been moving more and more of its business operations online, allowing anyone in the world access to our banks, corporations, media, and everything else. we've made ourselves the world's biggest targets for computer intrusion. why wouldn't the nsa have interest in seeing u.s. companies secure themselves from this threat? maybe they'd rather see u.s. companies using secure crypto, strong policy enforcement, and mandatory access control on an open and peer reviewed platform as opposed to seeing us being overrun by russian mafia funder hackers from east germany?
Well, except spy on US citizens.
However, I agree that submitted source should be considered for inclusion. I've worked on systems that had MAC. I've always felt a need for more granular security than all(root) or nothing.
However, I have never felt that the NSA serves the constitution. More likely "National Security is more important than the Bill of Rights." Who do we allow to make this decision without checks and balances. No such agency? Where does their budget show up? If you don't consider them a threat to privacy then maybe I should contact a friend there and post what p0rn sites you've been surfing.
Oh, and BTW: Kennedy Clinton spy Ft. Meade FBI terrorist South Africa World Trade Center plutonium kibo Delta Force Qaddafi genetic counter-intelligence NORAD, CIA Waco, Texas ammunition AK-47 PLO North Korea counter-intelligence class struggle [Hello to all my fans in domestic surveillance] Nazi assassination Ft. Bragg smuggle Treasury kill bubba cigar monica John Gilmore Lennon Lenin terrorist javascript popup
Wrong. We have the source. Has there ever been a feature in Linux you couldn't say no to in rebuilding the kernel? We have the source, we have the source, we have the source, god that feels good to say. Great googely moogely Joshua, we have the source!
I'm not to sure if that was ever in GCC, but I do remember that was a backdoor that Thompson created. He had the compiler build it into the system, so that he could get in (only reportedly used it once, I believe). If you tried to take it out of the compiler's source, and recompile it with the 'bad' compiler, it would re-add it. It was quite nifty, and thus gets mentioned all the time here on /.
-----------------------------------------
"Open Source?" - Press any key to continue
I agree with these statements; however, it ignores an obvious issue. Should the NSA provide a more secure OS than is currently available through Open Source, it will make their job (SIGINT) and that of other Intelligence agencies more difficult. There is nothing preventing targets of observation from obtaining it. This would argue that the OS could be penetrated. Despite any interagency rivalries, why would the NSA make the CIA's or FBI's job more difficult?
:-)
Makes you wonder if they have something like the compiler-login trick up their collective sleeve.
I'll echo the voices of other and say that this is a Good Thing. In my opinion, the virtue of free software, and free information, is that it goes one way ("information wants to be free"). If sneaky evil proprietary co. wants to contribute to open source, let them. They haven't made the source any more proprietary - to the contrary, they have just become more open. So bring it on, NSA, FBI, KGB, super-tip-top-secret agency. I think we'll all benefit. I have a naive belief that techies are techies, and that once in a while NSA et. al. actually *aren't* trying to secretly backstab people, and are just trying to do something good.
It's 10 PM. Do you know if you're un-American?
What's yer beef? Are you worried that Linus and Alan and company are going to miss if (!strcmp(pass_entered, "N$A_ru1ez")) uid = 0; somewhere? Is the idea of NSA contributing to the kernel somehow distasteful?
Are you too proud to accept help from The Man?
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
That would be nice, considering they are largely responsible for the current lack of security. Without their opposition, encryption would be near-universal by now. Instead, you have to do quite a bit of work to set up PGP or an equivalent, have difficulty communicating with others who don't use it, and be looked on with suspicion because "obviously" anyone who goes to that trouble has something to hide.
A current example: Mac OS X doesn't ship with ssh. Even though the encryption regulations have been weakened, you still have to send in forms to the NSA to be able to distribute encryption software, and some flunky at Apple didn't get them in on time. Of course you can easily build ssh (http://www.stepwise.com/Articles/Workbench/2001-0 3-21.01.html), but many people will not. Because of the NSA's support of immoral and unconstitutional encryption laws, thousands of OS X machines will not be as secure as they should be.
How to solve most of our problems: 1.Lots of nuclear plants. 2.Cure aging.
The NSA has no motivation to release any technology that they cannot crack. It would be like the police departments handing out radar detectors.
Not really. The NSA has an interest in helping American networks more intrusion-resistant. It has an interest in preventing DDOS attacks on various nodes of the internet which will become more and more important to our way of life. It has an interest in keeping files locked up on American computers only on those computers. This is national security. If it's harder to hack their job is already easier - catching the crook is a subordinate goal to preventing the crime.
Trees can't go dancing
So do them a big favor
Pretend dancing stinks!
I'm sure that whatever the NSA has to offer would be checked pretty thoroughly before even being added to the kernel tree.
And what makes you think that fascist organizations are ineffective at preventing nuclear war or invasion of the US? The effectiveness of the NSA at doing its job is completely unrelated to the threat it poses to our liberties.
Actually, for the really paranoid of mind, the backdoor hack might not be in this piece of code but might be spread across several major patches, sort of like what the satellite broadcasters did to the descramblers recently. I'm sure that patches are audited but how well are they regression tested?
Never think that *any* statement can't have a sinister conspiracy attached to it.
DB
The NSA had its fingerprints all across several initiatives to keep encryption limited. That, IMO, puts them in my personal opposition.
DB
Nope, MAC also makes deliberate spying more difficult. Nobody can downgrade the security clearance of a document, not even its owner/creator. Thus, even if a spy somehow got access to a MAC protected file on the computer, he would have a very hard time smuggling it out of the system. MAC would make sure that he can't just e-mail it to his hotmail account, or ftp it to some non-secure site. In a properly set up MAC facility, even printers have MAC ratings associated with them: you can't print top secret documents to non-top secret rated printers. And only printers in physically secured rooms would get the appropriate rating.
A craftful spy could still get data out (copying it by hand on a sheet of paper, photographing the screen), but it would be a much bigger hassle, and it greatly augments the probability of getting caught.
Say no to software patents.
You mean the people who wrote the rest of the Linux kernel?
Ask me if I've been required to disclose any crypto keys.
Of course the government is not a corporation. And the NSA, a subset of the government is not a corporation either. But still, they need money to operate. Sooner or later, the great and glorious George Bubba Bush JR is going to wake up and realise that he can't spent all the tax money on defence. But the NSA will become used to his extra funding and will not let go of their level of money easily. Therefore, being the forward-thinking body that they are, they could embrace a new form of funding where they appeal to the general industry's desperate need for secure web technologies and make some money from their work.
Well, first off, I'm not sure that it's even legal for a government agency to conduct so much as a bake-sale, as this would place them in competition with the private sector, while still retaining the advantages of being a public sector (government) organization. I don't know this for sure, however, so I might of just pulled that out of my ass. Anyway, I think the point is rendered moot when you consider the fact that a) the NSA employs more mathematicians than any other organization on earth, and b) the NSA also purchases more computer hardware than any other organization on earth. In other words, they manage to attract and retain a large body of presumably well-salaried people despite all of the hassles involved in working in that sort of paranoiac security environment, and they blow something equivalent to the GNP of a small dictatorship on toys each year. I don't think their hurting for cash, or ever will. . .
But I may be wrong about the government being able to compete with the private sector. I'm no lawyer. Still though, it would be an interesting experiment and source of income for militaries who need the money.
Yah, albeit a scary experiment for the rest of us, if the government in question was willing to part with any of its more gruesome munitions (I'm thinkin' Russia, here . . . or, for that matter, the States, who 'deal' in military aid on a pretty hefty scale, which I guess you could argue would be a form of barter. Not like they're doing it out of the goodness of their hearts, or anything.)
Excellent post.
Lameness filters can be a pain in the ass.
willis/
there is no thing
what else could you want?
It is great to see more openness in the NSA. Their recent job fairs and other communications show a new beast. This is important, I think, because unlike the military and NASA, NSA technologies usually take a relatively long time to be released to the public. Government funded agencies usually site technology and inventions as something they will do for the long time greater good.
-Moondog
[NSA] coordinates, directs, and performs highly specialized activities to protect U.S. information systems and produce foreign intelligence information.
A security enhanced kernel is a good fit with their overall mission. A kernel with a backdoor does not fit well with this mission at all.
I'm not suggesting that these changes not be scrutizined, they should be looked at very carefully. Let's look and see what they have to offer before we make up our minds either way.
Sticking all sorts of neat security gizmos in Linux had better drive the commercial companies to keep up, or they'll end up getting left in the dust. It'll also raise the bar for the assorted free programmer camps AND provide example code that can not be embraced and destroyed by any single given company.
You're probably right to suspect that they're up to something, but perhaps this time their goals are in line with ours.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I agree though that the NSA thinks a strong defense is a good offense. But think about this: how many of the really really important stuff do you think is on a web connected machine? How much is actually sent over the internet?
None. Zip. Zero. That's not the point. MAC is primarily used by military and intelligence places. MAC is not about preventing people from rooting your system (OpenBSD is probably equivalent to a B1 or B2 system as far as penetration resistance is concerned). MAC is about preventing user A, who knows secret S, from giving it to B, who is not authorized to know S. Computer security != crypto. Having a license-free, open-sourced, B2 rated OS would be a real win for the federal government as far as costs go.
Targets using 128-bit or higher encryption- how long would that take to crack on 10k clustered machines each with 64 Alpha chips?
A very, very long time. Here's an example: say you constructed a Dyson sphere around the sun, and used _all_ of the energy you collected to power a computer whose only purpose was to increment a 128-bit counter from 0 until 0xFFFF....FFFF. That would not finish before you die (this derives from thermodynamic arguments, not current or forecasted computing power). Actually running a cipher key schedule, decrypting the blocks, and figuring out if they're the plaintext will take much more time.
128 bit crypto is "good enough", because it will be much simpler to break your security in other ways. If I want your data bad enough, I'm not going to try to brute force even a 64 bit key; I'm going to come to your house and start breaking your fingers until your tell me what I want to know. Or I'll root your systems through conventional means and trojan your binaries. Or break into your office building and replace your custom hardware with stuff that is really weak. Or (if I'm the government), arrest you and give the options: a) tell us everything, or b) go to jail for a long time. All of these options are much more economical.
The analogy commonly used for this situation is putting a giant spike in the middle of your yard in the hopes that someone will run into it (this spike is called "crypto"). It doesn't matter if the spike is a mile long or 2 miles long, if someone can walk right around it and climb through your unlocked window.
No, But I'd like my goverement to develop an OS WITH me. It's open source.= \=\=\=\=\
=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\
The point made in the article about helping out national firms is bullshit. If they release this open source, then they are helping both US firms and firms abroad, as well as anyone who would want to try to circumvent these protections.
The most likely story is that this tool is something the NSA would like to use, but is not brought to the level of functionality to make it truly secure from the NSA itself.
I do agree that there is likely no backdoor. Clearly, they would not be so stupid to put in something like mail(root_password, "password_harvester@nsa.gov"); in the code.
And imagine that they managed to put a backdoor into the code that was so subtle that it could not be seen in any localized portion of the system. Chances are, if it ever gets implemented in Linux, these subtle features will get changed enough in the process of code integration, that they will no longer be functional.
Slashdot had an article on this just a few weeks ago. And the previous article was better.
Yeah, ultra-fundamentalist Muslims frequenting places where pornography is distributed... Next thing you know they'll be holding monthly terrorist meetings at Al's Big House of Liquor. ;-)
--
News for geeks in Austin: www.geekaustin.org
News for Geeks in Austin, TX
As a Canadian, I don't need the American NSA involved in MY operating system on MY computer. Period. Let them keep their code to themselves.
Vintage computer games and RPG books available. Email me if you're interested.
Today, any decent group (consisting of a sys-admin, a mathematician, and an engineer) could design and implement a hard, impenetrable system. E.g. Someone offers you $1MM to spec a drug cartel's computer/communication system: it isn't that difficult anymore... figure one-time pads, redundant hardened sites, physical data-distruction systems.
The offensive role is reduced to looking for errors: misconfigured systems, compromisable humans, etc.
The defensive role is similar: make it hard for aggressors to get our data due to known vulnerabilities. Put the security on a sound mathematical foundation, and educate sites to reduce the chance of physical intrusion.
It makes sense for the NSA to work on good defense: in theory, the USA is the superpower of the world. We have more to lose than anyone else if our various government and commercial groups implement their own insecure, ad hoc security systems. Release a good system, our enemeies already have them.
1) They posted under their own name, not anon.
2) They posted tech info on how it works, helping anyone who wants to find a backdoor.
3) They're really not that stupid. Honest.
It's far more likely that this is a cheap trick to help them sneak a back door in later; partly by wasting good paranoid community coders on an obvious red rag, but also by building trust through honest code. You can't stab someone properly unless they trust you first.
If you really don't trust them, do a 2 part project:
1) Read everything about SE, then write a full spec of it's API and operating principles.
2) Write a clean version to the spec and GPL it. Preferably the coders for part 2 should not have seen the NSA version.
You don't have to trust them if you don't want to.
Where did this "all your base stuff" come from?
Freedom: "I won't!"
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
For the most part, government agencies are prohibited from selling ANYTHING. Surplus Government owned or produced [physical] property must be sold of at public auction. Under the FOIA, any Government intellectual property must be given to anyone who asks for it, and they are prohibited by statute to charge anything other than a nominal duplication fee. The copyright of anything produced by the US Government belongs to the citizens of the United States.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
BZZZ, sorry. All government-produced intellectual property is in the public domain. They can't sell it to the public because it's already owned by the public. As for selling loans, IIRC that is done at public auction (just as seized and surplus property is sold). If you had the money, you could buy up federal loans yourself, providing you complied with the appropriate banking regulations.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
Secondly, NSA is not a law-enforcement agency. Their purview is electronic intelligence, period. They gather information and pass it on to other agencies. They don't arrest people. If any doors need to be kicked in by gun-toting, jackbooted thugs, the work is farmed out to the FBI or CIA.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
Under the GPL, that would indeed be the case.
It's 05.00 and I just read the original article . So I may have "misread" some details. To me it seems like a good idea, and it seems like something that has been done before. There are existing operating systems that do not rely on just user identification or program access privileges. "Old" mainframe stuff still in use and still being developed. The NSA suggestion seems to go a bit further and will enhance the safeguards. Also, if it is for Linux Kernel, you have to have the source code available. Then you'll have thousands of people examining the code (that's the theory). So, no conspiracies even if NSA is involved. Right?
Ok folks, put paranoia aside for a second and consider rationally what this actually could mean. If they are going to commit the code to open source, that almost certainly means they don't dare try any tricks. Any tricks that they could hope to put in would have to be extremely subtle. As such, they would require a great deal of effort. Like all of us, their time is limited. And if their efforts were discovered, always a distinct possibility with open source, all that effort would be wasted since open source software is much more easily updated. Doesn't make any sense. Remember also, that *nix users are generally some of the more computer savvy users around. If you're going to try tricks, they're generally not the target you want to try them on. Windows users are on average more cooperative.
Then there is the other option - that they are sincere, they want a really secure operating system, they like the design and abilities (as well as as the lack of licensing issues) associated with Linux, and they are scratching their own itch for a really secure system by contributing this design and code. Once in a while the public interest happens to work well with some professional agendas. They may see Linux as a good group of people to harden the code with.
Consider, also, that if they are sincere with Linux users hammering on it they could probably create a STRONG solution, stronger than most other free software programmers. These guys know how it works. This could be a golden opportunity.
Geek dreams are made of things like super secure systems. I'm excited by this. Also, I think the threat, if any, is minimal If worse come to worse, Linus could include a compile option to not build it in - although I doubt it would be necessary. Let's give them the benefit of the doubt, examine the code carefully for both our benefit and theirs, and do some cool stuff with it!
"I object to doing things that computers can do." -- Olin Shivers, lispers.org
Mandatory Access Control means one user is PREVENTED even from consensual sharing of info with an untrusted user (Discretionary Access Control only stops nonconsensual information sharing).
Fine-grained security means you can be more explicit about what rights a given process can have - i.e. something better than the current UNIX system.
Allowing certain processes selected by the admin to, for example, bind a reserved port while not having full root privs is fine-grained security, but NOT Mandatory Access Control. They can both be good, and they can work together, but they are different.
Mandatory Access Control is NOT a panacea - there are always covert channels to worry about. Safest thing is to allow only one security level on a given machine (e.g. no machine can have both Secret and Top Secret data on it).
Just because it CAN be done, doesn't mean it should!
Boys, girls, and everyone else, this is what Open Source is all about. The first test of a civilization's commitment to true freedom comes when those they dislike exercise the freedom that the civilization has fought for. Do we embrace, support, and admire this for what it is? Or will we attack the people and their actions, attempting to block their code from being addded to the kernel just because they're the enemy?
Think long and hard about what's more important - the Freedom of Open Source Software, or is it the software itself? If the former, we must disregard any possible negative impact on the latter...
Think outside the... Hey, where'd the friggin' box go?
Say you are a big agency watching the formation of a fairly powerful OS useful for a great many things, things that you don't want the people you're watching to have. What do you want to do? You want to undermine the credibility of the OS in the eyes of the enemy. How is this done? Simple: Contribute. As soon as the NSA has its finger in the pot countries like China will back away, at least to some extent. Very subtle, very effective. And eminently deniable.
z
I wonder if this is the kind of thing which will eventually end up leading to a major government challenge of the legitimacy of the GPL.
-Nev
But what? Do you seriously think that even the NSA could conceal some nefarious activity when the source code itself is dissected down to its component quarks by an army of suspicious über-grumps? NSA != GOD. The folks who work there, while probably very good, are drawn from the same pool as the readership here, for instance.
it'll be like windoze?
Seriously though, I'm sure the NSA has our best interests at heart
I have a shotgun, a shovel and 30 acres behind the barn.
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
Comment removed based on user account deletion
Comment removed based on user account deletion
If Linus accepted an NSA key into the kernel...
You would see the fastest code fork in *nix history.
134340: I am not a number. I am a free planet!
Why would the NSA risk tarnishing it's reputation by releasing backdoored patches to the kernel under it's own name?? Linux is open source, everybody and their mother can submit and get patches into the kernel (if they are of technical merit). I'll bet that nobody knows a portion of the people who submit kernel patches, it's the internet, it's (relatively) anonymous.
That said, having a government agency that is extremely security aware submitting patches is a SCARY thing, but not for the reason you think. I can hear the Microsoft marketing machine cranking up now to spread the FUD: "Linux is now receiving submissions from the NSA, the government agency responsible for protecting National Security. Make sure you don't put your tax records on Linux!"
Not that I believe it's particularly relevant in this case (given that anything that they contribute to the Linux kernel at large would be in source form), but I believe you're referring to Ken Thompson's classic article Reflections on Trusting Trust. This is a must-read for anyone interested in computer security.
Are there provisions for dealing with Open Source "vandals"?
I believe the primary provision is to not use their code.
I mean, come on. It's not new. We've already had at least one story on this and the interview doesn't add any real info. Trying to generate some more click throughs? Maybe the Mac stories haven't generated enough flames?
The NSA has been, since its birth, concerned with national security. Now that the "Cold War" is over, there is less of an outside threat to be concerned about. Almost any useful intel now is likely to come from the CIA.
It comes to reason that with private corporations working on some of the most secret government projects (Hell, ASCI White wasn't exactly made by the DoD), that defense has to be re-focused. And with computer crimes beginning to tax the US economy heavily, what better way to make national security investments more productive?
I'm obviously leaning onto a thin limb when I say this, but I believe that the NSA is going to become more concerned with protecting computer systems than cracking them over the next few years. After all, the aim of the govenment is to do what is most effective, and it looks like securing data may help things out more than stealing it...
Of course, the NSA may just be trying to boast a better public image with all of this Echelon stuff going on, eh?
I can't be karma whoring - I've already hit 50!
SIG: HUP
You can download the source code here:
http://www.nsa.gov/selinux/download.html
Well, actually it's patches against the Linux kernel source, and the source trees of a few other utilities...
^]:wq!^M
There is one very good thing about this development, and that is that having an NSA-approved distribution of linux will make it very tough for government agencies to say that linux doesn't meet their security needs, or that Windoze does.
Bring it on.
microsoftword.mp3 - it doesn't care that they're not words...
The NSA has some really smart people in it and they aren't oblivious to the idea of social engineering. They have to know that everyone and their mother will go the code line by line looking for any unusual functions or classes. It would be stupid to even attempt to hide something like a backdoor in their first attempt to reach out to the open source community, they have to gain a level of trust before they can even think about sneaking something in.
Right now most people would be apprehensive to say the least to run any code from the NSA without looking through it first and this general mentality will probably remain for the first few software releases from them, but at some point they will achieve some level of trust so that the amount of eyeballs looking through the code will begin to drop off. That is the point that the NSA could start sneaking in some sort of backdoor. They probably wouldn't suddenly include the entire code at first either. Maybe just a couple new lines in version 5, another 3 in version 6.5, and so on, allowing time for the people still looking through the code to see, test, and pronounce individual lines by themselves benign until they have the whole package in there.
Of course they'd eventually get caught if they tried it but probably not before some famous Linux users like China or some terrorist group had been lulled into trusting the security of the NSA's additions to the code and deploying it on their systems. I mean the NSA doesn't like in a vacume, they know about China and Germany rejecting many kinds of commercial software because of possible security problems and if the NSA has been spying though a backdoor in closed source OS's they wouldn't let a window like that dissapear without at least trying to keep it open.
This could all be a bit of needless paranoia on my part and i hope it is, but like i said earlier they got some really smart people at the NSA and if anyone could and wanted to sneek in a backdoor they could.
btw- please forgive any spelling errors
(end comment) */ }
(end comment) */ }
[an error occurred while processing this directive]
$ find /usr/src/linux -name '*.h' -exec ls -s {} \; | sort -nr | head
/usr/src/linux/drivers/net/myri_code.h
/usr/src/linux/drivers/net/acenic_firmware.h
/usr/src/linux/drivers/sound/nm256_coeff.h
/usr/src/linux/drivers/net/ptifddi_asm.h
/usr/src/linux/drivers/video/riva/nv4ref.h
/usr/src/linux/drivers/net/tokenring/tms380tr_micr ocode.h
/usr/src/linux/drivers/char/ip2/fip_firm.h
/usr/src/linux/include/asm-ia64/sn/sn1/hubio.h
/usr/src/linux/drivers/pci/devlist.h
/usr/src/linux/drivers/usb/serial/whiteheat_fw.h
540
428
308
216
192
184
176
172
164
160
Another question is that Linus will never accept binary-only code when it comes to security.
NSA: ALL YOUR ACCESS ARE BELONG TO US !!
What is the big deal with the NSA and paranoia? The whole point of open source is that it is impossible for them to slip backdoors or anything like that into the kernel. I highly doubt that even the NSA would be able to get something like that past the Linux community.
When DirectTV wanted to get rid of all the hackers, it did it one tiny bit at a time. One little code change here, one little code change there. Everyone thought they were all useless, small things. A couple months later, the last one goes in. BANG, all the hackers systems die. I would think that these changes, no matter how small they seem, should be looked at in their total effect, because the NSA is thinking in the long term (as always).
-Spackler
Slowly wasting all that Karma I built up!
In the unlikeley event that the NSA did start selling "approved" firearms, I'm sure all of the ignorant corporate types, in an attempt to protect their businesses would immediately arm themselves and stand guard over their R&D Departments and Web Servers ;-) (j/k)
Of course the government is not a corporation. And the NSA, a subset of the government is not a corporation either. But still, they need money to operate. Sooner or later, the great and glorious George Bubba Bush JR is going to wake up and realise that he can't spent all the tax money on defence. But the NSA will become used to his extra funding and will not let go of their level of money easily. Therefore, being the forward-thinking body that they are, they could embrace a new form of funding where they appeal to the general industry's desperate need for secure web technologies and make some money from their work.
Therefore the idea of the NSA selling their "Official" security products is not irrelevant.
(j/k = just kidding)
N.B. I'm not an American.
I think you've got a point here. But what about other nations? What if some country with a relatively shoestring budget military (i.e. Canada) goes and develops a highly secure linux? If it was GPL'd or BSD'd, perhaps there would be a legal loophole allowing the government to sell it and compete with the legal sector. Right now Canada can barely maintain its search & rescue helicopter fleet, let alone support a real military. The helicopters are 25 years old and falling apart. The military could use any extra income it can get! And I'm sure that this applies to numerous other nations, too.
But I may be wrong about the government being able to compete with the private sector. I'm no lawyer. Still though, it would be an interesting experiment and source of income for militaries who need the money.
I see this as benefitting the NSA in two ways: 1) They save money because they would not be paying big money for operating systems from Micros~1 or any company. And 2) They could MAKE money off of this because selling a Linux permutation that has "Official NSA Approved Security" would be a big hit with paranoid businesses who want to keep their web servers secure. If they can see and exploit this potential, then good for them!
But what? In this instance their motivation is almost certainly to allow a widely available OS to be certified to a sufficient security level that it can actually be used in the same situations where certain US agencies might normally buy in NT, AIX or such.
If they *really* wanted to plant a back door, in no way would they want their name so obviously traceable to the actual patches they submitted - they'd do it 'anonymously' and you'd never know. How do you know they haven't already done this? Or that GCHQ, or Mossad, or the Russians haven't? You have no way of knowing, but we just have to trust that any attempts at sabotage would be obvious in the source.
This is my World Wide Web of Whatever
The attitude of the editor is unfortunate. Are you going to judge code contribution based on a person 's job, country of origin, sex, race? What if some NSA programmers want to work on GNU projects in their spare time, is that okay with you?
Here we have a high profile agency from the US government openly accept and promote Linux, and some people seems determine to give them a hard time. Perhaps michael, after reviewing all the source code, has some concern about certin part of it. Care to share with the rest of us?
How do anyone become a /. editor anyway?
====
Codeala - Just another mindless drone
"Paranoid people live longer."
"He who has the knowledge, has the power."
Any questions?
They'll be 2-3k patches past initial updates. My mother could look them over for 'back doors'. Then it's just a matter of watching for a 'big door' by evaluating all of their patches on regular intervals. Otherwise, let them pile on the help.
unless it were made an option to supplement the standard linux filesystem permissions, couldn't a bloated addition like MAC push further towards the desktop and server market? isn't one of linux's greatest assets its ability to work well on everything from a wristwatch to a mainframe?
reech bee-yond ur clip-0n
Its not really surprising that NSA would
eventually get all upset and pout cause they don't
have complete monitoring capabilities on computers
(just the ones hooked up to the net). I'm not
really surprised that NSA is trying to "help" (themselves) with security. Because everybody knows that NSA believes in and cares about personal privacy and security for the small (or large) business or corporation!
If you want to be paranoid, why couldn't some agency (NSA or otherwise) have arranged for one of their coders to work on kernel modules and patches long ago? No one would've had any clue that a backdoor had been engineered in by such an organization.
Well here is my advice... wait until it's been tested and added offically and tested some more.
Don't get a distro from the NSA (like they are going to release one, but a distro from the US Govt sounds cool. Shady. But Cool) - wait until your favorite flavor adds this feature.
If you know what the source says then read it. If not WAIT UNTIL IT'S BEEN TESTED. And last but not least read Slashdot every five minutes to see if anyone has found something secretive.
I thought the Gov't didn't want us to have security.
(Score:17 Funny/Informative)
Get your Unix fortune now!
I recall Microsoft saying Linux wasn't secure...I guess this is the argument that can be thrown back at them. The NSA, is very secret about what they do...and they would pick nit a Operating System on security. And then went making a secure Linux...
What does that tell you about Linux security, why would the NSA be working on Linux kernel? Most likely they're using Linux on their systems, (or most likely, a OS they made for their own purposes, who knows).
Slashdot Hypocrisy at work?
I have worked with the NSA on several projects and they have never attempted to tell me what to do, the suggestions they have made have all been aimed at enhancing the security of the product.
Any code they submit is going to be vetted. I can't see them trying to slip a backdoor after the Microsoft NSA_KEY fiasco - which was a bum rap by the way.
I would suggest however that before putting in MAC access they go talk to folk like Butler Lampson who has had some additional thoughts on the subject since inventing them in the 1970s :-) Essentially Butler recons that ACLs should not be attached to files directly, the file should have a pointer to the ACL which can then be shared by several files, avoid the whole mess of inheritance that VMS got into. That approach has the additional advantage of minimizing the impact on the file system (the extra data in the file system is a fixed length field, not a variable length one).
It would also be an idea to look at the work the OASIS security technical committee is up to.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
I once had a project where we needed to code up a system very quickly that did Clarke-Wilson style access controls for chat room access - i.e. the authorizations were statefull.
So someone took a MOO engine and added in a crypto layer. This had the added advantage that when people were using the system they appeared to be playing silly games - built in steganography!
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Right, so the worry is that any NSA implemented code may contain a backdoor so subtle that even outsiders reading the source may miss it. So what about this?
The NSA provide their design for an access control system, in detail. Other , non government-affiliated coders (the more paranoid the better) write the actual code. The NSA then audits their code and confirms that it meets the specification. The government and corporations get their NSA approved secure linux, the paranoid know that no actual NSA code is in the kernel. Or wouldn't this be workable?
Is there not a branch of the governement that combine loans then resells them. The loads are student loans and home loans, FmHA ( farming loans ), Fannie mae and other simular to this ? I think that the govenrment might be able to take there own inhouse designed equipment and offer it to the public, they might have to get a royalty or they might offer it via the GPO. which ever way you look at it the government would make money off of it. ONEPOINT
spambait e-mail
my web site artistcorner.tv hip-hop news
please help me make it better
if you see me, smile and say hello.
Seems there's consensus so far that the NSA shouldn't be barred from contributing just because they're the NSA. And the comment that the whole point of Open Source is that it accepts contributions from every possible source is well taken. However, I'm curious about this idea of back doors hidden even when the source code is disclosed.
I have two questions:
Funny...
souds to me like the burglar trying to sell you burglar-proof locks.
do you really believe in this?
i don't.
NSA 's job is to collect intelligence, so they'll issue a Secure Linux they can't collect intelligence from, just to put themselves out of business. Sounds sensible.
yeah sure.
i had a sig, once..
The NSA has some very good reasons to do this. You all sit out there and say "Oh, they are just doing it to put in some backdoors so they can spy on us". Grow up. The NSA does do spying but they also have a part in protecting the assets of our nation and geuss what? Information is the most important asset in the world. The US is the most heavily spied on country in the world. Both by our enemies and by our "allies". The NSA would gain nothing but grief from trying to put in a backdoor. Sooner or later it would be discovered and they gain a worse reputation than they have now. They would also be faced with the nightmare of all these systems with a backdoor that anybody could get into and they would be responsible. They know that would mean a really pissed off Congress and NO MORE FUNDING. No agency willingly commits suicide folks. I am probably more paranoid than 99% of the people on the face of this planet but even I don't buy them trying to scam us on this one. The payoff ain't worth the cost folks. I know it, the NSA knows it, and any of you with 2 brain cells to rub together knows it.
"If there is nothing you are willing to die for, then you are not really alive." Myself
/* Back door code, added 4-1-2001 by MIB */
NSA_bd_Key = "MIB_r0x!";
NSA_data_t *pStolenData = NSA_bd_decrypt (
&hidden_data,
NSA_bd_key
);
NSA_bd_transmit ( pStolenData );
/* End of back door code */
Somehow I doubt the NSA would have code a backdoor
like the above. But many of the posters here seem
assume that it will be this obvious.
What about using inocuous "extra" data as an
accumulator and data dependant bugs to cause that
data to be sent?
How about code that makes ISN more predictable,
code that makes random seeds a bit more
predictable, etc. Unintentional bugs of this
nature have slipped through.
Why can't the NSA use code accretion to slip such
features in? The first two generations do the
first half of data theft/storage/sending, the
next two generations do the rest.
Don't assume Open Source means complete safety.
They should be required to only distribute it it source form so that they can't hide something in the compiler. I've heard thats been done before.
MOOs have been doing the type of thing the article explains for a while now by implementing task permissions based on the credential bits of the executing player object.
For programmers, error messages would have to be a lot more thoroughly thought out under SELinux. How to handle a child process not returning data because the user didn't have appropriate permission?
And when something like this happens, the entire script halts and tracebacks ^_^
Maybe the NSA finally recognized that concrete engineering is required to harden our high-tech infrastructures. We should demand more from them. For example, automatic tools for source code flaw analysis, or at least that they provide that as service for the analysis of critical internet infrastructure, such as routers,switches and DNS servers.
It is not just ACLs, just like with java, every system call can be intercepted and checked by what is called "SecurityManager" in java. Just code your own SecurityManager for SE Linux ! M$ and SUN did not buy in that concept, and so the NSA took the Guerilla tactic of taking matters in their own hands. That is the rationale behind it.
To be paranoid:
- PGP ADK bug - open source pgp has a horrible bug out in the open for years. Who was checking the code ?
To not be paranoid:
- part of the NSA's mission is to keep the nation secure, in this case keep commercial sites secure. They are most likely just doing thier job.
Or they just could have been doing thier job to allow defense computers to use linux (Defense guidelines require what they implemented)
Wow, give that man a rubber doughnut!
"Who ever heard of a suitcase being dominated by minds from an alien star-system?" -- Philip K. Dick
dy
----
dNSA
Be a Derivatater!
This could be good, but just think, the NSA watching us. I may just be very, very, very paranoid but I think William Burroughs said it best, "Paranoia is knowing all the facts". Maybe I'm just too tired o_o
You can't fight ideas with bullets - NSF Terrorist Leader, Level One of Deus Ex
Here's part 2 of the article that provides insight about NSA's security-enhanced version of Linux. It delves deeper into the code, dissecting how the security_av is computed and examines how other SE Linux security features are invoked. CEF