Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Inside?

Posted by michael on from the maybe-they-could-have-a-little-swirly-logo dept.

Newsforge has an article covering a talk given by two of the developers working on NSA's security-enhanced Linux. It seems the NSA has plans to offer kernel code to implement mandatory access controls, a level of system control which goes beyond the normal user-based permissions. Sure, the code would be vetted thoroughly before it could ever make it into the kernel, but....

13 of 157 comments (clear)

  1. We don't need NSA's assistance by proberts · · Score: 3

    The RSBAC project has had MAC compartments for well over a year- no US Government help required. It also supports role-based computing, the European Privacy Model, and is a framework for developing new security models.

    http://www.rsbac.org/

    RSBAC is already there, an NSA sponsored project doesn't seem to have much additional value to me- seems like they should spend my tax money on something that's not a "me too" project. Maybe they could help Verisign hand out certificates? ;)

    Paul

    --
    http://www.pauldrobertson.com
  2. They're helping Linux because... by crovira · · Score: 3

    The NSA is better served with an open-source OS where they know where the divots are and they can fill them in than with an OS so riddled with holes that it has given rise to an industry based on closing the barn door after the virus-ridden, work-eaten, horse has died.

    They'd rather make it uniformally hard to crack so that ONLY somebody with the resources of the NSA could attempt real-time decription.

    Remember, security consists at least as much of keeping your cards close to your chest as of getting a peek at what the other guy is holding.

    The 'Net is evolving into something that will use biometric information to grant (and track) access and to encrypt and decrypt. 64 bits on every desk top and a finger pad for authentication and a microphone for further authentication and as part of the UI.

    All mathematical algorithms have a fundamental security hole. Anything that depends on computational difficulty to maintain security will be cracked with sufficient resources. PGP isn't if your foe has tens of thousands of processors.

    Biometrics are fundametally existential. They are enormously wide keys that are reproducable and verifiable. Using them for encryption insures that you KNOW who the intended recipient is. Using them for decryption insures that you know who the sender was. They are based on what you ARE not just on what you, and anyone else, can know.

    --
    MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
  3. Re:This is a Good Thing by WNight · · Score: 3

    Well, Mandatory Access Controls are a good thing for security, but they don't do anything vs. the NSA. MAC just means that you don't accidentally forget to secure a file, and that you don't accidentally lessen security on a file without knowing it.

    This is seperate from encryption. The NSA could come and take your HD with a MAC-enabled filesystem/OS on it and read all the files, by simply sticking the disk in another computer and reading the raw data.

    But it'll make the computer more resistant to penetration. This wouldn't stop the NSA, they'd come through the front door with guns (and FBI agents) and simply take the computer, access controls be damned.

    It helps 'us' by making 'our' (I'm not in the USA) country's computers more resistant to foreign spying, and lets them establish a secure OS (unlike Windows where it's hard to say what the source of a particular version is) that they can use for medium to low security jobs. (Beyond which you simply use the airwall method.)

  4. Does it matter where it comes from? by theCoder · · Score: 3

    If it's a good idea, run with it!

    I think that this has great potential, though it will probably slow down the system some (the article mentions anywhere from 1% to 10% slowdown). Sure, that wouldn't be great for my 133 running Linux, but a faster computer probably won't notice too much. I assume that it can be turned on and off as desired by the admin.

    If it helps to make Linux better, I really don't care if the NSA came up with the code (if fact, I'd probably trust their code to be more secure, especially if they start using the result).

    --
    "Save the whales, feed the hungry, free the mallocs" -- author unknown
  5. If you can't trust the NSA, reverse engineer it. by Terri416 · · Score: 3
    Personally, I doubt that NSA's SE has a back door in it.

    1) They posted under their own name, not anon.

    2) They posted tech info on how it works, helping anyone who wants to find a backdoor.

    3) They're really not that stupid. Honest.

    It's far more likely that this is a cheap trick to help them sneak a back door in later; partly by wasting good paranoid community coders on an obvious red rag, but also by building trust through honest code. You can't stab someone properly unless they trust you first.

    If you really don't trust them, do a 2 part project:

    1) Read everything about SE, then write a full spec of it's API and operating principles.

    2) Write a clean version to the spec and GPL it. Preferably the coders for part 2 should not have seen the NSA version.

    You don't have to trust them if you don't want to.

  6. This is a Good Thing by starseeker · · Score: 5

    Ok folks, put paranoia aside for a second and consider rationally what this actually could mean. If they are going to commit the code to open source, that almost certainly means they don't dare try any tricks. Any tricks that they could hope to put in would have to be extremely subtle. As such, they would require a great deal of effort. Like all of us, their time is limited. And if their efforts were discovered, always a distinct possibility with open source, all that effort would be wasted since open source software is much more easily updated. Doesn't make any sense. Remember also, that *nix users are generally some of the more computer savvy users around. If you're going to try tricks, they're generally not the target you want to try them on. Windows users are on average more cooperative.

    Then there is the other option - that they are sincere, they want a really secure operating system, they like the design and abilities (as well as as the lack of licensing issues) associated with Linux, and they are scratching their own itch for a really secure system by contributing this design and code. Once in a while the public interest happens to work well with some professional agendas. They may see Linux as a good group of people to harden the code with.

    Consider, also, that if they are sincere with Linux users hammering on it they could probably create a STRONG solution, stronger than most other free software programmers. These guys know how it works. This could be a golden opportunity.

    Geek dreams are made of things like super secure systems. I'm excited by this. Also, I think the threat, if any, is minimal If worse come to worse, Linus could include a compile option to not build it in - although I doubt it would be necessary. Let's give them the benefit of the doubt, examine the code carefully for both our benefit and theirs, and do some cool stuff with it!

    --
    "I object to doing things that computers can do." -- Olin Shivers, lispers.org
  7. Mandatory Access Control vs fine-grained security by Frank+T.+Lofaro+Jr. · · Score: 4
    The article seems to muddle those 2 concepts together. They are different things.

    Mandatory Access Control means one user is PREVENTED even from consensual sharing of info with an untrusted user (Discretionary Access Control only stops nonconsensual information sharing).

    Fine-grained security means you can be more explicit about what rights a given process can have - i.e. something better than the current UNIX system.

    Allowing certain processes selected by the admin to, for example, bind a reserved port while not having full root privs is fine-grained security, but NOT Mandatory Access Control. They can both be good, and they can work together, but they are different.

    Mandatory Access Control is NOT a panacea - there are always covert channels to worry about. Safest thing is to allow only one security level on a given machine (e.g. no machine can have both Secret and Top Secret data on it).

    --
    Just because it CAN be done, doesn't mean it should!
  8. Welcome to the free world! by djrogers · · Score: 3

    Boys, girls, and everyone else, this is what Open Source is all about. The first test of a civilization's commitment to true freedom comes when those they dislike exercise the freedom that the civilization has fought for. Do we embrace, support, and admire this for what it is? Or will we attack the people and their actions, attempting to block their code from being addded to the kernel just because they're the enemy?
    Think long and hard about what's more important - the Freedom of Open Source Software, or is it the software itself? If the former, we must disregard any possible negative impact on the latter...

    --
    Think outside the... Hey, where'd the friggin' box go?
  9. Comment removed by account_deleted · · Score: 3

    Comment removed based on user account deletion

  10. damn javascript popups!!! by oingoboingo · · Score: 4
    It seems the NSA has plans to offer kernel code to implement mandatory access controls, a level of system control which goes beyond the normal user-based permissions...

    ...and a special unkillable kernel-level daemon that sends back the URLs of any good free pr0n sites that you find to NSA headquarters. everyone knows that all their encryption cracking research is mostly aimed at getting at usernames and passwords for the best spank-sites.

  11. Re:hidden doors by dstone · · Score: 4

    Are there provisions for dealing with Open Source "vandals"?

    I believe the primary provision is to not use their code.

  12. NSA is Helping Itself by Jucius+Maximus · · Score: 4

    I see this as benefitting the NSA in two ways: 1) They save money because they would not be paying big money for operating systems from Micros~1 or any company. And 2) They could MAKE money off of this because selling a Linux permutation that has "Official NSA Approved Security" would be a big hit with paranoid businesses who want to keep their web servers secure. If they can see and exploit this potential, then good for them!

  13. NSA Inside? So what? by John+Sullivan · · Score: 5
    Sure, the code would be vetted thoroughly before it could ever make it into the kernel, but....

    But what? In this instance their motivation is almost certainly to allow a widely available OS to be certified to a sufficient security level that it can actually be used in the same situations where certain US agencies might normally buy in NT, AIX or such.

    If they *really* wanted to plant a back door, in no way would they want their name so obviously traceable to the actual patches they submitted - they'd do it 'anonymously' and you'd never know. How do you know they haven't already done this? Or that GCHQ, or Mossad, or the Russians haven't? You have no way of knowing, but we just have to trust that any attempts at sabotage would be obvious in the source.

    --
    This is my World Wide Web of Whatever