Slashdot Mirror
IBM Running Linux On Secure Hardware
Schmad writes: "IBM announced at LinuxWorld today that IBM Research and Cryptographic Appliances have Linux running on FIPS 140 Level 4 hardware. Imagine, Linux running in a totally secure environment!
Peter Gutmann, father of the crypto toolkit cryptlib, has some things to say about it here."
Internet postage meters
eh? I thought it was a hoax...
Seems more and more IBM stories....
Must be a good company.
Now I can finally go to bed...
I would just like to take this moment to thank IBM for their continued support of free software. :-)
Deliver yesterday, code today, think tomorrow.
As a key product for secure e-business, its main applications are financial-related solutions, such as electronic coupon dispensers, Internet postage meters, intellectual property protection (web subscription services), signatures for digital documents and certificate authorities.
So this new hardware will allow for the protection of intellectual property, which in turn will allow for cesorship and government control over the internet. This doesn't sound like good news to me.
I guess it finally proves once and for all which operating system is more secure. Windows can go cry in the corner.
since when do 'totally secure environments' exist? oh right..
they don't!
totally secure environment!
Hands down linux is better than MS but totally?!? unless the box is in hell, unpluged from anything and protected by lava it aint TOTALLY secure. don't ever forget that. you'll thank me later, trust me
Does anyone actually have a Java program designed to control air traffic, or for the operation of a nuclear facility?
By running Linux, it enables much easier migration and porting of applications into the secure environment than with the current CP/Q operating system
So, um, would CP/Q be the fifth version of CP/M? That would certainly explain why they found it lacking...
--
Mod up a post Rob doesn't like and you'll never mod again
One word: COOL.
No seriously, it's really neat that Linux can be used in an environment designed for maximum security. This kind of thing (despite the IP-hating people's snyde comments) is probably "the future" of e-commerce (if there is going to be any, See Also: Dot Bomb). It takes a lot of entropy to do SSL on a very active secure web server like the E-Commerce places do.
This shows that Linux can in fact deal with the things that are needed for businesses to succeede on the Internet (along with all the other things being done, clusters, apache, etc). When they are all combined, I think the result will be "kick-ass".
--MonMotha
IBM Research Demonstrates Linux Running on Secure Cryptographic Coprocessor
IBM Research has demonstrated Linux running on the IBM 4758 secure cryptographic coprocessor, a hardware security module. This is the first general purpose operating system (OS) running on a secure coprocessor. The IBM 4758 cryptographic coprocessor is an advanced, tamper-sensing and responding, programmable PCI card. Its specialized cryptographic electronics, along with a microprocessor, memory and random number generator are housed within a tamper-responding environment to provide a highly secure subsystem in which data processing and cryptography can be performed.
By running Linux, it enables much easier migration and porting of applications into the secure environment than with the current CP/Q operating system. As a key product for secure e-business, its main applications are financial-related solutions, such as electronic coupon dispensers, Internet postage meters, intellectual property protection (web subscription services), signatures for digital documents and certificate authorities.
The Linux-based IBM 4758 also offers significantly better performance, including eight times improved communication latency and four times faster throughput, over the current custom OS based product offering. In addition, Linux provides better support for new features, which are not supported by the custom OS such as running multiple potentially hostile applications on the same 4758 coprocessor card and allowing cross card communications that enables load balancing among multiple cards.
IBM Research developed the 4758 coprocessor hardware, along with its internal operating system, secure configuration and bootstrap software, and custom software development tools that can run on multiple platforms, including all IBM servers and non-IBM servers, about five years ago. By creating the Linux version, IBM hopes to provide Linux developers the opportunity to create high security applications, and to encourage such development and interest in industry. We are working on making this software package available as a free download for existing 4758 coprocessor users. Parts of the Linux port were jointly developed with Cryptographic Appliances, Sacramento, California.
The 4758 secure coprocessor was the first device ever to earn the highest possible certification for commercial security granted by the U.S. Department of Commerce's National Institute of Standards (NIST) and the Communications Security Establishment (CSE) of the Government of Canada.
For further information, visit the IBM Research Mycroft Website at
http://www.research.ibm.com/mycroft
It's been said before, and will certainly be said again, but there is no such thing as a "totally secure environment." The best realistic target is "an evironment which will cost more to penetrate than the contents are worth." It's important to maintain feasable security expectations.
There's a famous quote about the only secure computer being turned off, buried in concrete, protected by nerve gas and armed guards, and still not quite secure enough...
how to make your own ultra-secure box:
buy hardware, install anything, disconnect all access to the internet
The Slashdot Effect: A new for
As cool as it is, it's hardware like this that will make it impossible to control our own computers - It will make content controll almost unbeatable, and turn personal computers into unfathomable black boxes. Into black boxes that are not beholden to us, the purchasers, but to others who wish to controll the use of our computers. Hardware will increasingly become an inscaleable wall, and we will have lost controll.
bleah..
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
Apparently, the PCI card itself detects (physical?) intrusion attempts. What exactly it does when an attempt is made would be nice to know..
Does it shut down?
Send a pack of dogs with bees in their mouths for you?
High amperage electrical shock?
Immediately, and permanently bond itself to the intruding device/intruder?
Explode a packet of purple paint?
So while that sounds good and all, it still is a PCI card. Is this a "Linux as an OS" product or a "Linux Embedded" product?
Linux running in a totally secure environment
You mean that Linux runs on a powered-off PC cast in concrete? (That's the only totally secore environment I know)
Opus: the Swiss army knife of audio codec
Are any of us really secure? The only way something is totally secured is if you never write it down.
Seems like there has been alot in the news latly about Linux. I for one am happy about it. I know the BSD guys are going to rip me apart. I am a MCSE MCT and I am glade to see a product that is over hyped losing its market share. I work with 2k in the classroom and server room everyday and I am here to tell you it blows. IT is good for running games and that is all. With IBM and others getting behind linux we all have a better brighter tomarrow to look forword to.
It's 11.3 mb for the Windows 2000 install of IE6. Look at the joke that is Netscape 4.78 - 25 mb for a non standards-compliant, buggy, crash-prone browser.
Plus IE6 blocks third party cookies, so slashdot can't add you to thier web-surveillance ad-click network.
omigosh..
..please do go through http://www.gnu.org
Please do refrain from such ill informed posts ok?
At Slashdot we have a reputation to keep.
Even anonymity cant save you from our collective wrath. And if you care to
That will take care of ur ignorance.
**
I can get a mobile version same thing by tying my Agenda VR around the neck of a pit bull.His rate is actually quite competitive with that of a well-trained security specialist.
My tight wet pussy is a Totally Secure Environment
IBM is an R&D company, they don't need to produce to make money, they rather rely on the royalties they get on each patent they may "rent" to their customer.
Actually this is the most secure way to make money as you can still rely on what you already patented.
Trolling using another account since 2005.
No GPL is evil. It's communism not democratie as is BSD.
The Penguin is taking over the W-O-R-L-D.
In 10 years everything will be GPL. Every bit of information I consume, and interprete, I have to give back to the community. Nah, I'll go for BSD.
That's *real* freedom without limitations.
In the article, it says IBM will make the port available for "existing 4758 coprocessor users". So, since you're all so quick to bitch at people for the slightest possibility of a so-called GPL violation, will you also bitch at IBM if the entire software kit is not freely available to *ANYONE* who wishes to look at the source?
With all the latest excitement regarding IBM's latest Linux stunts, I haven't seen a single one of the
Just my 2 cents....
"We'll need 2000 crickets, 4 cans of Easy Cheese, and the fluid from 18 glowsticks for this plan to work...." - ph0n1c
This is simply a continuation of an established progression, i.e. open source the traditionally proprietary internal workings of specialized devices.
Check out http://www.networkrobots.com/ for a functionally similar development on the router side of things.
Hopefully this will continue to happen, but the production run of this IBM thing is not large enough to justify a slashdot piece on this. (no offense intended) If the linux-router-thing (above) takes off, that would be big.
It's a line from that famous fat-ass sage, Homer Simpson. Read the quote in all its glory.
Also quoted here (Homer actually shouts the line, or at least says it frantically, so the CAPS are not out of order..):
"ARE YOU GOING TO SEND THE DOGS, OR THE BEES, OR THE DOGS WITH BEES IN THEIR MOUTHS, SO WHEN THEY BARK THEY SHOOT BEES?" -Homer Simpson
Regards,
Stephen
There was no such thing as OpenSource in 1994. The term wasn't coined until 1998.
The main three *BSDs (FreeBSD, OpenBSD, NetBSD) all use at least 85% of 4.4BSD-Lite's source code,
And the concept of getting it right the first time eludes yuo? New does not always mean better.
FreeBSD's C2 security certification is horrible.
Neither FreeBSD or NT has a C2 security classification. The classification is granted not to software but to a specific hardware and software combination. NT's is on a couple Pentium class Compaqs running a particular release of NT 3.51 that aren't connected to a network. Real relevant.
NetBSD, I'm afraid, is dead before it got off the ground.
It's not just admirable, it's useful. The other BSD projects can feed off the work the NetBSD team does. Bugs show up when software is ported to other architectures.
OpenBSD's filesystem is extremely slow, ... No real help is given to new users and such an elitest attitude is suicide.
The OpenBSD team don't tolorate stupid people (which I can perfectly understand) and this comment signifies yuo as one. From the OpenBSD FAQ (strangely hidden in the section on performance tuning):
Question: "I simply do "mount -u -o async /" which makes one package I use (which insists on touching a few hundred things from time to time) usable. Why is async mounting frowned upon and not on by default (as it is in some other unixen) ? Surely it is much simpler and therefore a safer way of improving performance in some applications ?"
Answer: "Async mounts is indeed faster then sync mounts, but they are also less safe. What happens in case of a power failure? Or a hardware problem? The quest for speed should not sacrifice the reliability and the stability of the system. Check the manpage for mount(8)."
Yuo have obviously made no attempt to find out why it was so slow or posted a question plainly explained in the FAQ and got flamed for it. Yuo are the one at fault here. Not the OpenBSD community. I personally quite like Theo's attitude. He's a total pain in the arse but it's all in the name of security.
Maybe yuo should stick to yuor NT point and drool interface and get cracking on updating yuor MSCE to W2k.
Somebody please slap me for feeding the trolls.
Nerd: Derogatory term typically directed at anybody with a lower Slashdot ID than you.
I'm looking forward to play with such a device.
How long will it remain secure?
I think the best thing would be if part of the Linux kernel is embedded in the crypt-hardware. (Don't panic, you can flash for a new kernel image.)
Anyway, I think that would be a lot more secure.
Please correct me if I'm wrong here!
42 + 1 = 42
I sure hope that this isn't running RedHat 6.2.
Jokes aside, secure hardware is useless when combined with insecure software -- and so far it seems that the software part has been a much bigger problem.
Tarsnap: Online backups for the truly paranoid
Ok...no network, no keyboard, no floppy, no CD-ROM, and locked up in a sealed room. Totally secure!
What else (or something completely different) ?
Also, how does Linux fit in the picture. It is used to run the co-processor (??) or to run a box including a general-purpose processor and the co-processor?
Ciao
----
FB
Perhaps before strings of "it's not this or that in terms of security", you should read the white papers on the IBM 4758 design, so you at least understand the issues before making broad and sweeping comments.
More importantly, being able to run something like SE Linux inside of a piece of tamper responsive hardware that has isolation mechanisms offers the ability to securely run software in places where it can't be physically assured. Even for things like data center applications, the possibilites are broad.
I'm sure it comes complete with the HIV virus.
If you use Linux, please help development of Autopac
News stories like this one always tend to cloud the real issue. I admit, it's neat that Linux can run on an advanced tamper-resistant co-processor. But honestly, from an overall security perspective that's not really that interesting.
A processor like this just provides yet another way to do "reliable" digital signatures. Such signatures are getting increasing legal status. The real security threat is the fact that it's not really the user that is doing the signature, i.e. the RSA calculations, it's the device. Regardless of how secure the device is, if a trojan horse fools the user into giving his PIN to the device, the trojan can then make a legally binding "digital signature" using a "totally secure device". On any document of the trojan's choosing.
If you thought identity theft was bad, think again.
The BSDs are doing fine, but their core teams tend to be arrogant f*cks, which puts people off.
BeOS had ultra-arrogant-french Gassee in charge. It did the amiga thing of Great OS / Bad Management. This is especially tragic because it was a worthy successor to the Amiga (and was based largely upon it).
QNX is fantastically powerful, and still very popular in really life-or-death realtime applications.
AtheOS is not particularly mature, but is coming along nicely.
Windows isn't really one OS, but a family of incompatible OSes, none of which O very well.
Personally, I'd like to seemore intersting OSes like EROS covered more often. EROS is what an OS should be.
Now, I can run a secure version of Linux behind a decent firewall and keep my secret key on that, but what stops the feds from breaking into my house whilst I am at work a sniffing it straight off the hard drive. I could perhaps keep the key on a PDA or some sort of dongle and lug it around with me, but I could always be "mugged".
Bottom line. Is this IBM doo-hickey tamper resistant against the average thief or can it keep the feds at bay? As the DMCA (and forthcoming EUCD) makes more and more of us into potential felons this sort of issue is becoming increasingly relevant.
BTW, how much do they cost?
This rather defeats the whole purpose: if you allow a "hostile app" (read: an application you don't control, don't have the source for, and don't trust implicitly (e.g. Windows)) to run on this card, you have just thrown the security of the card out the window. The whole idea is that the crypto functions take place in a secure environment where everything can be trusted. If you want to run Realplayer or something, run it on the host CPU, not the card!
Second, the nit. I work with secure comms products, and the term "zeroize" has always grated on my ears: You zero the keys, you randomize the keys, but you don't "zeroize" them. This is a typical case of the government type making up a word because it makes him sound more important. Yes, I know full well that "zeroize" is the accepted term in secure comms, but it still sounds stupid!
www.eFax.com are spammers
everytime you see the word(s) "OS", substitute with the word "ship" and it's a promotional ad for the Titanic. Think of the possibilities....(we've got a movie in the making)
Has someone been reading too much Heinlein?
We use IBM 4758s at work. They're a huge pain to deal with - we've had a bunch spontaneously die. Apparently the earlier boards were more sensitive to pressure and things like that, and they just gave up on life as a result.
The difficult thing about programming these boards is all the states they go through in the lifecycle of getting code securely loaded. There are a million different utility scripts to change the state of code trust.
I'm curious to see how linux handles all this secure code loading stuff. Let's hope it's easier.
(Not that I'm disparaging these boards. What they do is really amazing, as far as they can assure you that your secrets inside will never get out and the code that you have running there is your code.)
Sounds like a simple PC locked in a safe surrounded by Plastic explosive would be a cheaper option...
It's funny, they spend billions to make a "secure" hardware platform while you only have to spend a few million and common knowlege to make a generic platform secure. -- Put the PC where no-one can get to it, inside a faraday cage, and shoot anyone that comes near it.
pretty darn simple to get a secure computer.
Do not look at laser with remaining good eye.
Okay, how does a tamper proof enclosure protect you from crappy software ie buffer overflows?
thats hilarious. Could I just sit places and twiddle my fingers as if I was on a computer. You could also exclaim from time to time, "FUCK, I GOT HACKED." If people think oyu are crazy they tend not to hack you.
________________________________________________
Englisch Bitte!
It isn't like these cards and systems were running windows before you know. This doesn't prove anything in that department. What it does prove is that IBM feels the linux kernel is superior to their proprietary one. Still a nice feather in Linux's cap but not a 'wind0ze is sux lol' situation.
Saw the thread, headed out to the machine room with digital cam. Pics of the outside here Anyone have pics form the inside of a dead one?
Imagine a Beowolf Cluster of THESE!!!
Among physical and electronic tampering detection and reaction (zeroing out the memory upon detection), and the requirment that data on the device doesn't leave the device (like secret keys, etc), you get detection against enviornmental attacks such as super cooling the device in an attempt to disable or disarm other tamper detection.
So if your IBM 4578 gets stolen, recovering the data there in will be that much more difficult.
Nor at all, the insurance costs of having C4 material and the chance it may explode in the field is absurd. This device is great for financial institutions...who coincidently would not buy anything that had explosives in it.
:)
From what I read, IBM doesn't seem to sell this to end users (yet?), it was developed by their R&D arm which probably means it's a kick-ass device that will not get as much marketing buck as it should.
Come on commercial, level 4 device for under $10k, it's cheaper than buying a safe and having it installed