Slashdot Mirror

← Back to Stories (view on slashdot.org)

SELinux Panel at FOSE in Washington

Posted by timothy on from the battening-hatches dept.

Tony Stanco writes: "Newsforge has an article on what happened at the Security Enhanced Linux panel in Washington about certification under the Common Criteria for Information Technology Security Evaluation standard."

5 of 73 comments (clear)

  1. Windows is secure??? by NOT-2-QUICK · · Score: 4, Interesting

    From the article:

    "Microsoft is currently trying to get the EAL4 for its Windows 2000 OS, and Dean argues that for Linux to be competitive at places like government agencies, where security ratings are used as a big evaluation tool for buying technology products, SELinux also needs the EAL4 rating."

    While I can certainly understand the value derived through attaining a prestigious security rating such as this and truly advocate this undertaking as I believe it will benefit OSS as a whole, I have a hard time believing that is a necessity in terms of staying competitive with M$ Windows.

    With the rather suspect security record (to say the least...) of the Windows operating system, I could never fathom a security conscious sect of the government ever selecting Windows in lieu of a POSIX compliant OS such as Unix (or Linux, FreeBSD, etc...) that is designed specifically with security in mind. Even more, I would be quite suspect of any organization that would actually certify the operating system as being secure!!!

    Though Windows 2000 may win in a consumer-based market or even that of a commercial world due to it many bug-ridden features, these same traits open it up for failure any truly security conscious environment...

    At least, that would be my view on the matter...

    --
    Beer is proof that God loves us and wants us to be happy. -- Benjamin Franklin
    1. Re:Windows is secure??? by wannabe · · Score: 4, Informative

      According to the NSA Commercial Product Evaluations for Trusted Systems CD (September 2001), Windows NT service pack 6 with the C2 security patch is the spec on the M$ Product.

      According to the documentation, not only does the product have to pass muster, but the company must have the financial viability to support the testing. The financial health of the company must be good enough so that there are no serious doubts about its long term existence. Apparently the NSA doesn't want to certify a product, bring it into deployment and then have the company fold. That I can see being the biggest hold back to a Linux Distro being certified.

      All this information is free on the web. Do a search for rainbow series on google and you will find a link to the nsa site. There's also a number you can call and get a copy of the specs sent to you on cd on Uncle Sam's dime.

      --
      "Draw them in with the prospect of gain, take them by confusion." Sun Tzu
  2. Linux Security Modules (LSM) by Crispin+Cowan · · Score: 4, Interesting
    Note that the issue of getting SELinux from being a patch to Red Hat to being a truly generic solution is part of what the Linux Security Modules (LSM) project is all about: provide a module interface for the standard Linux kernel that can load a variety of modules, including SELinux. We are close to ready to propose the LSM patch for inclusion into the Linux 2.5 source tree. We maintain up-to-date LSM patches for both Linux 2.4 and 2.5.

    Crispin
    ----
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Immunix: Security Hardened Linux Distribution
    Available for purchase

  3. NSA pushing open source for government! Thanks! by i_want_you_to_throw_ · · Score: 4, Interesting

    Being a government contractor (Army) I totally welcome this.

    I am in a NT shop and have a lonely Linux box that I managed to get in because I was able to show a couple of apps that the front office greensuiters thought were really neat and they said I could put one up (hooray!).

    I was depending on providing more and more functionality as my sole method of bringing in more Linux, but now I can just go to the green suiters (who know NOTHING of technology) and say "Look, NSA did this".

    Being good military men, I can hear them now "If it's good enough for NSA, no problem".

    Like the poster on Newsforge said "I never thought I'd say this but 'Thanks NSA!'".

    If you're in government and trying to push more open source, this may be just the 800 pound gorilla you need in your court.

    NSA quite possibly may do more for open source in government than anyone. Sure is going to help my case out!

  4. Secure vs. secure by snopes · · Score: 4, Informative

    As hinted at in another post here, there's a difference between what's certified and what individual practioners would see as accurate. The reason is the individual practioner sees systems applied in real world scenarios and these don't necessarily have anything to do with certification standards. For instance, Cold Fusion and IIS problems are simply not a factor in evaluating the OS even though in the case of IIS it's arguable as to whether this should be.

    Additionally, you need to understand just what is being evaluated at the different levels. As mentioned, WinNT was given C2 certification. Understand that this has everything to do with a particular feature set (fine grained ACLs primarily) and little to the with the penetrability of the system. Actual pen testing doesn't become a requirement until B1, IIRC.

    The type of security that many are trying to achieve now (secure design, design verification, secure distribution, etc. i.e. security from the start) really doesn't come into play until A1 and that's the highest level of security deemed practicle in the TCSEC.

    If you read the Orange book all the way through, what you'll see is that the majority of the security is intended to be achieved via mandatory access controls, subject and object labeling, and the careful application of these concepts. Each level has a new set of requirements for how much of the system is submitted to manadatory access control, whether the TCB (trusted computing base) is a subsystem of a greater insecure system, modularity and seperation of duties, etc. Much higher level system design issues and features, really. Until B2, B3, and really A1 IMHO there's only basic and passing concern with what we're coming to realize as the one true requirement of security engineering: security from the start. Secure design, verification, implementation, and review.

    I haven't closely studied the Common Criteria and the handful of protection profiles yet, but I suspect you'd find the same or a similar issue. These are evaluation criteria and they tend to be focused on evaluating a stated set of features and capabilities. In high security environments product certification is not a replacement for careful product evaluation by the end user/customer any more than skills certification (e.g. Cisco, MS certs) is a replacement for careful interviewing and skills assessment by a hiring manager.