Slashdot Mirror
Embedded RTOS Maker Raises Linux Security Issues
drquizas writes "Embedded RTOS provider Green Hills recently delivered an address where they raised the question of whether Linux can be considered secure enough to be used in defense applications. Much of the usual FUD is present in the remarks, although an interesting question is raised regarding what defense and other government contractors are required to do in testing code (in this case anyway): is the closed code here being held to a higher standard than its open-source equivalent, and does this change the 'security through obscurity' argument?"
I know Sun had to have a special version of Solaris just to meet these needs and Solaris was already considered very secure to begin with. I can't remember if MS released a secure NT for this reason as well or if they tried to and failed.
Talking about the openess of the linux code, there's another question I always wonder nobody asks. Sure Linux is open source and that's what helps it get better but I don't see the argument in terms of cost and security. Saying "you have the source you can see how secure it is" doesn't work for me. People buy an OS because it's cheaper to spend a few hundred or a few grand per PC than it is to hire the staff to build their own OS. Having to have the staff that can review, maintain and patch their own linux kernel alone isn't easy. It's something like 1.5 million lines of code right now. People want an OS that just works and is cheaper than building one themselves.
Open Source Java DAO Generator
I half expected to see a big "Sponsored by Microsoft" sticker on the bottom of the page.
Basically this guy is recommending we entrust the security of our defense systems to the code review teams of the closed-source OS, rather than taking the time and money to do have the DOD do it themselves. Sounds like a money saver until a missile goes blue-screen and blows up a school...
If these people are so concerned about code review(which, admittedly, they ought to be), then perhaps they should be writing their own OSes, especially for imbedded systems.
MissileOS...
Green Hill seems to be making some unsubstantiated claim that open source isn't held up to the same standards as closed source, and I find that rather funny. I think the real issue is, when Green Hill approaches the FAA or whatever, the FAA will do its own testing of the source. If Green Hill's code is breakable, Green Hill is the one responsible for fixing it. But, if what the FAA is reviewing is open source, it's possible the FAA can just fix the source themselves (and avoid having to pay an outside contractor). So, Green Hill, to avoid the scenario where the FAA might be displeased with Green Hill's RTOS and switch to open source, decides on its *own* to spend $500/$1,000 per line to audit their OS.
In the end, this means to me that Green Hill believes OSS has an unfair advantage. Personally, I think it's perfectly fair for people to offer free software. If Green Hill doesn't like it, tough. Or, they can just make their RTOS so good that the FAA or some other organization will be so impressed they won't bother going over some OSS and possible having to fix bugs or write documentation. Looks like the free market to me.
PS: SAYODF == Self-Analysising Your Own Dog Food; it's like a water bottling plant bitching about there being freshwater lakes because lakes don't have to do their own quality control
Eurohacker European paranoia, gun rights, and h
I caught this story on OSNews yesterday and posted a rebuttal on my blog. This sort of thing probably doesn't carry a lot of weight with most of the defense types because the military is the very definition of mission critical, no pun intended. Peoples lives are at risk on a daily business in most jobs in the military these days. There is almost no price too high to pay for the freedom to design to specification that Linux provides.
Linux is certainly not ready to take over a lot of things yet, but it is good enough for many things that traditional defense contractors are involved with. I wouldn't trust it yet as an OS for our warships or other vehicles, but I would trust it for communication systems and things like that. For situations like that, a RTOS from a company like Green Hills may not provide enough benefit to justify the cost. Linux is free, their product isn't. They can try to get the military hooked for a while, but Linux will always be free and there are plenty of IT workers in the military who could work on existing RTOS Linux forks for military use.
Another thing that has to be kept in mind is that with the push for homeland security, the laissez faire attitude that has been prevalent toward security has to go. The miltiary wants transparency so it knows it's not getting something bugged all to hell by some Jihadi who wormed his way into Microsoft or Sun via the H1-B visa program. The Debian and Fedora teams are great for that very reason. Everything is open to public scrutiny, from the installer to every package so the military gets a chance to audit everything.
Free markets are great, but in this case the military has to perform a more core mission: defend the US from attack. If that means violating free market principles by pouring taxpayer dollars into a free OS for public use, then they should and most likely will do it eventually.
Click here or a puppy gets stomped!
Linux, in a proper definition, isn't very functional. It's the OS kernel... you're gonna need some software to go with that. So, which distro should be the "standard issue" for a military use?
Drawing a line between what's secure enough to make the grade, and what that's out there might not be trustworthy enough for "secure" use is quite a tough thing. Sure, Open Source allows the code to be reviewed... but the government doesnt have the time to do that so that's no good for them.
Microsoft can at least come forward and show a big company standing behind their product... how can Linux match that?
Keep trying. Yours may have been rejected because the one which was accepted was submitted first. Don't think that everything that hits the front page is "time sensitive" and therefore gets out right away - some things sit in queue for a while before making it out.
Getting a story posted here is like finding a soulmate-most people don't have the patience to keep trying. Don't despair, someday you'll have the exclusive on something and it will get posted!
I develop aircraft safety software, and the FAA's guidelines require that all code and tools must be certified at the same level of competency. Windows cannot be qualified as a valid development tool or environment, because it is closed source.
There are a huge number of yeast infections in this county. Probably because we're downriver from the bread factory.
I believe that being able to build on top of open source software is one of the best parts about it. Customizing an open source project, in my mind, doesn't make it a proprietary or closed source project by any means.
It is not too difficult to build your own customized OS based off Linux, even using Red Hat (Although it wouldn't be my choice of distributions to start with).
Wireless News www.DailyWireless
that they sell source code instead of compiled code just makes it even funnier and more desparately pathetic that, in their press release, they made a reference to this ken thompson paper as proof that the "many eyes" theory doesn't hold.
#define F(x) int main(){printf(#x,10,#x);}
F(#define F(x) int main(){printf(#x,10,#x);}%cF(%s))
The FAA approves software when it is written according the DO-178B specification. This specification states that software when developed must adhere to a development process.
This is defined within the D) 178b as software requirements, software specification, software design, source code configuration, and software test suites. If one changes one part then all levels affected must change as well.
Simply put a paper trail must exist for every change made in a system. It is stringent anal rententive form of development. It is costly since the amount of book keeping that must be done to incorporate changes.
This is the 'cost' that O'Dowd is refering to. In order to make a 'DO-178B' compliant version of Linux a group of developers/software house would have to:
1) Ensure that a comprehensive set of functional requirements is generated to match the desired platform.
2) Define a kernel that matches desired functional requirement. Any kernel portion that is not needed is defined out.
3) Specify the behaviour for each driver. Ensure the driver is fully specified. Work from the source and ensure that the behaviour of each execution path is documented.
4) Ensure that all changes to this build are reviewed and a paper-trail exists for all changes and changes are made for solid well documented reasons.
5) Use the documented behaviours to generate test cases that validate the documented behaviour.
It goes on and on...
There is nothing inherent within Linux that would prevent a DO-178B build to be created.
Only in the last 3 years has Green-hills has marketed a DO-178B compliant system. DO-178B as a standard has been around for I believe the last 10 years. Hmmm...
Research is what I doing when I don't know what I am doing - Werner von Braun
Yes, they do have their own chip fabrication facilities. The NSA has had one at Fort Meade for many years. I'm sure there are others.
Mea navis aericumbens anguillis abundat
You are correct, medical device manufacturers do in fact use Windows in some cases, and I find it plausible that they use OS/2, although I am not directly aware of an instance.
However, I would also point out that medical device manufacturers are not held to development process standards or testing requirements as stringent as those applied in the aerospace industry. I won't get into the possible reasons for that, but the medical industry is a lot more self-regulating.
In my experience, "critical" in medical industry software means somewhat else than it does in my field. This based on having interviewed for some of those types of positions. ...
And for good reason. It was a clear case of Microsoft having bribed a congressional committee, and the first clue that many of us outside Microsoft got that El Senor Gates' ambitions reached beyond mere global domination of the software industry and great wealth. I think that aspect of it was not as widely discussed in the media, though.
"The Internet is made of cats."
Actually, Raymond was an idiot - cathedrals weren't built the way he seems to think they were.
However, very very little Defense software requires DO-178B level ANYTHING certification.
This certification does not mean that there are not bugs in the software. Based on some limited experience I would say it does not even imply that the compiler and OS that Greenhills provides actuall even works together.
In the end, selecting an environment for any system has little to do with a closed v.s. open source issue and more to do with selecting the tool fits the job. However, the portion of the trade space that deals with open v.s. closed would certainly tip in favor of Open since I have almost no hope of reviewing or discovering holes in a closed system.
--- Liberty in our Lifetime
Defense applications are usually running in an isolated environment, not connected to the internet or any WAN. So I can't see how there is a security problem. Furthermore, most real-time weapon and radar systems use operating systems like Lynx, not Linux or Windows.
Security issues may exist in development environments, that are usually LANs connected to WANs. In that case, Linux is preferrable, due to better security.
As for open source being better when it comes to security, it is irrelevant to defense applications subcontracting. As long as the subcontractor is audited and found to have satisfactory methodologies and coding procedures, the contractor is ok. The focus in these cases is on qualification and testing, and they usually do exhaustive testing (i.e. testing every possible case) to make sure the application works as intended.
I don't have much knowledge into real time, although like most people I guess I "use" them all the time, just don't see it. Everything got osme embedded doo dad in them now. I'll take linux/bsd out of the equation and just use a generic "open source" then as a future projection model. Right now, what you say may well be true. In the future, and the real soon future, it just might not be so. If I had to bet,I'd bet on open source capturing most of the computer market for all purposes sooner or later. Not all, but most. Heck, I had as little of two years ago people (inet gurus mostly in discussions) telling me that open source was gonna not even be here much around this time, that it was a soon to disappear fad, would never amount to anything, that it was "doomed". I think it's safe to say at least on that point, those were an inaccurate past assessments. Whether or not closed source/propietary will maintain a huge presence, for the immediate future-the next few years, I think it will, but it will gradually lose steam, as it is now. And I think the emphasis will gain ground on a rising curve for open source, not just maintain a steady state. None of us has a lock on the future, but I think it's possible to get some pretty obvious trends. If there's a market or an interest, it's gonna be worked on in the open source arena, and so far, as near as I can see, that modality is getting some nice advances, moreso than what most of the mainstream pundits *that I read anyway) predicted just a few years ago. And it certainly shows in the software that is near mainstream now, take moz for example, and the larger distros. They are *signifcantly* better than two years ago, the improvement curve is most impressive. Not sure if this will slide into the real time and embedded applications, but it appears it will. Besides that, no one really "knows" so I'll concede on that.