From: InfoSec News (isnC4I.ORG)
Date: Wed Apr 11 2001 - 10:54:32 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.wired.com/news/business/0,1367,42972,00.html

[I'm posting this because it explains a few points not covered in
previous articles, one being why use Linux over OpenBSD. - WK]

by Jeffrey Benner
2:00 a.m. Apr. 11, 2001 PDT

On January 2, the super-secretive National Security Agency did
something unusual: It issued a press release.

Stranger still, the statement actually contained important news: The
NSA had developed a prototype of a more secure kernel for Linux,
dubbed SELinux. And, in the spirit of open-source development, the
agency would release the code to the public.

Yes, the NSA -- legendary for closed doors and tight lips -- had
become part of the open-source community.

"This is very unusual," said Brian Snow, technical director for the
NSA's information assurance department. "It's a paradigm shift for the
NSA."

The attitude shift was reinforced this week as a private security firm
announced it had signed a two-year, $1.2-million contract with the NSA
to continue its work on the SELinux prototype.

The NSA's partner is NAI labs, a division of a firm called PGP
Security. Although Network Associates now owns it, cryptology legend
and long-time NSA nemesis Phil Zimmermann founded PGP (short for
"Pretty Good Privacy") Security in the early 1990s.

Despite the irony of his old firm teaming up with the agency that
tried to have him locked up for publishing the PGP program in 1991,
Zimmermann wasn't all that surprised to hear of the partnership.
"There are numerous government agencies that use PGP," he said.

The $1.2-million dollar NSA-NAI Labs deal extends a partnership that
began in June 2000. The NSA has been working since 1999 to develop a
new set of security controls for the Linux kernel. NAI has developed a
prototype to demonstrate how these new controls can be used to improve
security.

The agency has made its SELinux source code and the NAI-developed
prototype available to the public. Linux developers can discuss the
prototype with NSA researchers on a public bulletin board.

Late last month, NSA representatives gave a presentation on SELinux at
the annual Linux kernel conference.

According to its Web page on the Secure-Linux project, the agency
chose the Linux platform because "its growing success and open
development environment provided an opportunity to demonstrate that
{mandatory access controls} can be successful in a mainstream
operating system."

Revealing the fruits of its research to the public may seem like a
strange way for the NSA to improve the security of classified
information. But the agency hopes that working with the open-source
community will lead to a secure operating system that would be less
expensive than if the NSA had to build one on its own, Snow said.
Snow did not feel revealing the code was a security risk. "If a code
is written well enough, it should be safe from attack," he said.

The theory is that peer review among developers will make the system
more secure. If the system is secure, it doesn't matter who knows the
code.

The agency hopes that SELinux will gain acceptance and continue to
improve through open collaboration with Linux developers. Eventually,
the hope is that a commercial distributor will build upon the
improvements and incorporate them into off-the-shelf software products
secure enough for national security agencies to use.

"It's an attempt to get in the market things the Department of Defense
can buy," Snow said. "If we have to write custom software, it's very
expensive. But if we can help commercial vendors do the job right, I
can save the taxpayers a lot of money."

NSA and NAI researchers, including NAI's Smalley, wrote a joint paper
on the inadequacy of operating systems entitled "The Inevitability of
Failure." The paper compares running "secure" software programs on
currently available operating systems to "building castles on sand."

SELinux will offer user-specific access controls analogous to those on
Windows NT, Smalley said, but they will be mandatory instead of
discretionary, and function closer to the real guts of the system,
making them more effective.

"It will constrain what crackers can do," NAI research manager Mark
Feldman said. "The damage they can do would be limited."

The controls are also flexible, allowing a user to set up a security
policy as loose or strict as necessary.

Smalley predicted that the new system could make its way into
commercially available products within a few years, but stressed that
he was speculating.

Should competitors worry that SELinux will provide the foundation of a
superior operating system that government agencies, banks and other
security conscious organizations will prefer?

Dave Martin, a product manager for Microsoft's Windows division,
sounded unconcerned. A prototype is a long way from a full-scale
operating system with the kind of functionality the market demands, he
said.

"This isn't really anything new," Martin said. "It's a research-only
prototype, and the NSA has been messing around with operating systems
since 1972."

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]