Open Source a National Security Threat 921
n3xup writes "Dan O'Dowd, CEO of Green Hills Software, suggests that open source software has the capability of being sabotaged by foreign developers and should not be used for U.S. military or security purposes. He likened Linux with a Trojan Horse- free, but in the end a lot of trouble. O'Dowd thinks that unfriendly countries will attempt to hide intentional bugs that the Open Source community will have no chance of finding."
Well, here's the obvious (imho) response. (Score:1, Interesting)
So that puts it down to Osama Bin Laden doing his best to fuck up linux, and only succeeding in placing a few periods where commas should be in the documentation. Yeah, that's worth his time and trouble. Ya sure Ya betcha.
The whole idea of open source (Score:2, Interesting)
On the flipside, what is to prevent our government from doing the same thing? If the "enemy" can insert malicious code, why can't our government?
NSA (Score:3, Interesting)
Re:Well, here's the obvious (imho) response. (Score:3, Interesting)
As for the NSA inspecting this code -- that's all well and good. But, how often do hundreds of individuals look over OpenSource code and miss a big for awhile. "Awhile" is all it takes for a foreign government to download A LOT of information that they shouldn't have.
Contrary to popular belief, a lot of places do not like America. It's not the big lovable teddy bear that it likes to think it is. It's a great country, but it should do everything it has to do to protect itself.
Re:Well, here's the obvious (imho) response. (Score:1, Interesting)
its just as easy for a unscrupilous person to get a job at xyz software company and put that "feature" in too.
its already happened (not terrorism, but thats why i said unscrupilous (and spelled it wrong to im sure ))
not to mention the NSA atleast has the option of a source audit. i doubt they could ever attempt to audit winXP, even if they had access to the source.
not to mention, guns and bombs are what terrorists use, not software. they want carnage, not financial problems, people tend to forget that. terrorism is about casualties, not just causing major problems.
This is an old story, and FUD anyway (Score:5, Interesting)
The fact is that Green Hills products are no more secure, and may well be less secure, because they don't have the "many eyes" looking at their source code. We've had trojan horse attempts in Open Source software. They get caught quickly. But even if the source is disclosed, nobody outside of their tiny company has an incentive to do productive work on the internals of a Green Hills operating system in the way that people who modify GNU/Linux do. And security audits by such a small company can't catch everything.
The best example of this has been the Borland Interbase database. This was used for airline reservations, and had a trojan horse buried in it for 6 to 9 years while it was a proprietary product. The door could have been found by anyone who did an ASCII dump of the product, but those who did kept it secret, and probably took a lot of free flights. An Open Source coder found the door some months after the database went Open Source, and had an incentive to report it - at that point he was one of the people doing productive work on the database and only wanted it to work better and more securely.
This "black hats" (people who are motivated for bad purposes) vs. "white hats" (good purpose) phenomenon is important to consider when you evaluate the security of Open Source. Generally the only people who would look for vulnerabilities in proprietary software, outside of its manufacturer, are looking to exploit them! This is hardly the case with Open Source.
Thanks
Bruce
Re:the rest world chooses linux for the same reaso (Score:5, Interesting)
(who knows what M$ + NSA put in the closed windows source that might hurt other nations)?
Cryptographic code [heise.de] for a start.
---
It's wrong that an intellectual property creator should not be rewarded for their work.
It's equally wrong that an IP creator should be rewarded too many times for the one piece of work, for exactly the same reasons.
Reform IP law and stop the M$/RIAA abuse.
Re:Understand the Source Perspective (Score:2, Interesting)
I'm a developer, working for a relatively successful hardware company in a non-U.S. land, and I have every intention of hiding all sorts of stuff in any Open Source code I may (or may not, thats freedom) contribute to!
Whether what I hide will be nefarious is one thing, whether or not Easter Eggs can still exist on Open Source Island is another thing entirely
Pure FUD, indeed (Score:4, Interesting)
Ok, I'll bite just once: I doubt there is a single weapon system procured by the DoD in the last 10 years that does not have a subsatantial portion of it outsourced overseas. Most procurments now require some % of it, by contract.
Re:Well, here's the obvious (imho) response. (Score:3, Interesting)
Re:Understand the Source Perspective (Score:2, Interesting)
The DoD? Sure, why not. Who is going to audit and check every change to a closed source, proprietory system? The developers? Why should the government trust them over a different group of developers?
Re:Understand the Source Perspective (Score:5, Interesting)
thats why you do testing and code reviews. its not like these people are downloading new kernals in the field, any code that goes into a government project requires immense testing and code review... PERIOD. I dont care who wrote it.
if the military wanted to use open source software they would likely take the source and lock it down, producing a branch, for them that would be secured and standardized after a large review. if they wanted to bring in new functionality from the "public" branch it would mean a new verion of their "secure and approved" branch which would have to go through the same review process again.
Its not like they dont have to do this anyway with the code they produce now... sure they arent expecting people to try an sabotage them but you can do that without intention simply by making a coding error. Testing & code review is essential to the process.
this isnt that much differnt that what the military does with hardened versions of comercial processors... sure they lag behnind their comercial counterparts because they have to be hardend and tested heavily, but then they work, and they are able to leverage the initial design work and testing done when the hardware was being developed for comercial purposes.
Outsourced Proprietary Software? (Score:5, Interesting)
FUD slinging (Score:2, Interesting)
mere speculation. and certainly no more valid than a PROVEN case of bugs being left inside closed code which aren't found until they're exploited.
Re:Understand the Source Perspective (Score:5, Interesting)
Also, your code would have to be integrated enough into the calculations to only mis-fire when aimed at a certain target or to mis-fire at a set percentage. If the mis-fires were too high they wouldn't buy off on the weapon.
Funny How Great Minds Think Alike... (Score:5, Interesting)
At least with Open Source you have the source to ultimately check for yourself. Vendors like Novel, IBM, and RedHat are supposed to be actively looking at the source to make sure no one is slipping stuff in that doesn't belong but if you don't believe them you can do it yourself.
So you have a Mr. Dan O'Dowd trying to a terrorist ghost threat into Open Source. The problem is that the source is there for you to inspect. With Microsoft the only word you have is their word that they aren't monkeying with the OS to monitor you.
IMHO, BSD and Linux are perfect for Military and security applications. You can inspect every corner of the kernel. You can freeze on a specific version because you always have that source code. You can branch and patch as you see fit. This seems perfect for the military and security branches. With Microsoft you have to "signup" (how much money does it cost to do that?) to view the source and then what? The only proof you have is that this particular version of Windows hasn't been monkeyed with. What about the patches and hotfixes? *shrug*
When it really boils down to it are you going to believe the source you compiled, you control yourself or Microsoft? I think Mr. O'Dowd's trust is ill placed.
Ignore this at your peril (Score:5, Interesting)
I'm a long time Linux user and have been around open-source for a long time. While the source of this article is obviously questionable, I work for a Defense Contractor and I'm here to tell you, the points raised in the article have some truth to them.
If you're selling products to the govt and those products use an operating system, the issue of being able to GUARANTEE that your code base is not and cannot be coerced is very real. Everyone has (or should have) seen the techniques used to obfuscate trojan horses by using a compiler or some other tool that makes this problem even harder.
The problem being eluded to here is about a chain of control of a code base that can be demonstrated to satisfy a DoD or other govt customer. While no process can ever be completely secure, the real point is, if you have a choice between a system that has been developed in a closed environment where you can keep an eye on everyone involved and and open-source development, the prior development is easier to verify. You can call it FUD but this is a real issue within the govt circles and WILL limit the use of Linux in certain applications.
You can't possibly be a developer (Score:2, Interesting)
Writing code is one of the classic "genius" kind of activities - it's generally an NP problem. Figuring out the right answer is *immensely* harder than recognizing the right answer when you see it. A good design jumps out at you when you see it, but finding it starting from scratch can take a long time. It's like finding the answer to a riddle, or factoring a large number. When you have the answer, it's obvious. If you don't, it can seem impossible.
So even if they have to evaluate the whole body of the code initially, then all diffs with every revision after that, they've made an immense gain to use open source versus building it over again themselves.
Amusing article (Score:5, Interesting)
As secure as Windows? He's kidding
When I worked for the AirForce, they had several instances in which systems were comprimised (desktops). Various worms came out of the blue and just hammered their network. My systems running Linux noticed it immediately. In fact I was told there was NO problem. After a few hours of watching the logs logging attacks over and over again I then noticed a general email sent out to all explaining there was a problem and instructions were provided.
As secure as Windows? God I hope not!
The Federal Aviation Administration (FAA) requires software that runs commercial (and many military) aircraft be approved as part of a DO-178B certification. DO-178B Level A is the highest safety standard for software design, development, documentation, and testing. It is required for any software whose failure could cause or contribute to the catastrophic loss of an aircraft.
Several operating systems have been DO-178B Level A certified. Until Linux is certified to DO-178B Level A, our soldiers, sailors, airmen and marines should not be asked to trust their lives with it.
If Linux isn't at this level then what is the point of the article? Linux is certified for various things in the military. Whenever I stand up a server I was asked what OS I would be running. Everyone was apprehensive it would be Windows which requires a whole heap of testing before it's allowed to run in production. As soon as I told security it was either Unix or Linux they would sigh and tell me to go ahead. Much more confidence there
Re:Governments should not use OS without a proper. (Score:3, Interesting)
Unless you have both the full source and the compiler/toolchain it was built with, a security audit is worse than useless, as you have no way of verifying your results.
In such a case, WYSINNWYG (What You See Is Not Necessarily What You Get).
For example: You get the full source and the toolchain. You do a build on the same platform using the same flags. Your final executable has a different md5 sum. You have to conclude that the either the source or the toolchain you received is not identical to the source that was used for the original build.
Without everything (full source, toolchain, build scripts and flags) you cannot verify that you even hae the right source.
NSA Linux (Score:3, Interesting)
all in the family (Score:5, Interesting)
so, please explain to me again how open source terrorists are going to slip their malware under our noses?
Valid concern for *all* OSs (Score:3, Interesting)
Of all the valid reasons to attack open source software, I can't imagine how they can imply an unknown piece of code is more secure than a known piece of code, even if possible enemies are contributing to the open source (unless, of course, every programmer at Microsoft has been given the proper clearance for all levels the OS they are working on will be used).
Re:Understand the Source Perspective (Score:3, Interesting)
Re:Understand the Source Perspective (Score:5, Interesting)
That's one of the reasons why the US has always focused on fighter aircraft at the expense of anti-air artillery and SAM systems.
Re:Understand the Source Perspective (Score:5, Interesting)
Scenario (Score:3, Interesting)
Say, the software was used for target calculations for an artillery piece. For the sake of argument, say some "rogue" developer has added a bit of code that takes the coordinates from the GPS in the unit. Checks to see if they are in, say, a middle eastern country. If so, the shells, which found the target just fine in testing, are now missing the mark by 500 yards.
Not paranoid, just askin.
Re:Understand the Source Perspective (Score:3, Interesting)
Just how much code do you think Linus is actually involved with? Really now. Last I checked, him especially, and most of the rest of the crew you mention, live and breath in kernal land. Think they've been over the code in every module out there? Think they know the code for Open Office inside and out? Come now.
Bottom line, if security is _that_ important, the code will be written and maintained IN HOUSE. Period. There is just NO viable alternative to this that is as secure, and even at that level (which is how this kind of thing is done NOW), there are usually many people working on any given coding project, broken into little bitty units that aren't useful on their own, and implemented in parallel by multiple developers so that cross-checking etc can be done to reduce the possibility of a mole actually being able to do any kind of damage.
So, the bigger question is then deciding which projects it is acceptable to use OSS for, and which are not. I am quite sure I'll be modded into oblivion for saying this, but it is the blatant truth: OSS is NOT a silver bullet. It will NOT solve all of the worlds programming problems. And it is NOT appropriate for all situations.
Re:Understand the Source Perspective (Score:2, Interesting)
I think this is the tricky part here, though - will a little-known open source math library be used for, say, target software in a M109A6 howitzer? I think it's a bit unlikely.
> How could you prove I set out
> to intentionally make that error?
The problem is that a typical open source project maintainer will not be concerned with _why_ a patch contains buggy code. Instead, he'll run the current suite of tests, they'll fail, and he'll reject the patch.
> How long would one need to invest to
> get the trust of a submitter?
Of course, any system is fallible. But how long would it take for a person with bad intentions to be hired by a commercial company? Or, better yet, for a current employee to be bribed? That'd be a much faster route. And who would ever catch the hidden evil, since the code would only be readable by a select few?
Open source processes aren't failsafe - but neither are commercial company processes.
> How long would it take for a badly
> intentioned person to take over as a
> maintainer?
Same as above, I feel.
Incidentally, thanks for taking the time to respond to my post. This is a good issue to discuss, I think.
Re:Understand the Source Perspective (Score:3, Interesting)
Is it possible that some known and trusted employee could make a subtle mistake that goes uncaught and results in a buffer overflow.
the answer to that is an unqualified yes.
military source goes through review and testing the likes of which is seen in few industries (perhaps medical/lifesupport systems... cant think of any other) this will always be the case, and infact must be the case no matter who is writing the code.
Re:Understand the Source Perspective (Score:3, Interesting)
I.e. the kernel hackers don't just toss patches at the kernel and see what sticks, they review patches very carefully. And toss out a lot of them.
Green Hills FUD was covered on groklaw months ago (Score:4, Interesting)
Wait a second! (Score:2, Interesting)
Terrorists could NEVER get the source for Windows (Score:3, Interesting)
Heck, what would stop a terrorist from getting someone employed at Microsoft and simply stealing the code?!
But, then again, Windows is such an easy target for exploitation, getting the source code probably wouldn't be worth the bother. It'd be like stealing a key to a building without locks.
Re:Understand the Source Perspective (Score:3, Interesting)
Supporting comment (Score:5, Interesting)
Just as parent post suggested. Except, the govenment is already auditing open source, and customizing the Linux kernel to it's own needs... Does nobody remember NSA Secure Linux [nsa.gov]?
Re:Failing company? (Score:2, Interesting)
get the facts straight first (Score:1, Interesting)
1) Green Hills' Integrity RTOS is not closed source. "INTEGRITY is available in binary distributions, Binary with BSP Source, as well as affordable full source code distributions."
he's talking about an open-source development method where lots of people from all over are contributing code. they probably have a team of a few guys who do the entire OS, and know everything about the OS. plus, they pay people to review everything and certify it!
2) because they "support" Linux doesn't mean they are hypocritical. their development tools support linux-- who cares what your desktop OS is, that doesn't have to be secure. the embedded OS in the field does.
3) NSA SE-Linux. Jesus, this doesn't mean linux is secure!!!!!! "This work is not intended as a complete security solution for Linux. Security-enhanced Linux is not an attempt to correct any flaws that may currently exist in Linux. Instead, it is simply an example of how mandatory access controls that can confine the actions of any process, including a superuser process, can be added into Linux. The focus of this work has not been on system assurance or other security features such as security auditing, although these elements are also important for a secure system."
**simply an example of mandatory access controls** that's it.
get things straight before you go spouting bs
Re:Understand the Source Perspective (Score:3, Interesting)
Re: Do we need another comment? (Score:3, Interesting)
http://www.usatoday.com/tech/news/2002/02/07/tech
The next part is told at http://www.nationaldefensemagazine.org/article.cf
The army did not take Linux out of sheer stupidity, not knowing other alternatives---the army took Linux after serious considerations of its rich and expensive experience with several other alternatives.
Mr. O'Dowd speaks of Linux being worse than Windows, and Windows being almost as bad as Linux. Looks like his Green Hills Software was part of the firs expensive exprience of the army, first losing its contracts to Windows, and then to Linux.
It's the implementation (Score:3, Interesting)
make sense?
just my thoughts.
Internet Explorer, anyone? (Score:3, Interesting)
Choice quote of the article (Score:3, Interesting)
Whoa, he comes out and says it like that? Man, if I were part of the Gringo-hater crowd, that'd give me fuel for years!... :-)
So US-Centric (Score:4, Interesting)
Unfortunately, you can't guarantee that someone looking to subvert windows in a subtle way won't be hired by (or more interestingly, license their code to) Microsoft- so with closed source you basically get the worst of all possible worlds.
Reflections on Trusting Trust (Score:2, Interesting)
US has software trojans too... (Score:5, Interesting)
When other governments start using OSS, they may be freeing themselves of these US planted trojans. I believe THAT is the major fear of the US government... Not that they will fail to detect a foreign planted bug in some fighterjet, but that OUR planted bugs will be found by China/India/Pakastan/Iran/etc... This would also seem to explain our government's looking the other way with regard to the Microsoft settlement. Remember that the anti-trust settlement was made within a week or so of September 11. Remember also the "Green Lantern" project, where our government was activly looking for ways to co-opt peoples boxes.
Software than cannont be easily trojaned creates just one more difficulty for our spy agencies. As with the gangster who was using pretty secure encryption, the government is now forced to use things like hardware keystroke loggers (meaning they have to have physical access to the unit), sneek-and-peek, you get the idea.
The US government has an interest in keeping people using insecure systems. How easy to you think it was to open those Windows laptops captured in Afganastan? Why, the NSA had those famous "NSA-KEY" entrys to Windows!... Easy as pie. The last thing they want is for KSM and OBL to start putting strong-encrypted filesystems on their Linux laptops in Afganastan. No way to plant the backdoor!
Expect to see a lot more of this type of FUD... The US Government has plenty of time and money to make sure that their Linux systems are safe, they just don't want others using them...
More Green Hill FUD (Score:3, Interesting)
Quote: The NSA has not fixed, or even seriously tried to fix, the security problems (documented in this series of white papers) that make Linux unsafe for defense systems.
[...] If secrecy isn't important to security, then why does Linus Torvalds keep the means of accessing the core Linux development tree a secret from all but a few people?
Another FUD dose says [ghs.com]
The GPL was designed by Richard Stallman to prevent you from making a profit from distributing his software (which makes up a large part of Linux).
closed source is MORE vulnerable (Score:2, Interesting)
Re:US has software trojans too... (Score:2, Interesting)
http://news.zdnet.co.uk/software/0,39020381,39147
Software supplied to run a Russian pipeline was deliberately planned to go haywire, causing the biggest non-nuclear explosion the world had ever seen...
as I recall, this wasn't a case of sabotaging legitimately acquired software for the hell of it. The CIA became aware of the Soviet's intent to steal western technology, including control software for their pipeline project, through an agent recruited by the French.
Reagan was aware of, and approved the plan. The CIA managed to get inside the deal, and instead of stopping the transaction, sabotaged the code so that the pump speeds and valve settings would go haywire after some period of time.
I'm certainly not excusing the sabotage that, while not causing any loss of life, caused immense damage to the Soviet economy. I won't argue wether it was justified... but the US government made it illegal for them to import certain technology. They circumvented this ban, and paid a heavy price.
Re:I wonder? (Score:1, Interesting)
Green Hills biggest competitor has always been Open Source. They make embedded compilers and operating systems, a market that open source invaded well before it became popular on the desktop.
When I worked there, they were still in the laugh at it phase "open source, you get what you pay for, ha ha ha!" despite their largest compeditor being gcc. I am sure by now it is hurting their core business.
Re:Oh really (Score:2, Interesting)
hmm, i don't think code using features of C99 (y'know, the latest C specification) would compile on pre-C99 compilers. i can't imagine why you find that surprising. as for glibc, it is far too dependant on gcc hacks to have a chance of compiling under any other compiler.
Pretty obvious, but... (Score:3, Interesting)
The US govt isn't everyone else's best friend at the moment, and appears to be working particularly closely with US software companies at present in terms of pushing US' interpretation of intellectual property onto much of the world. It's more than feasible that the US govt could have said "Look, software vendors, we'll push your interests out into the world, but there's a favor you can do for us in return. Here's some source code we want you to bolt into your products for overseas distribution"...
At least FOSS gives people the opportunity to examine the source of what they're going to be running. No, most people don't bother, but with Windows, Solaris, etc. it's not even a possibility.