NSA Backing Secure Linux OS Development 275
ColPanic writes "Looks like the NSA is gonna have a Linux OS of their very own soon. They have selected Secure Computing to develop a high security version of Linux."
This discussion has been archived.
No new comments can be posted.
NSA Backing Secure Linux OS Development.
Related Links Top of the: day, week, month.
The use of anthropomorphic terminology when dealing with computing systems is a symptom of professional immaturity. -- Edsger Dijkstra
Riiight. (Score:3)
Wouldn't it be better to audit OpenBSD for their purposes, since it's already designed for that purpose. Or even FreeBSD?
I asked the question because I am honestly interested in the answer, not some zealot telling me, "LINUX IS SECURE!" or something inane like that.
The big question is... (Score:1)
but will it be opensource? (Score:1)
Will this be available, or restricted? (Score:1)
I mean, it ought to be publically available, but this *is* the NSA we're talking about here, so I'm not exactly holding my breath.
Ideas? Anyone? Bueller?
A Marriage Made in Hell? (Score:2)
Re:suck (Score:1)
Cool! (Score:1)
Strange Bedfellows... (Score:2)
OTOH, they have kindof a history of being..uh..a bit abusive of their "friends."
For all of you that aren't as fascinated by the NSA as I am, you need to read The Puzzle Palace [fatbrain.com] by James Bamford.
Patented technology in the kernel? (Score:1)
Hmm.. see the word patent there? Im sure you did.
Ok, from what I gathered skimming over that article is that this would be done to the linux kernel? which is GPLed..
What happens if they use patented "stuff"(for lack of a better word right now) in the kernel itself, which is under GPL, meaning they have to make the source avaliable for everyone, who can then change it and so on?
Will this even be an issue?
Pre-emptive strike against cluelessness (Score:5)
---
They should use OpenBSD (Score:1)
Re:First! (Score:1)
I think this is particularly good news, even though there are probably going to be some licensing issues to work out.
This is another feather in the cap of linux as a commercially viable Operating System. I think it will give additional credibility to Linux in the business world, as well as provide further incentive for the government to replace their commercial machines with open-source equivalents. Think about it.. I think this is at least B2-grade (correct me if I'm wrong), and windows has a hard enough time reaching C2...
It would, of course, be the best if the code modifications were released as open source... we all know by now that "security by obscurity" is a really bad way to go... and if they make patches directly to the kernel they have to release them under the GPL. Unless, of course, the government decides it's a matter of "national security", in which the normal rules don't apply.
If you can't figure out how to mail me, don't.
GPL Considerations (Score:2)
Of course, if they can do it without kernel changes, the point's moot.
Re:Riiight. (Score:1)
Gratuitous comment re. security levels (Score:1)
Will the Secure Linux be OK'd for little unimportant things like
timothy
yet the paranoid will say "It's for backdoors" (Score:2)
Perhaps the NSA realizes that making US computers more secure is better than trying to weaken everybody to help their spying.
-- Robert
Open Source or Commercial Add-On ? (Score:2)
A good thing, all in all... (Score:1)
I think this is particularly good news, even though there are probably going to be some licensing issues to work out.
This is another feather in the cap of linux as a commercially viable Operating System. I think it will give additional credibility to Linux in the business world, as well as provide further incentive for the government to replace their commercial machines with open-source equivalents. Think about it.. I think this is at least B2-grade (correct me if I'm wrong), and windows has a hard enough time reaching C2...
It would, of course, be the best if the code modifications were released as open source... we all know by now that "security by obscurity" is a really bad way to go... and if they make patches directly to the kernel they have to release them under the GPL. Unless, of course, the government decides it's a matter of "national security", in which the normal rules don't apply.
If you can't figure out how to mail me, don't.
Someone's on Crack... (Score:2)
Besides, if they want a secure UNIX, why wouldn't they go with DG/UX, which has already been rated at B2 and E2 in the USA and the UK. It runs on Intel platforms too, and would take a lot less work to get to whatever level of security they want with a lot less potential legal hassles than if they tried to build on Linux.
And somehow I don't see them willingly releasing anything as Open Source. That's just not like them.
IPO (Score:4)
Wow (Score:4)
-----------
"You can't shake the Devil's hand and say you're only kidding."
Re:GPL Considerations (Score:1)
However, if they were to changes to the kernel itself, then it would have to be opened.
Re:Riiight. (my thoughts exactly, OpenBSD) (Score:1)
Besides, *BSD even supports USB now for even more gadget connectivity.
Re:Riiight. (Score:3)
Another thing that kind of blows me away is just the fact that there even was a press release. The NSA used to be so secretive, that few even knew it existed. I wouldn't be surprised if this isn't a subtle ploy by them to recruit geeks. They've always been one of the biggest high-tech employers in the DC area, but with the high-tech boom now going on around DC, it is very dificult to hire competent tech staff at government wages (its not like you can count on the feds having an IPO in the near future.)
Sounds an awful lot like capabilities to me (Score:2)
The scope of the "type enforcement" implies it would have to be done in the linux kernel. If so, there's going to be a serious licensing question here because there's no way that kind of change can be put in a module.
--
Re:GPL Considerations (Score:1)
Its a ploy (Score:1)
Greats SlashDread
Proof to me, their NOT out to get me
if you can't beat 'em, join 'em (Score:5)
As Michael H. Warfield points out in this linux-kernel message [lwn.net], it's a golden opportunity to get IPSEC into the 2.4 kernel, and US-based Linux distributors can now bundle PGP, SSH, etc., with their next versions.
Maybe the spooks (or at least, the spook-meisters) are doing a 180 turn on how to deal with cryptography distribution, from "don't let anyone else have it" to "if everyone else has it, we want it, too".
--
"But, Mulder, the new millennium doesn't begin until January 2001."
what a crock (Score:1)
not trying to pick a fight... (Score:1)
why wouldn't they just have some linux guru's monitor the system and close off the trapdoors?
you might call me an idiot, but this seems to be against what all the linux touters out there preech about linux
government (Score:1)
Re:Someone's on Crack... (Score:1)
Not if they only plan to release it inhouse. If they're not releasing a commercial distribution they're free to do with it as they see fit.
Re:GPL Considerations (Score:1)
Re:Riiight. (Score:1)
Actually, they DON'T have to defeat the GPL (Score:2)
I have a friend who's father consulted for the government. They developed a portable Gas Chromatograph setup, with lots of bells and whistles, to help them detect the production of biological and gas weapons. They used patented and copyrighted technology from about 3 or 4 commercial products, and did not have to pay any licenses, or even consult with the companies that held these patents/copyrights.
Better link to "Type Enforcement" (Score:1)
The correct link is here [securecomputing.com]
--
MODERATE THIS UP!!! (Score:1)
HOWEVER, if they do release the binaries, then they'd be obligated to release the source as well; though, this would be assuming that the NSA has to not break the law...
Also, as someone else pointed out, if they contract this work out to a 3rd party, that party must provide NSA (and whoever else they sell this to, or allow to obtain binaries) with the full source code.
Government versus the People (Score:2)
Looking for Answers (Score:1)
Re:The big question is... (Score:2)
1) Linux is becoming a big player in commercial network sites.
2) The government wants a secure national network. Including secure private sites. Part of the NSA mandate is to protect private citizens and companies.
3) The government is going Linux. Try estimating what the government would have to spend to "update" to Windows2000.
4) Linux is the ideal platform, with GPL released code, everybody (except those sending money to Redmond) are on an equal footing with the released code. There is no perceived government backing of private enterprise which would be the case if the NSA $ were going to Redmond.
Right. Jihad... (Score:1)
Why not BSD?
GPL violations!
Waaagh.
I think people are missing the point.
Yes, we know BSD is more secure.
Unfortunately it is less popular. I know this doesn't justify it being "overlooked", but it meas it will be to an extent.
It makes sense to go for linux for a couple of reasons:
Popularity==more coders have developed it.
Poplularity==more people are likely to knwo how to use it.
However the most important point is that a SECURE version of linux is being created.
OK so it'll probably have more NSA backdoors in it than a M$ prosuct has bugs (and NSA backdoors), but as the GPL states:
You have to release the fucking source.
---or something..
This will only be of benefit. It can't hurt people, (except those with a chip on their shoulders)....
Re:GPL Considerations (Score:3)
But nothing in the GPL says the contractor has to release it to anyone else. The GPL is privacy-friendly: no-one is obligated to publish modifications. But once they are published, source must accompany it, and copying cannot be restricted.
-- Robert
Re:Riiight. (Score:2)
I don't think this matters. If you use your modifications only internally, I you aren't required to release the source to them. That clause only applies if you distribute the code.
However, if you don't contribute your changes to the broader proejct, you'll have to re-merge your changes in every new release. That holds true for any open source license.
Re:Riiight. (Score:2)
I know that the CIA is not supposed to operate in this country.. I'm doubtful that the same restrictions apply to the NSA.. Are you sure you're not misassociating?
Licencing thoughts and issues (Score:4)
Then I remembered a previous GPL argument, when a company had made -internal- changes and did NOT have to make the changes public, as the GPL does NOT cover these.
The NSA version would fall into the same category, I suspect, with contractors deemed a part of the same organisation, as far as the GPL is concerned. Always assuming the contractor developed any of the secret stuff. The NSA has more than enough top people to code that part themselves, just to make sure there isn't a GPL conflict.
Then, I wondered why they didn't branch off from OpenBSD. That's already mostly secure, there's a good base to work from, and it's stabilty is phenominal. Then I realised. They've probably already GOT ultra-secure versions of OpenBSD for PC-based, single-processor servers, but Linux isn't just for PC's or just for one processor.
If you want a lightweight system that'll run on embedded devices (such as wiretaps), massive-scale multi-processor devices (such as extreme number-crunchers eg: code-crackers, etc), or obsolete hardware (such as stacks of IBM S/390's) then Linux is the one to go for. It's ideal for such functions and such platforms. OpenBSD, etc, would require too much work to make them both multi-processor and multi-platform -enough- to be useful in a meaningful timeframe.
This isn't to start any kind of flame-war, but I'm sure OpenBSD is used in it's primary environment (because it's GOOD), and Linux is going to be used everywhere else (because it's GOOD -and- THERE.)
Re:Government versus the People (Score:2)
NSA and Linux -- back a long way.... (Score:2)
Grep /usr/src/linux/drivers/net/znet.c...
Linux makes a whole lot of sense for NSA as it is stable, free, and runs beowulf quite well. Beowulf maybe to crack codes?
Anyone seen someone from NSA at a Linux meeting (DOD?)?
NT only made C2 when NOT on a network, and there may have been some funny stuff going on. B2 is needed for multi-level security stuff (secret, confidential, and unclassified on the same machine). Does this code provide B2.
As for GPL, they would only have to release their patches to ones using their code -- so long as it is inhouse, they don't have to release it. OGA could use it too, but the OGA would have to be able to get the code. They could even make the patches classified and no one outside their sphere would have access, GPL or no GPL.
Patriot (Score:4)
Man, talk about a version conflict...
=================================
ERROR 10948:
Red Flag Linux detected. You did
not see this error, and troops have
been dispatched to your location, you
filthy traitor. Remain seated and your
death shall be quick and painless.
=================================
-- RED, WHITE, AND BLUE FLAG LINUX
"Yes, we're developing a distribution.. but if we told you anything more we'd have to kill you (and the binaries)."
Actually they don't allow that (Score:4)
Take a look at a longer description [slashdot.org] that I got from Frank Hecker in email.
Cheers,
Ben
Re:not trying to pick a fight... (Score:3)
According to this summary [securecomputing.com] of Sidewinder's system, the only way you can get this level of access is by booting the "administrative kernel", and when the administrative kernel is running, all network connections are disabled. While running the normal "operational kernel", every process can be restricted to handling certain file types and system calls. This way, for example, your netnews server and FTP server can have administrators who can't access one another files or processes. If, say, a Belgian spy compromises your netnews administrator's account, the spy still couldn't send out anything over FTP.
--
"But, Mulder, the new millennium doesn't begin until January 2001."
Distribute, Publish are the key (Score:2)
If I modify the Linux kernel so that it works with a PCI card that I built in my basement, am I required to give people the source?
NO.
However, if I modify the Linux kernel and give it or sell it to other people, THEN I have to give them the full source along with that. There's no rule that says I have to share--I can keep my modifications to myself, as long as I don't give anyone the binary, either.
Of course, it would be Really Nice of them...
NSA Website aparently Slashdotted (Score:2)
Re:The big question is... (Score:2)
I'm not sure he quite understood what was going on, but the company also works with their own variant of OpenBSD, which is supposedly even more secure than the original due to how they've separated certain sections of the OS from interacting with each-other. I don't claim to be an insider though, this is just what I've been told.
-----------
"You can't shake the Devil's hand and say you're only kidding."
Re:yet the paranoid will say "It's for backdoors" (Score:3)
Duh. Of course the NSA wants to analyse Linux and know about any backdoors there; how else will it take advantage of them?
By the way ... You may not know that the NSA has a research arm that's distinct from its SIGINT operations (and export control operations, and secure network operations, and ...). One of their ongoing problems has been to get "Commercial, off-the-shelf" (COTS) software to be good enough for use in sensitive systems. Commercial vendors have been unable to meet those requirements, since the market they'd hit is too miniscule. "Trusted Solaris" and so on; always multiple revs behind. And almost always pains in the behind to administer.
Another possible scenario is that the face value here is the right one: they want to see some standard Linux distributions get hardened, so that some real administrators will identify the problems so they can get fixed. And so the government can use more current technology in those sensitive systems ! They've been getting too far behind, and needing training that's too specialized. Linux would seem to have the potential of hosting a great fix!
Re:Riiight. (Score:3)
Now, I am usually the paranoid one, but (Score:2)
0. They have access to every line of code, so there are no surprises(unlike some OTHER OSes which has problably been burning them from time to time for years.)
1. They are still using an OS with strong features.
2. They can also see the source for every single app they decide to use(or not to use)
3. Now that there are multiple wordprocessing/Office packages out there which are able to handle MS Office's formats, the biggest complaint of all the nay-sayers from within has lost its footing.
From NSA's standpoint, this will finally give them control over the operating system on thier computers. They have probably had this in mind for years and only been waiting for Linux to mature to the point that it was highly useful and definitely beyond the point of losing its momentum. I can only see good in this right now(I have blinders on) because once NSA developes this, all the other branches of govornment will tend to jump on the bandwagon with them. Lets face it: that will only be good for Linux, having all those users in the govt being forced to use Linux at work. Then many will use it at home, too.
Re:Will this be available, or restricted? (Score:2)
My point is this: don't treat this like it's anything other than a regular company. They'll be releasing the source if they make any changes to existing software. They have to. If they don't, they're in violation of the GPL -- and that's a different story altogether.
-----------
"You can't shake the Devil's hand and say you're only kidding."
Re:Riiight. (Score:2)
Secure Computing and Linux (Score:2)
Secure Computing, from all indications, is probably the best of the major firewall/security vendors to have gotten involved with this sort of project in terms of "with-it-ness" and overall technological knowhow.
This project is probably something Secure Computing themselves were interested in already. Most of their products are run on heavily-modified versions of BSDI 1.x, for which they purchased a source license many years ago, which means they carry along all the baggage of what sort of hardware compatibility that ancient version has, namely very little at this stage in the hardware game. (For example, the last time I was around to help set up a Secure Computing firewall, we had to dig up an old ISA Adaptec 1542 SCSI controller for the box.) I'm sure they were just waiting for one of the FreeOS's to reach a state of stability that they could grab the sources and mod them to work for their own uses. I would guess that they picked Linux over one of the BSD's at this point based on hardware compatibility or market share as opposed to strictly technical reasons since they obviously have people who are very familiar with the BSD kernel on-staff already.
It will be interesting to see what they do with any mods they make to the kernel, since I predict they'll be using their hardened Linux kernel as the base for new product lines in the same manner they're using their hardened BSDI kernel now. Since they'll be shipping binaries to customers, the GPL will require them to also ship source code, unless they manage to figure out how to harden the kernel strictly using modules, which I don't see as possible.
-=-=-=-=-
Re:Pre-emptive strike against cluelessness (Score:2)
no. If you don't put it "in the wild" then there's no one to ask for source. If you keep it in-house, everyone who uses it will have access. My guess is that the NSA will keep their verison VERY MUCH in-house. The way I read the GPL (for this topic) is that if there is no one to complain about not having the source for their binaries (as the case would be here) then there is no violation.
Anybody else see similarities between this story and the other "hoax" stories about a certain country that now controls the Panama Canal doing the same thing?
Old Proverb? (Score:2)
Novell seems on the outside somehow. It started with good intentions but nothing seems to move there. Strange when Noorda's second child, Caldera, is one of the big players. Microsoft seems to make one step further, two steps back all the time since 1998. A few seem to step back into old methods. But the fact is: Open Source is now the main software player.
Maybe the NSA _wants_ to release the source (Score:2)
Re:Pre-emptive strike against cluelessness... (Score:2)
The GPL apply to the case somebody modify a GPL'd software and sell it with/without the sources and try to forbid the user to redistribute it further, but I wonder what the GPL would say in this case.
If the NSA asks this company to make a secure Linux and buy it from them they can keep the sources for them but is their a loophole in the GPL allowing the NSA to make them sign a contract not to sell it to anybody else?
I don't say there is such one because I haven't read the GPL inn a long time but I wonder if their is a loophole in the case of the buyer trying to restrict the producer and not the other way around (goal for which the GPL was thought).
Anyone has got a clue???
Re:yet the paranoid will say "It's for backdoors" (Score:2)
Yes, it's quite likely the NSA is _behind_ the curve here, and wants to use Linux to catch up.
There is a cost for protection and worry. So it is very possible to be over secure. I doubt the NSA understands this. They didn't 10-15 years ago with the Soviet Union.
-- Robert
Best way to fix the monopoly (Score:2)
Boojum
Re:Pre-emptive strike against cluelessness (Score:5)
I mentioned the way I do business with my company, to RMS. We sell software to our customer (usually the government) and we give them the source and the rights to modify that source (just like GPL) but they don't in turn give it to anyone else, although we don't restrict them from doing so. He told me that, that is custom programming and he has nothing against it. The GPL would not affect that at all, except if the government wanted to imposed their own license.
So, in theory, you can have a little club of people that have some modification of the Linux kernel that no one else can see. But all it takes is one person to give it away to anyone to destroy that. The club cannot (under GPL) restrict anyone from doing so.
Steven Rostedt
New management == GOOD (Score:2)
The CEO was a corrupt bugger and inflated the stock price and sold tons of stock.
Now there's a new guy in charge (formerly from Intel who is very well respected) as of last April, and he has been doing an amazing job turning the company around.
Take a look at the stock price today.
Their unix firewalls and authentication products are very good, but have very poor marketing and sales. The NSA and Air Force must like them as that's what they use.
The people I knew that worked in the penetration testing were some of the smartest folks I have ever met.
Experience with "Type Enforcement"... (Score:5)
I've been consulting, installing, and using Secure Computing's Sidewinder firewall for about 3.5 years now, which includes the "Patented Type Enforcement Technology". Here's the skinny..
Type enforcement was developed by Secure Computing to be run on a Motorola mini computer system for the NSA about 10-15 years ago. This was specificly designed to be a system to hold both classified and non-classified information, with both classified and non-classified users.
What type enforcement does is create a series of domains within the context of the operating system. Each file and user is assigned to a domain, or a series of domains, and cannot pass domain boundaries, unless explicitly allowed. Attempting to cross boundaries will result in the offending application being killed by the system kernel, the attempted logged, and alarms rung.
The important thing here is that the domain permissions and rules are set in the kernel itself, and changing those rules requires a recompile. I know that Secure Computing was working on a 'type enforcement lite', where the rules were enforced by a userspace daemon, but I hadn't seen anything about that for quite awhile.
Sidewinder is a damned effective firewall, due to the type enforcement. Even if someone breaks a proxy or service running on the outside of the firewall, you still haven't breached the firewall, since there is no logical path to the inside domains or the internal ethernet card, except through a series of named pipes between dual IP stacks (one for the 'outside' and one for the 'inside'). Breaking through those is extremely non-trivial, since every time you touch the wrong domain, you get kicked and logged.
Type enforcement is real, and it's been around for a very long time. And works very well.
jf
Re:Pre-emptive strike against cluelessness (Score:3)
Correct..
Legally the way it would work is: If someone starts selling NSA/Linux then they will be required to give away the source, but the NSA could try and stop them from selling NSA/Linux.. and it would be a big fight. Unfortunatly, OSS would probable loose to the NSA in a legal battle over the GPL.. national security and all that crap. On the other hand the NSA knows what kind of contract they are getting into now.
The real question is further restricted distribution, i.e. the NSA giving the NSA/Linux source to a contractor grants the contractor distribution rights. National security can will probable trump this in hind sight, but we might be able to force the NSA not to give it to contractors without distribution rights in the first place.. via the GPL.
Interpretation: Do not try and use the GPL to trck the NSA into giving away stuff, but do use it to push them into giving it away in the first place.
Jeff
Why Linux? Here's an easy answer... (Score:2)
DTE for linux - available as a patch! (Score:4)
oops - messed it up last time! Doh!
at this url: http://research-cistw.saic.com/cace/dte.html [saic.com]
(Hope that someone reads down far enough to moderate this up). The site has a good explanation of what DTE is, but I don't know how active they are.
They have a patch against 2.2.13, which was created on Dec 13 1999. So its not too out of date, though it will have to be forward ported to 2.3 I suppose...
Maybe the NSA should be spending their money elsewhere - or maybe they should clue up to what open source is all about.
I wonder what is covered by the patent Secure are so proud of?
In-house Loophole? (Score:2)
Others have pointed out that an insider could simply sell/distribute the NSA Linux, and that the NSA wouldn't be able to do much about its further distribution.
But, if they keep the source code in a very secure place, and separate from most of their computers (which would only contain the binaries), then anyone who tried to disseminate the binaries could be sued by the NSA (since they have the copyright on their "derivative work") over GPL violations.
The NSA would simply claim that the GPL prohibits distribution of the binaries without the source code, and before anyone got the chance to reverse engineer the binaries, the NSA'd prosecute anybody caught distributing said binaries for software piracy.
Kind of a disgusting loophole... if anybody could come up with any passage from the GPL (or copyright law) that contradicts this, I'd sleep much better tonight!
-Hypr Geeque
NSA **IS** Interested in Linux: another report. . (Score:2)
Just some corroborating evidence. . .
But no NDAs (Score:2)
Re:A Marriage Made in Hell? (Score:2)
That entirely depends on what the reasons are for the NSA to bother with Linux. If they want (or are ordered to) to develop an OS that is secure, so that people/companies/governments can protect themselves better, then they'll have to release their modifications. Preventing "secrets" is one of the tasks of the NSA as well - and believe me, there are lots of smart people at the NSA. They recognize a good idea, nor does everyone think all the time that security by obscurity is the only way to go.
-- Abigail
It does, mostly (Score:2)
5th amendment violation (Score:2)
I have some idealism in me yet. Wait, I can feel it draining away; slowly, slowly, done. Ah, cynicism, my dear friend, we meet again. How're the wife and kids? Mine'll all die, I see that now, even the ones I don't have yet. Personal rights and liberties? No, this is government work. Constitutions as a means of restraining government which by its very nature is unrestrainable? Justice Marshall got it wrong, I see that now. I can see a lot now. I think I hear a knock at my door. Ah, two young men in blue hats. They want to talk to me. I'll be back soon.
NO CARRIER
Other NSA Secure Linux work (Score:5)
Their Secure Linux project page is available [utah.edu].
Re:Will this be available, or restricted? (Score:2)
-----------
"You can't shake the Devil's hand and say you're only kidding."
Patent issues and the GPL (Score:3)
The press release brags about "Secure Computing's patented Type Enforcement technology". Clearly, to make this work they need to put their type enforcement stuff in the kernel. However, the GPL in Clause 7 specifically states
This means that Secure Computing must grant a royalty-free license to all direct or indirect recipients to use their patented technologies in Linux kernels. Other clauses of the GPL forbid them from restricting redistribution. So are they giving up hope of making money on their patent? Do they know this?
Re:Riiight. (Score:2)
Sure, OpenBSD is secure, but what about hardware support? How easy is it to find someone who really understands it? Does it have the same level of buzzword sexiness? How much off the shelf software does it have (and yes, I know the BSD's can run Linux software, but that kind of emulation isn't usually allowed on a secure product)?
Also, I was informed once that the government doesn't want to mess with BSD Unix's. They want System V or one of its variant. This makes it easy to train administrators without worrying about how transferable those skills are. (I was told this when I commented to someone that FreeBSD might be a better choice than Linux for our product).
Re: (Score:2)
Re:IPO (Score:2)
I imagine they'll have no trouble with the quiet period.
Some NSA secure system history (Score:5)
An A1 rating [ncsc.mil] of a high-rated system is worth reading. This gives you an idea of what it takes to get it right. At the lower levels, it's easier; Microsoft NT 4.0 with service pack 6A plus a "C2 hotfix set" [ncsc.mil] finally got a C2 rating (the lowest offered), after years of failed attempts. Microsoft had to use the new "outside evaluator" system to do it, rather than having NSA itself do the evaluation. The difference is that NSA only gives you two tries to pass. You can pay an outside evaluator to let you try again and again. NSA allows this at the lowest security level to encourage vendors to try to meet the minimal C2 requirements.
It makes a lot of sense for NSA to fund an effort based on Linux; they'll get something they can run on popular hardware. But some major kernel changes will be needed to get into the B levels. (NSA never had much interest in C-level systems.)
I've been out of that world for a long time now, but from 1978 to 1982 I worked on KSOS [nist.gov], an early NSA-funded attempt to build a secure UNIX-like OS. The original design was done at SRI International, and we at Ford Aerospace implemented it. It eventually worked, but was too slow. It was for PDP-11 machines (0.5 MIPS, 64K address space per process), and was implemented in Modula I, since C was considered unsafe even back then. The combination of an inefficient Modula compiler and a small address space ruined the thing; we had to cut out speed optimizations to make it fit. This was one of the first systems designed against the Orange Book [ncsc.mil] criteria, which, incidentally, started life as Grace Nibaldi's master's thesis. [nist.gov]
BSD Unix, incidentally, was viewed as hopeless from a DoD security standpoint. The kernel was far too complicated. A rewrite in Ada was considered in the early 1980s, but rejected. The DoD view at the time was that BSD was a dead end, and Mach was the future. They wanted something at least as secure as Multics, which was a system from the late 1960s rated at B2 in 1985. [ncsc.mil] But that's another story.
"grep NSAKEY *.c *.h" (Score:2)
password:
# cd
# grep NSAKEY *.c *.h
ACCESS DENIED
# crap
bash: crap: command not found
giggle
Re:Riiight. (Score:2)
Not quite: NSA and companies CAN keep secrets (Score:2)
Not quite. NSA employees are bound by secrecy laws and most certainly will be prosecuted for revealing secrets. Modified Linux would be one of them.
Outside the govt/military sphere, employees can be sued for disclosing their employers secrets. Unless the company authorizes publication, it can fire and sue people.
-- Robert
Re:A Marriage Made in Hell? (Score:2)
Re:Wow (Score:2)
Sidewinder is OpenBSD (Score:2)
I've used OpenBSD, and I have found linux much easier to use. While for a company, you would just hire some guy who already knows the system, here you have to train them on it (or contract a civilian, who can't be deployed during contengency). So you have to use systems you can train people on easily, because (in the air force at least) an airman is only on station for between one to three years, and may change jobs two or three times during that period. I'd rather train them linux than OpenBSD, just 'cause non-geek airmen will probably understand it better.
Re:Wow (Score:2)
-----------
"You can't shake the Devil's hand and say you're only kidding."
Why so? (Score:2)
Was just curious about the NetBSD thing. I do know he can be rather brusque at times on the mailing lists, but shrug :) He doesn't pretend the system is for newbies/cluebies/doesn't have time for people asking FAQ'ed questions.
Re:Not quite: NSA and companies CAN keep secrets (Score:2)
NSA wouldn't be giving out any licences, even though if they did, it would have to abide by GPL. But they aren't compelled to licence it at all, and so wouldn't. So nobody could distribute it legally.
-- Robert
Re:Licencing thoughts and issues (Score:2)
So I'd never have asserted that Linux is available on more platforms than OpenBSD.
Re:/. readers absolutely CLUELESS regarding GPL (Score:2)
//rdj
*Sigh* Re-inventing the wheel (Score:2)
I think we should question the use of our tax dollars to reinvent this wheel when there's an active *FREE* implementation already most of the way done that doesn't use patented technology.
Paul
NSA getting clues (Score:2)
Their job is to hunt down government contracts and get them.
I would guess that SAIC probably competed against Secure Computing to get the contract. Obviously, if they did, they lost.
My possibly true assumption : SAIC bid, possibly using their own tool as evidence of their prowess. For whatever reason, the NSA *still* passed them up on the deal.
Not too much trouble (Score:2)
That is to say, if some patented technique is incorporated into YetAnotherLinux, then anyone who recieves a copy of YetAnotherLinux is automatically licensed to use the patented technology and redistribute it under the GPL.
Therefore I don't think this is a particularly great cause for concern - though some components may be patented, the company that incorporated them into the kernel in the first place has effectively given up the rights over the patent in the GPL domain.
Pretty clever contract, that GPL.....
Re:Pre-emptive strike against cluelessness (Score:2)
Yup. That's a real bugaboo. If NSA says don't distribute the source under penaalty of treason, that would be a Bad Thing...
Re:Experience with "Type Enforcement"... (Score:2)