NSA & Linux

Thu Apr 12 08:51:12 PDT 2001

NSA Takes the Open Source Route
by Jeffrey Benner
2:00 a.m. Apr. 11, 2001 PDT
On January 2, the super-secretive National Security Agency did
something unusual: It issued a press release.
Stranger still, the statement actually contained important news: The
NSA had developed a prototype of a more secure kernel for Linux, dubbed 
SELinux. And, in the spirit of open-source development, the agency would 
release the code to the public.
Yes, the NSA -- legendary for closed doors and tight lips -- had
become part of the open-source community.
"This is very unusual," said Brian Snow, technical director for the
NSA's information assurance department. "It's a paradigm shift for the NSA."
The attitude shift was reinforced this week as a private security firm
announced it had signed a two-year, $1.2-million contract with the NSA to 
continue its work on the SELinux prototype.
The NSA's partner is NAI labs, a division of a firm called PGP
Security. Although Network Associates now owns it, cryptology legend and 
long-time NSA nemesis Phil Zimmermann founded PGP (short for "Pretty Good 
Privacy") Security in the early 1990s.
Despite the irony of his old firm teaming up with the agency that
tried to have him locked up for publishing the PGP program in 1991, 
Zimmermann wasn't all that surprised to hear of the partnership. "There are 
numerous government agencies that use PGP," he said.
The $1.2-million dollar NSA-NAI Labs deal extends a partnership that
began in June 2000. The NSA has been working since 1999 to develop a new 
set of security controls for the Linux kernel. NAI has developed a 
prototype to demonstrate how these new controls can be used to improve 
security.
The agency has made its SELinux source code and the NAI-developed
prototype available to the public. Linux developers can discuss the 
prototype with NSA researchers on a public bulletin board.
Late last month, NSA representatives gave a presentation on SELinux at
the annual Linux kernel conference.
According to its Web page on the Secure-Linux project, the agency
chose the Linux platform because "its growing success and open development 
environment provided an opportunity to demonstrate that {mandatory access 
controls} can be successful in a mainstream operating system."
Revealing the fruits of its research to the public may seem like a
strange way for the NSA to improve the security of classified information. 
But the agency hopes that working with the open-source community will lead 
to a secure operating system that would be less expensive than if the NSA 
had to build one on its own, Snow said.
Snow did not feel revealing the code was a security risk. "If a code
is written well enough, it should be safe from attack," he said.
The theory is that peer review among developers will make the system
more secure. If the system is secure, it doesn't matter who knows the code.
The agency hopes that SELinux will gain acceptance and continue to
improve through open collaboration with Linux developers. Eventually, the 
hope is that a commercial distributor will build upon the improvements and 
incorporate them into off-the-shelf software products secure enough for 
national security agencies to use.
"It's an attempt to get in the market things the Department of Defense
can buy," Snow said. "If we have to write custom software, it's very 
expensive. But if we can help commercial vendors do the job right, I can 
save the taxpayers a lot of money."
NSA and NAI researchers, including NAI's Smalley, wrote a joint paper
on the inadequacy of operating systems entitled "The Inevitability of 
Failure." The paper compares running "secure" software programs on 
currently available operating systems to "building castles on sand."
SELinux will offer user-specific access controls analogous to those on
Windows NT, Smalley said, but they will be mandatory instead of 
discretionary, and function closer to the real guts of the system, making 
them more effective.
"It will constrain what crackers can do," NAI research manager Mark
Feldman said. "The damage they can do would be limited."
The controls are also flexible, allowing a user to set up a security
policy as loose or strict as necessary.
Smalley predicted that the new system could make its way into
commercially available products within a few years, but stressed that he 
was speculating.
Should competitors worry that SELinux will provide the foundation of a
superior operating system that government agencies, banks and other 
security conscious organizations will prefer?
Dave Martin, a product manager for Microsoft's Windows division,
sounded unconcerned. A prototype is a long way from a full-scale operating 
system with the kind of functionality the market demands, he said.
"This isn't really anything new," Martin said. "It's a research-only
prototype, and the NSA has been messing around with operating systems since 
1972."
-------------- next part --------------

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.247 / Virus Database: 120 - Release Date: 4/6/01