 |
||||
 | |
| ||
|
||||
| ||||
|
|
||||
Careers
Convergence
Data Center
LANs
Net/Systems Mgmt.
NOSes
Outsourcing
Routers/Switches
Security
Service Providers
Small/Med.
Storage
WAN Services
Web/e-commerce
Wireless/Mobile
Newsletters
This Week in NW
Tests/Reviews
Buyer's Guides
Opinion
Forums
Special Issues
How to/Primers
Case Studies
Network Life
Encyclopedia
IT Briefings
/
Feds unveil 'security-enhanced' Linux prototype
 
|
|||
 | |||
|
The U.S. National Security Agency last week publicly released a prototype "security-enhanced Linux" operating system, hoping to attract the developer community to find ways to improve Linux security for business and governmental uses.
So how is the developer community reacting so far?
Marc Torres, president of the Annual Linux Showcase and a member of USENIX, a user and developers group, says he supports the project.
"It fits in exactly with what [the NSA's] role is"-to protect U.S. information systems and oversee encryption of sensitive information, he said. "[From] some of the initial feedback I saw, it was already being embraced" in the developer community.
The NSA, based in Fort George Meade, Md., posted the prototype code on its Web site for download as part of a project to make the Linux operating system more secure for mission-critical and other sensitive uses.
The "enhanced-security Linux" code includes stronger protections against tampering and bypassing of application security mechanisms, as well as greater limits on damage that can be caused by malicious or flawed applications, according to the agency.
But analyst Eric Hemmendinger at Aberdeen Group Inc. in Boston said he is leery that the open-source development community will want to embrace the NSA project.
"Good luck," Hemmendinger said of the NSA getting assistance in its work. "This is fundamentally not going to be used in something that any of the contributors to this would ever [receive] any benefit or gain from."
"My skepticism involves the assumption of a government agency that Linux developers are going to really be interested in helping them," he added.
According to the NSA, several executive offices-including President's National Coordinator for Security, Infrastructure Protection and Counter-Terrorism and the President's Information Technology Advisory Committee-have called for increasing the federal government's role as a user of and a contributor to open-source software.
"Open-source software plays an increasingly important role in federal IT systems," said Jeffery Hunker, senior director for critical infrastructure at the White House National Security Council, in a statement last week. "I'm delighted that NSA's security experts are making this valuable contribution to the open-source community."
An NSA spokeswoman said the agency began working on the Linux project in the summer of 1999, using security architectures that have been in use since 1992.
The work so far "provides a well-documented example of how strong mandatory access controls can be effectively added to a mainstream operating system," the spokeswoman said.
The release is "not intended as a complete security solution" for Linux, she added. Instead, the work thus far is being done to show that such security measures can be implemented and to encourage continued research.
The agency didn't comment on how much money has been spent on the project.
The project will continue as part of the agency's Assurance Research Office security program, with a goal of helping the Linux community "eventually incorporate these changes into the Linux kernel," the spokeswoman said.
The project is being conducted under the terms of the GNU General Public License. The first public release is based on kernel version 2.2.12; it was tested using Red Hat version 6.1 utilities.
For more enterprise computing news, visit Computerworld online. Story copyright © 2000 Computerworld, Inc. All rights reserved.
Related Links
 |
 |
 |
|||||
|
|
|
|
|
|||