LinuxSecurity.com Interviews Secure ComputingJul 27, 2000, 21:22 (0 Talkback[s])
(Other stories by Dave Wreski)
[ Thanks to Dave Wreski for this link. ]
"In this interview, two principals from Secure Computing, Inc. offer their thoughts on the state of Linux and security, its place in the data center as a secure platform for business, and their work with the National Security Agency to create a Type Enforced version of Linux."
"LinuxSecurity.com: Do you view Linux as being a viable platform for developing security products?"
"Carr Biggerstaff: Linux is not only very important for us, but we've been doing work on the Linux platform for some time now. The only other comment I'd make is the thing that people need to remember about Linux is that it represents not only a platform in the traditional computing space, but also for embedded systems...."
"And with type enforcement the same thing happens. We build walls between the application and walls between the operating system itself. So if a hostile user or more likely these days malicious code gets in, causes a compromise in one subsystem, that compromise can't spill over into other subsystems. It's very very powerful. If a user manages to mount an HTTP overrun attack, or a stack overrun attack of any sort, they can't use that to break out of the application they're in and get down into the operating system to gain root access to take over the entire system. We've absolutely eliminated that...."
0 Talkback[s] (click to add your comment)