Slashdot: NSA Releases High Security Version Of LinuxDec 22, 2000, 15:38 (2 Talkback[s])
(Other stories by Theodore Ts'o)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
"I recently attended a DARPA workshop which focused on high security open source operating systems. It turns out that parts of the U.S. government are really interested this topic; having an operating system with the necessary high-security features which they need, and for which source code is available, would be a really good thing for them. Among other things, for example, it would mean that they wouldn't have to live in terror about what might happen if Sun, IBM, SGI, et. al decided to pull the plug on Trusted Solaris, Trusted AIX, or Trusted IRIX. And they're serious enough that DARPA's willing to throw money at the problem."
"While I was at this workshop, I met some folks from the NSA and they told me about a really neat project that they've been working on, called Security-enhanced Linux. One of the cool things about it is that it separates enforcement and policy. So selinux can easily support many different security policies, from the old (some would say outdated/silly) Multi-Level Secure/Bell-LaPadula model, to Domain-Type enforcement and Rule-Based Access Control models. So if you think that high-security features means the old silly, Secret / Top Secret / CMW bullshit, and needing to make sure that Secret windows don't get expose events from Top Secret windows, think again. A number of folks have found Domain Type Enforcement and Rule-Based Access Control systems very useful for securing Web servers and other real world systems."
"The NSA folks just recently got permission to make their stuff available on the Web. It's just a proof of concept, and no doubt a lot of changes will need to made before people will accept integrating it into the kernel, but they have released a working system (both kernel and userspace patches --- RPM's aren't quite ready yet) based on Linux 2.2 and RedHat 6.1. So it's definitely worth a look, and in fact some folks with specialized needs might find it useful, even though it's a prototype."
0 Talkback[s] (click to add your comment)