Information Security News mailing list archives
Uncovering the secrets of SE Linux
From: InfoSec News <isn () C4I ORG>
Date: Thu, 8 Mar 2001 22:42:42 -0600
Forwarded by: Elyn Wollensky <elyn () consect com> http://www-106.ibm.com/developerworks/library/s-selinux/?n-s-381 The first in-depth look at the SE Linux code Larry Loeb (larryloeb () prodigy net) Author, Secure Electronic Transactions March 2001 In an uncharacteristic move, the U.S. National Security Agency recently released a security-enhanced version of Linux -- code and all -- to the open source community. This dW-exclusive article takes a first look at this unexpected development -- what it means and what's to come -- and delves into the architecture of SE Linux. Dropping the bomb It came from out of the blue, without fanfare. The "new" National Security Agency threw out a security-enhanced version of the Linux 2.2 kernel (called SE Linux ) into the open source community. Not only that, they gave out background briefing papers on the research methodology that they used to model whether or not SE Linux was truly secure. If you haven't been following the cryptography area lately, let me assure you that this action by the NSA was the crypto equivalent of the Pope coming down off the balcony in Rome, working the crowd with a few loaves of bread and some fishes, and then inviting everyone to come over to his place to watch the soccer game and have a few beers. There are some things that one just never expects to see, and the NSA handing out source code along with details of the security mechanism behind it was right up there on that list. Up to this point, the NSA has embodied in itself the classic Cold War paranoia imperative of the past 50 years ("If you knew what we knew, you'd agree with us"). To see it spewing source like some long-haired Stanford student was enough to make for uncontrollable twitching. But, they seem to mean it. The distribution .tgz file contains no secret Trojan horse that reads the data on your hard disk and then sends it all back to Fort Meade. There's no way to hide a trap door in code that all can comment upon and analyze. It is true that the NSA does need a secured OS to do that voodoo that they do so well, and they seem to have plans to actually use SE Linux internally. By incorporating a commercial product called NetTop, it's been reported that the NSA will replace several physically separated computers (this implies the "air gap" method of operational security -- differing levels of security on physically separated systems) with one box running SE Linux (see Resources). [...] ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Uncovering the secrets of SE Linux InfoSec News (Mar 09)
- <Possible follow-ups>
- Re: Uncovering the secrets of SE Linux James Goldston (Mar 12)
- Re: Uncovering the secrets of SE Linux InfoSec News (Mar 12)
- Re: Uncovering the secrets of SE Linux InfoSec News (Mar 13)