|Editions | myCNN | Video | Audio | Headline News Brief | Feedback||
Feds unveil 'security-enhanced' Linux prototype
(IDG) -- The U.S. National Security Agency (NSA) last week publicly released a prototype "security-enhanced Linux" operating system, hoping to attract the developer community to find ways to improve Linux security for business and governmental uses.
So how is the developer community reacting so far?
Marc Torres, president of the Annual Linux Showcase and a member of Usenix, a user and developers group, says he supports the project.
"It fits in exactly with what [the NSA's] role is" -- to protect U.S. information systems and oversee encryption of sensitive information, he said. "[From] some of the initial feedback I saw, it was already being embraced" in the developer community.
The NSA, based in Fort George Meade, Md., posted the prototype code on its Web site for download as part of a project to make the Linux operating system more secure for mission-critical and other sensitive uses.
The "enhanced-security Linux" code includes stronger protections against tampering and bypassing of application security mechanisms, as well as greater limits on damage that can be caused by malicious or flawed applications, according to the agency.
But analyst Eric Hemmendinger at Aberdeen Group, in Boston, said he is leery that the open-source development community will want to embrace the NSA project.
"Good luck," Hemmendinger said of the NSA getting assistance in its work. "This is fundamentally not going to be used in something that any of the contributors to this would ever [receive] any benefit or gain from."
"My skepticism involves the assumption of a government agency that Linux developers are going to really be interested in helping them," he added.
According to the NSA, several executive offices -- including the the President's National Coordinator for Security, Infrastructure Protection, and Counter-Terrorism and the President's Information Technology Advisory Committee -- have called for increasing the federal government's role as a user of and a contributor to open-source software.
"Open-source software plays an increasingly important role in federal IT systems," said Jeffery Hunker, senior director for critical infrastructure at the White House National Security Council, in a statement last week. "I'm delighted that NSA's security experts are making this valuable contribution to the open-source community."
An NSA spokeswoman said the agency began working on the Linux project in the summer of 1999, using security architectures that have been in use since 1992.
The work so far "provides a well-documented example of how strong mandatory access controls can be effectively added to a mainstream operating system," the spokeswoman said.
The release is "not intended as a complete security solution" for Linux, she added. Instead, the work thus far is being done to show that such security measures can be implemented and to encourage continued research.
The agency did not comment on how much money has been spent on the project.
The project will continue as part of the agency's Assurance Research Office security program, with a goal of helping the Linux community "eventually incorporate these changes into the Linux kernel," the spokeswoman said.
The project is being conducted under the terms of the GNU General Public License. The first public release is based on kernel Version 2.2.12; it was tested using Red Hat Version 6.1 utilities.
Linux gaining with mission-critical systems
RELATED IDG.net STORIES:
CIOs claim networks are secure
The National Security Agency
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.