Skip to main content
ad info technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

Feds unveil 'security-enhanced' Linux prototype


(IDG) -- The U.S. National Security Agency (NSA) last week publicly released a prototype "security-enhanced Linux" operating system, hoping to attract the developer community to find ways to improve Linux security for business and governmental uses.

So how is the developer community reacting so far?

Marc Torres, president of the Annual Linux Showcase and a member of Usenix, a user and developers group, says he supports the project.

"It fits in exactly with what [the NSA's] role is" -- to protect U.S. information systems and oversee encryption of sensitive information, he said. "[From] some of the initial feedback I saw, it was already being embraced" in the developer community.

The NSA, based in Fort George Meade, Md., posted the prototype code on its Web site for download as part of a project to make the Linux operating system more secure for mission-critical and other sensitive uses.

The "enhanced-security Linux" code includes stronger protections against tampering and bypassing of application security mechanisms, as well as greater limits on damage that can be caused by malicious or flawed applications, according to the agency.

But analyst Eric Hemmendinger at Aberdeen Group, in Boston, said he is leery that the open-source development community will want to embrace the NSA project. INFOCENTER
Related Stories
Visit an IDG site search

"Good luck," Hemmendinger said of the NSA getting assistance in its work. "This is fundamentally not going to be used in something that any of the contributors to this would ever [receive] any benefit or gain from."

"My skepticism involves the assumption of a government agency that Linux developers are going to really be interested in helping them," he added.

According to the NSA, several executive offices -- including the the President's National Coordinator for Security, Infrastructure Protection, and Counter-Terrorism and the President's Information Technology Advisory Committee -- have called for increasing the federal government's role as a user of and a contributor to open-source software.

"Open-source software plays an increasingly important role in federal IT systems," said Jeffery Hunker, senior director for critical infrastructure at the White House National Security Council, in a statement last week. "I'm delighted that NSA's security experts are making this valuable contribution to the open-source community."

An NSA spokeswoman said the agency began working on the Linux project in the summer of 1999, using security architectures that have been in use since 1992.

The work so far "provides a well-documented example of how strong mandatory access controls can be effectively added to a mainstream operating system," the spokeswoman said.

The release is "not intended as a complete security solution" for Linux, she added. Instead, the work thus far is being done to show that such security measures can be implemented and to encourage continued research.

The agency did not comment on how much money has been spent on the project.

The project will continue as part of the agency's Assurance Research Office security program, with a goal of helping the Linux community "eventually incorporate these changes into the Linux kernel," the spokeswoman said.

The project is being conducted under the terms of the GNU General Public License. The first public release is based on kernel Version 2.2.12; it was tested using Red Hat Version 6.1 utilities.

Linux gaining with mission-critical systems
January 3, 2001
Top 10 Linux games for the holidays
December 20, 2000
Users: Interface problems hold back Linux
November 16, 2000
Legal Linux DVD player on the horizon
November 15, 2000
First Linux development platform standards released
October 13, 2000

CIOs claim networks are secure
White House moves to improve security coordination
Security basics
National security threatened by Internet, studies say
Shell to use Linux supercomputer for exploration
Linux is on a mission
10 predictions for Linux in 2001
Torvalds releases long-awaited Linux 2.4.0 kernel

The National Security Agency

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top  © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.