TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

BUSINESS
Playing for Iraq's jackpot

Coke & smoke bite Dow

Sun Microsystems posts tiny profit

(MORE)

MARKETS	4:30pm ET, 4/16
DJIA	144.70	8257.60
NAS	3.71	1394.72
S&P	10.90	879.91

SPORTS
Jordan says farewell for the third time

Shaq could miss playoff game for child's birth

Ex-USOC official says athletes bent drug rules

(MORE)

All Scoreboards

WORLD

Quake help not fast enough, says Indian PM

U.S.

Bush: No help from Washington for California power crunch

POLITICS

Bush signs order opening 'faith-based' charity office for business

LAW

Prosecutor says witnesses saw rap star shoot gun in club

ENTERTAINMENT

Can the second 'Survivor' live up to the first?

HEALTH

Heart doctors debate ethics of testing super-aspirin

TRAVEL

Nurses to aid ailing airline passengers

FOOD

Texas cattle quarantined after violation of mad-cow feed ban

ARTS & STYLE

Ceramist Adler adds furniture to his creations

(MORE HEADLINES)

MAINPAGE WORLD U.S. WEATHER BUSINESS SPORTS

TECHNOLOGY

computing personal technology

SPACE HEALTH ENTERTAINMENT POLITICS LAW CAREER TRAVEL FOOD ARTS & STYLE BOOKS NATURE IN-DEPTH ANALYSIS LOCAL
EDITIONS:
CNN.com Europe change default edition
MULTIMEDIA:
video video archive audio multimedia showcase more services

E-MAIL:

Subscribe to one of our news e-mail lists.
Enter your address:

DISCUSSION:

chat
feedback

CNN WEB SITES:

CNNfyi.com
CNN.com Europe
AsiaNow
Spanish
Portuguese
German
Italian
Danish
Japanese
Chinese Headlines
Korean Headlines

TIME INC. SITES:

CNN NETWORKS:

CNN anchors
transcripts
Turner distribution

SITE INFO:

help
contents
search
ad info
jobs

WEB SERVICES:

Feds unveil 'security-enhanced' Linux prototype

From...

by Todd R. Weiss

(IDG) -- The U.S. National Security Agency (NSA) last week publicly released a prototype "security-enhanced Linux" operating system, hoping to attract the developer community to find ways to improve Linux security for business and governmental uses.

So how is the developer community reacting so far?

Marc Torres, president of the Annual Linux Showcase and a member of Usenix, a user and developers group, says he supports the project.

"It fits in exactly with what [the NSA's] role is" -- to protect U.S. information systems and oversee encryption of sensitive information, he said. "[From] some of the initial feedback I saw, it was already being embraced" in the developer community.

The NSA, based in Fort George Meade, Md., posted the prototype code on its Web site for download as part of a project to make the Linux operating system more secure for mission-critical and other sensitive uses.

The "enhanced-security Linux" code includes stronger protections against tampering and bypassing of application security mechanisms, as well as greater limits on damage that can be caused by malicious or flawed applications, according to the agency.

But analyst Eric Hemmendinger at Aberdeen Group, in Boston, said he is leery that the open-source development community will want to embrace the NSA project.

IDG.net INFOCENTER

Related IDG.net Stories

Features

Visit an IDG site

IDG.net search

"Good luck," Hemmendinger said of the NSA getting assistance in its work. "This is fundamentally not going to be used in something that any of the contributors to this would ever [receive] any benefit or gain from."

"My skepticism involves the assumption of a government agency that Linux developers are going to really be interested in helping them," he added.

According to the NSA, several executive offices -- including the the President's National Coordinator for Security, Infrastructure Protection, and Counter-Terrorism and the President's Information Technology Advisory Committee -- have called for increasing the federal government's role as a user of and a contributor to open-source software.

"Open-source software plays an increasingly important role in federal IT systems," said Jeffery Hunker, senior director for critical infrastructure at the White House National Security Council, in a statement last week. "I'm delighted that NSA's security experts are making this valuable contribution to the open-source community."

An NSA spokeswoman said the agency began working on the Linux project in the summer of 1999, using security architectures that have been in use since 1992.

The work so far "provides a well-documented example of how strong mandatory access controls can be effectively added to a mainstream operating system," the spokeswoman said.

The release is "not intended as a complete security solution" for Linux, she added. Instead, the work thus far is being done to show that such security measures can be implemented and to encourage continued research.

The agency did not comment on how much money has been spent on the project.

The project will continue as part of the agency's Assurance Research Office security program, with a goal of helping the Linux community "eventually incorporate these changes into the Linux kernel," the spokeswoman said.

The project is being conducted under the terms of the GNU General Public License. The first public release is based on kernel Version 2.2.12; it was tested using Red Hat Version 6.1 utilities.