Fwd: A Linux Today story has been mailed to you!

From: Amon Ott <ao@rsbac.org>
Subject: Fwd: A Linux Today story has been mailed to you!
Date: Tue, 10 Apr 2001 09:33:30 +0200

Next Article (by Author): Re: The ultimate ACI-interface? Amon Ott
Previous Article (by Author): Re: new bench results Amon Ott
Next in Thread: Re: Fwd: A Linux Today story has been mailed to you! K Mitchell Russell
Articles sorted by: [Date] [Author] [Subject]

Hi folks!

This has just been forwarded to me.

Looks as if we really had to find our own sponsors. Please note the term
"NAI's principal investigator on the SELinux contract, Stephen Smally". The
name is later spelled as Smalley.

Previous messages about how RSBAC compares to SELinux may not be

Still I believe RSBAC to be stronger in many aspects, e.g. its long time
stability, strong Access Control Models and the way it combines them.



NSA Grants $1.2 Million Contract to Continue Work on Its Security Enhanced Linux
By Michael Hall, LinuxToday

 The work undertaken by the National Security Agency with its SELinux, a version of the Linux kernel with a
modified access control policy, will be further extended under a $1.2 million contract the
agency has awarded to NAI Labs, a division of PGP Security.

Under the terms of the deal, NAI will spend the next two years extending the work the
NSA released late last year, with an eye to demonstrating the usefulness of mandatory
access control policies in an operating system. Though the work will be done on Linux,
NAI's Mark Feldman, the company's technical manager, said he hopes companies specializing
in other operating systems will adapt some of the specification his company's work will

According to Feldman, mandatory access control schemes provide a number of advantages
over "discretionary access control," the model upon which most modern operating systems,
including Unix and its descendants as well as Windows NT, are built.  Though discretionary
access control schemes are often adequate, Feldman said Linux and Unix in general betray
their academic origins, where security isn't generally as much of a priority during the
conception and creation of operating systems.

Under discretionary access control, typically based on the concepts of user id's and
file ownership, users are permitted to change permissions on files they have ownership of
regardless of the potential outcome those changes could entail.  Further, under
discretionary access control, programs generally run with the permissions of their owning
users.  Experienced Linux and Unix users are usually familiar with the warnings that come
with software requiring root or super user permissions to function correctly, something
that's often considered dangerous since the software, if properly exploited with malicious
intent, can be used to cause serious damage outside the scope normally permitted to an
unprivileged user.  Users are often protected from running such software via special
password prompts, but enough dangers still remain that at least a few Linux distributions
provide a means to audit binaries on a system that operate with super user privileges and
automate the process of stripping such privileges to prevent malicious exploits.

Mandatory access control, the focus of the NSA's SELinux kernel, differs from
discretionary access control in that it provides a layer of management built around the
roles files on a system play as categorized by their relative sensitivity, the role of
the user executing or accessing a file and other factors keyed to an organization's
specific needs.

Outside the needs of an organization like the NSA, where security is of critical
importance, NAI's principal investigator on the SELinux contract, Stephen Smally, says the
advantages of mandatory access control can apply both to businesses with their own
security needs and to programs running on an end user's desktop machine.  By way of
example, Smally pointed out the dangers presented by allowing web browsers and other
end-user clients to execute content, something Microsoft's Internet Explorer and Outlook
have repeatedly been criticized for. Smalley said that under a mandatory access control
scheme, a policy can be created that determines the scope of access to a user's files the
client can be granted, guaranteeing that it is rendered less capable of doing harm if
content with malicious effects is accessed by the user.

Despite the advantages of the extensions they hope to add to the Linux kernel, both
Smally and Feldman said operating system producers have been reluctant to add similar
functionality to their products, which is something they hope will change once Linux has
demonstrated the usefulness of the enhanced security features.  The openness of Linux's
development process, he said, made it an attractive target to introduce the broader
computing world to the enhancements.  Smally said the TrustedBSD Project has already expressed an interest
in the work being done.  TrustedBSD provides operating system extensions to the FreeBSD
operating system, targeting the Common Criteria for Information Technology Security
Evaluation (CC).

Feldman characterized the Linux kernel developer community as largely interested in
contributing to the work NAI Labs will be continuing.  At the Linux kernel
developer's summit, representatives from the NSA gave a presentation on SELinux and
walked away with a request from Linus Torvalds to work with other, existing Linux-oriented
security projects to provide a common interface to the new features and to avoid potential
conflicts in kernel code that might require Torvalds to avoid inclusion of existing
work.  The end goal of their work, according to Feldman, will involve inclusion in the
mainline Linux kernel.  The work will also extend to the IP security protocol (IPsec).

In addition, Feldman said he doesn't expect that all the work NAI produces will be used
in its exact form, providing instead a reference implementation that he hopes will be
widely emulated as a general specification for mandatory access control security.

NAI won't be the only organization outside the Linux development community contributing
to the work Feldman said the NSA will continue to partner with them as well as the MITRE Corporation, a federally funded research and
development center.

Related Stories:

IBM developerWorks: Uncovering the secrets of SE Linux: Part 2(Mar 25, 2001)

IBM developerWorks: Uncovering the secrets of SE Linux: Part 1(Mar 06, 2001)

NewsFactor Network: The Great Security Debate: Linux vs. Windows(Mar 06, 2001)

LinuxSecurity.com: Linux 2.4: Next Generation Kernel Security(Mar 01, 2001)

InfoWorld: U.S. government moves to secure Linux; will NSA's efforts shape the future of security?(Feb 05, 2001)

VNU Net: US security agency (NSA) eyes open source(Feb 02, 2001)

CNET News.com: NSA looks to Linux for virtual security(Feb 01, 2001)

Linux Journal: Some Thoughts on the Occasion of the NSA Linux Release(Jan 27, 2001)

Slashdot: Robert Watson on FreeBSD and TrustedBSD(Jan 18, 2001)

The Register: NSA preps Spook Linux 0.1(Jan 08, 2001)

LinuxPlanet: .comment: A Golden Opportunity(Jan 03, 2001)

Security-enhanced Linux available at NSA site(Dec 22, 2000)

Slashdot: NSA Releases High Security Version Of Linux (Dec 22, 2000)

To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): Re: The ultimate ACI-interface? Amon Ott
Previous Article (by Author): Re: new bench results Amon Ott
Next in Thread: Re: Fwd: A Linux Today story has been mailed to you! K Mitchell Russell
Articles sorted by: [Date] [Author] [Subject]

Go to Compuniverse LWGate Home Page.