[ISN] The NSA's ultra-secure Linux technology evolves for the enterprise

InfoSec News isn at c4i.org
Thu Apr 6 04:28:34 EDT 2006


http://www.networkworld.com/news/2006/040506-selinux.html

By Phil Hochmuth
NetworkWorld.com
04/05/06

Boston - Linux and open-source developers are working to make Linux
security tools developed by the National Security Agency more
accessible and usable by regular system administrators and application
developers.

Software developers and users discussed how Security Enhanced Linux
(SE Linux) is evolving, and the benefits - and potential pitfalls - it
could introduce when deployed in an enterprise data center. This
discussion took place in a panel on SE Linux at the LinuxWorld Expo
this week.

SE Linux is not a Linux distribution, such as SuSE or Red Hat, but is
instead a set of modifications to the Linux kernel that limit the
access that applications have to memory, processors, operating system
configuration files and other critical components of a server or PC
operating system. SE Linux uses mandatory access controls to limit
applications' access only to the minimal amount of resources they need
to run. The idea is to prevent hackers from taking over or breaking
into a server by exploiting openings in poorly designed code, or by
squeezing through small holes in well-designed software.

Introduced in 2000 by the NSA, SE Linux "only covered a small subset
of the overall [Linux] system," said Stephen Smalley, a research
scientist for the NSA. "SE Linux policy has since been expanded to
cover more of the system. A year ago we had fairly immature support
and a monolithic policy. Today we have support for modular policy,
enabling third-party application developers to create policies [for SE
Linux] and package them with their applications."

A major step in making SE Linux easier to use has been the development
of the SE Linux Reference Policy, an open-source project for creating
tools that make it easier to create and apply SE Linux policies to
software.

Smalley says other developments the NSA is working on for SE Linux are
ways to apply the technology to desktop Linux systems, as well as to
multiple virtualized Linux systems running on top of a single hardware
platform.

The U.K. Central Government is testing SE Linux with its
infrastructure of Linux and IBM WebSphere servers. The goal is to
secure the Web services architecture for its municipal-service Web
sites and public-facing applications.

"We wanted to enforce policies which say that application servers can
only talk to the end points that they're authorized to talk to," said
Mark Hocking, technical architect for the U.K. Cabinet Office's
e-Government Unit. Such mandatory access controls have been used for a
long time in government operating systems and highly customized
systems, he said.

The U.K.'s e-Government Unit wanted to apply SE Linux protection to a
range of Java 2 Enterprise Edition (J2EE) applications it uses with
minimal changes to the WebSphere servers it has up and running. So
far, the group's beta tests have been successful, Hocking says.

"We're not saying it will have 100% [security] assurance, but it seems
to be working quite well. We believe we can apply SE Linux to
commercial off-the-shelf products to give us a higher level of
assurance than what we would have had without it."

SE Linux has been included in Red Hat Enterprise Linux 4, as well as
Red Hat's Fedora Core version 4 and the recently released version 5.  
However, it has been turned off by default, since the policies can
disrupt some commonly used system processes and applications,
according to Red Hat developers. And turning on SE Linux can frustrate
administrators because the severe limitations to resources it puts on
applications can cause applications to fail or act erratically.

"SE Linux breaks everything," or so goes the perception of SE Linux,
said Daniel Walsh, principal software engineer at Red Hat. "So what we
have to figure out is, if SE Linux causes a problem, what are the
actions an administrator can take to fix it. Right now an admin has
the ability to turn SE Linux on and off; maybe there's another
solution."

Walsh says Red Hat is working on tools that will allow for modular
implementations of SE Linux, and that can give administrators easier
feedback on how SE Linux policies are affecting a server. These tools
will be included in the upcoming Red Hat Enterprise Linux version 5,
which is expected to be released at the end of this year, Walsh said.

"The problem with [turning on SE Linux] is that all of the sudden,
access that was there before isn't there, and [a system administrator]
might not know how to fix it," Walsh said. "Or worse, they may make a
change or take an action in order to just get the system up and
running that may make security worse on the system overall."

In spite of the difficulties that the NSA, Red Hat and other open
source developers are working to overcome with SE Linux, the
technology itself can be a powerful tool for security an
infrastructure based on open-source software - code which is
sometimes, and sometimes not, written with security in mind.

"The problem is there's so much [sloppy] code out there," Walsh said.  
"Allowing this crappy code to be out there is a major security
problem. What we want to do is lock the memory to make sure that
someone does not get into memory to run random code."

All contents copyright 1995-2005 Network World, Inc.





More information about the ISN mailing list