NSA put its efforts into SELinux, but complexity is likely to hold back adoption
The National Security Agency built a version of Linux with more security tools that its technologists believe could help make the country's computing infrastructure less vulnerable. They've won over the Linux developer community with the changes. But success depends on its adoption by U.S. companies and government agencies, something that remains very much in doubt.
For more than a decade, the National Security Agency has worked on a way to use a computer's operating systems to control how software applications and users can access data. The agency succeeded years ago in creating these "mandatory access-control" features for specialized operating systems, but very few users deployed them. Taking a gamble in 2000 on the emerging Linux operating system, NSA started applying its security approach to the open-source code. The result is Security Enhanced Linux, which it hopes can raise the nation's overall level of cybersecurity.
"Quality of [software] code is crucial to the security of this nation," Dickie George, technical director of NSA's Information Assurance Directorate, said last week at an SELinux symposium. The directorate's mission is to research and develop the technology and processes that industry can use to protect itself and critical U.S. infrastructure from cyberattacks, George added.
NSA's faith in Linux is being rewarded in the Linux development community, at least. SELinux's mandatory access-control capabilities were included in version 2.6 of the kernel. With the mandatory access control, a Linux system can be partitioned into separate domains that contain any damage that viruses might cause.
Debian, Novell, and Red Hat, three major distributions of the Linux operating system, only recently released their own packages built on version 2.6 that allow customers to take advantage of some SELinux features. However, Red Hat and Novell differ markedly in their perception of SELinux's usefulness.
Red Hat encourages users to try SELinux capabilities, even though writing SELinux security policies in the current version is complex. Red Hat's mid-February release of Red Hat Enterprise Linux 4--based on the 2.6 kernel--is an attempt to marry high-level security features with the basic operating system, says Donald Fischer, senior product manager for Red Hat Enterprise Linux. Red Hat customers can use the Gnome 2.8 desktop included with Red Hat Enterprise Linux 4 to do limited configuration of SELinux.
Novell believes SELinux is still too complicated for most users to implement. "It's not the technology itself [that's] the problem, but that it can't be used to the full extent," says Chris Schlaeger, Novell's VP of research and development, adding that users need an easier way to describe their security needs, upon which the system could then execute. "It's a lot of work to do this today using SELinux," Schlaeger says.
SELinux is an advancement in operating-system-level security, Schlaeger adds. "Novell isn't saying that SELinux is bad, but rather that more needs to be done," he says. For one, security must take into consideration more than the operating system, he says. For example, with application-level security, companies can let the apps running on their servers perform tasks while preventing them from affecting other applications.
Still, support for the 2.6 Linux kernel by Linux's two most prominent providers, Red Hat and Novell, almost certainly will spread knowledge of SELinux. And NSA has a list of security improvements it's working on (see box above). That will cast a spotlight on the technology's shortcomings and likely lead to improvements that ultimately diminish the need for companies to seek highly secure and specialized operating systems.
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.