Linux wants to earn your trust

Trusted Systems information

Trusted Computer Solutions (TCS) Inc. officials are developing Trusted Linux, a highly secure version of Linux that will rival Unix in environments in which security is the highest priority. The operating system will provide a platform for TCS applications.

Defense and intelligence agencies, banks and other financial firms, which all insist on tight security, are the company's main customers, said Ed Hammersla, TCS' chief operating officer.

The concept of trusted computer systems started in the Defense Department during the 1980s. The term refers to systems that have met particular specifications and certifications. Some evaluation criteria that DOD officials established have since been eclipsed by the Common Criteria Evaluation and Validation Scheme, an international set of security standards for technology products, but much of the original work and the concept itself remain vital.

TCS officials expect Trusted Linux to be certified under Common Criteria at Evaluation Assurance Level 4, Hammersla said. The EAL scale runs from 1 to 7, and 7 is the highest score.

TCS officials plan to begin beta testing Trusted Linux this fall, Hammersla said. The operating system will form the foundation of a trusted computing base, a system of software, hardware and firmware that enforces a unified security policy.

"This is a huge improvement over manual and unaudited methods of sharing information or, [in the] worst case, not sharing information at all," he said.

The only other commercially available trusted operating system is Sun Microsystems Inc.'s Solaris version of Unix, he said. "That dictates, then, that if someone wants to use our [trusted] applications, they can only do so if they're on the Sun platform," Hammersla said.

TCS customers began asking for a Linux alternative about two years ago, he said. After TCS officials determined that other Linux distributors were not likely to produce a trusted version, they decided to tackle the job.

To ensure that the system qualifies as trusted, TCS officials sought input from the relevant accrediting bodies early in the development process, Hammersla said.

"We have taken the time and the care to go talk to the various accrediting bodies, to let them know what we're doing and to verify their requirements," he said. "Although I wouldn't say government agencies have had an active role in the actual development, they've been participatory in their desire" for a trusted operating system.

The company based the system on a version of Linux, called SELinux, which National Security Agency officials had already developed, he said. TCS' development team has been enhancing SELinux to make it meet Common Criteria EAL 4 requirements.

Once the operating system is available, it will take a place alongside other versions, such as Red Hat Inc. Linux and SuSE Inc. Linux, as a retail product, he said. "Whether we do that directly or through partners is to be determined," he added.

Tony Stanco, associate director of the Cyber Security Policy Research Institute at the George Washington University, said that the operating system is both the first line of defense against malicious code or hackers and also the source of most vulnerabilities.

Companies are "all trying to get a more secure system around what they're trying to do," he said. "The operating system is one of the big vulnerabilities [on] the whole. It's like the first level. Once you get that secure, where people can't compromise that, you can build some secure applications on top of that."

Trojan horse programs and viruses usually can't penetrate trusted systems, Stanco said. When they do, they usually are not able to affect software, rendering them impotent.

Linux is generally considered more secure than Microsoft Corp.'s Windows operating system, but it still has vulnerabilities, Stanco said.

Retired Army Lt. Gen. Keith Kellogg, who serves as an adviser to TCS, said information sharing is increasingly critical in government, and a trusted Linux system will be an important tool to have.

"The requirement to have secure information, the government knew the importance behind it," said Kellogg, former director of command, control, communications and computers for the chairman of the Joint Chiefs of Staff.

"They put out guidelines and regulations to do it, but so few came to the party that there was always a waiver policy," he said. "One of the reasons [companies] didn't do it was because it costs money. To get yourself certified costs about a million dollars a pop to get just one certification. A lot of corporations didn't see the value proposition. If there was [a] waiver so you didn't need to do it, they didn't see a reason."

Waivers are harder to come by now, and vendors are more likely to be held to the requirements, Kellogg said.

Microsoft officials, however, are not likely to adopt the trusted label, said Quazi Zaman, technology specialist manager for platforms at Microsoft's federal division. They consider the need for trusted systems to be a niche market, he said.

"Microsoft has been focused on solving customer problems," he said. "We have picked up the bigger headaches rather than unique headaches. If it's a unique situation, we will let third-party vendors develop [something]. If we see that it's widespread and they want a trusted version of the OS, then yeah, we will look at it and come out with a trusted version of the OS. But that's speculation. We're not seeing that."

Creating a trusted version means company officials also would have to modify all the applications that run on the operating system to maintain the security continuity, Zaman said.

Microsoft officials have been taking security seriously, however, and are increasing security levels in their products, he said.

To take a familiar example, Windows XP users have to hit the control-alt-delete key combination and enter a password to boot up and log in to their computers, he said. In earlier versions of Windows, "that was an afterthought," he said. "You could work around any password log-on."

***

Ensuring security

The Trusted Linux operating system that Trusted Computer Solutions Inc. officials are developing will be rated at Evaluation Assurance Level (EAL) 4 on the Common Criteria evaluation. EAL 4 is a midlevel rank on a scale of 1 to 7. It means that the developer uses positive security engineering based on good commercial practices, which do not require substantial specialized knowledge. According to National Institute of Standards and Technology officials, "EAL 4 is the highest level at which it is likely to be economically feasible to retrofit an existing product line."

Specifically, EAL 4 includes:

Partial configuration management automation.

Modification detection.

Administrator and user guidance documents.

Well-defined development tools.

Independent vulnerability analysis.