May 26, 2003

GIDIS Trusted Linux: A MLS Linux Version

Maximiliano Cristiá writes "

Trusted Linux
is a security enhanced version of Linux which
descends from Lisex. Lisex

is a MLS prototype of Linux developed by GIDIS (R+D Group on
Software Engineering) from National University of Rosario
(Argentina). GIDIS Trusted Linux, as well as Lisex, is developed with
a great deal of Formal Methods.

Recently, the economic support given by our sponsor has
finished. Therefore, the R+D Group on Software Engineering (GIDIS) is
now seeking for partners, investors, sponsors or funding institutions
interested in supporting the GIDIS Trusted Linux project. Any kind of
support is welcome, including grants, subsides, computer equipment,
etc. In return, GIDIS offers to share any economic benefit originated
in marketing GIDIS Trusted Linux as well as any industrial patent
derived from it. Also, we want to enter into relations with other R+D
groups on software engineering, computer security or formal
methods. If you are interested in this proposal please contact
Maximiliano Cristiá,

Below, there is a review of the key aspects of the GIDIS Trusted Linux
project and some useful information related to it.

GIDIS Trusted Linux predecessor's: Lisex

Researchers and developers at GIDIS have reached all these Lisex's

  • to modify the Linux file system in order to include multi-level
    secure controls

  • to provide to the public domain a prototype featuring the essential
    system capabilities

  • intensive use of Formal Methods during development

  • to point out the most problematic disadvantages of multi-level
    implementations (in terms of usability) in order to avoid them on
    the development of GIDIS Trusted Linux.

Frederick Brooks says: "plan to throw one away; you will,
anyhow". Lisex is just a prototype. GIDIS personnel has learned a lot
while building Lisex. GIDIS Trusted Linux will feature all Lisex's
capabilities plus some key enhancements that will make it an appealing
industry option for secure operating systems.

GIDIS team and more on GIDIS Trusted Linux

The GIDIS team is formed by a group of young researchers with lot of
flesh and exciting ideas. Moreover, this young team have undoubtedly
demonstrated its technical skills. They have successfully applied
Formal Methods to specification, verification, implementation and
testing of Lisex. Despite, Lisex share many of the problems of
traditional MLS implementations, we strongly believe that the team
ideas will lead to a version of GIDIS Trusted Linux that overcomes the
main problems regarding usability. Also these ideas will guarantee the
reliability of the development process and the product itself with
formal methods. We also believe this is a very good high tech business
opportunity for those interested on supporting innovative projects.

To summarize these ideas, we could say that the main disadvantage of
MLS implementations is that they are unnecessarily restrictive. This
systems tend to reduce their usability making everyday tasks a
nightmare. We have noticed the root of a number of restrictions
and developed solutions to each of them. Thus, implementing them will
take the resulting system to its highest level of usability without
leaving the MLS model. These solutions and ideas are described in a
white paper; please, contact us (
for a copy of it.

Including these new ideas into a UNIX-like operating system kernel
(Linux, BSD, or any proprietary version), will yield a new MLS
implementation with a huge applicability to the industry because:

  • it will be compatible with almost all application software; (i.e.
    it will be unnecessary to modify or adapt most of the applications);

  • an unusual level of usability for MLS implementations will be

  • it will enforce an MLS security policy featuring great resistance
    against confidentiality attacks performed by means of Trojan horses;

  • it will have a performance just below that of any non-MLS

  • it will be developed with an intensive use of Formal Methods that
    greatly increase system reliability and correctness, and clear the
    way to the highest Common Criteria accreditation levels.

In order to develop GIDIS Trusted Linux, the group needs this kinds of

  • scholarships, grants, investments, etc. which will allow us to
    preserve the highly skilled technical group that was able to develop
    its predecessor (Lisex);

  • computer equipment (PCs, servers, printers, communication devices,
    etc.) which will allow us to work faster and more efficiently;

  • physical facilities, accommodations, etc. which will allow us to
    increase the number of team members;

  • Internet connexion service, books, translation services,
    subscriptions to specialized magazines and journals.

GIDIS offers to share with all kinds of investors GIDIS Trusted
Linux's patent and/or any other profit which could come from sales
and/or services based in this product or its derivatives.

If you or your organization are interested in this proposal we
encourage you to contact us:

Maximiliano Cristiá
GIDIS Leader

R+D Group on Software Engineering

Computer Science Department

Engineering Faculty

National University of Rosario

Rosario - Argentina




  • Security
Click Here!