October 1, 2004

Trusted Linux

Author: Preston St. Pierre

Trusted Computer Solutioncs, Inc., out of Herndon, Virginia, said earlier this week it is going to build Trusted Linux, an ultra-secure distribution based on the National Security Agency's SELinux.

TCS is a big U.S. federal government IT vendor, providing information-sharing applications to some of the United States' most secretive departments, such as the CIA, Dept. of Defense, and the National Reconnaissance Office.

These agencies have exceedingly stringent security requirements, yet still need to communicate with each other and share certain information, much of it classified at different levels. With the heightened efforts against potential terrorist attacks since 9/11, secure coordination and cross-communication efficiency of all the different entities responsibie for protecting the country is vital.

TCS sells modular, plug-in applications that deploy quickly with low manpower needs. To date, those applications have all been developed on Sun's Trusted Solaris. It's the same as regular Solaris, but adds greater access controls and multi-level security (MLS).

MLS accomplishes two primary functions: it prevents users from accessing information at a higher classification than their security clearance permits, and it ensures that those users cannot declassify any information once they have gained access to it.

According to a 2004 Government Security News survey of 214 security professionals working at federal agencies with "a national security mandate," 47% said their department is currently involved in some kind of MLS infrastructure modernization initiative.

Ed Hammersla, COO for TCS, said up to this point, Trusted Solaris is the only commercially available operating system that is capable of allowing MLS-based development. He called it "label-based" security. "Essentially, everything that comes off the network has a label, and users are authorized to see only certain labels."

Previously, Hammersla said, the only way for security agencies to share information was manually - they carried it around on a CD or memory stick. "Our applications automate the process," he said. "It allows that information to pass from one secure network to another."

With all the infrastructure re-working going on, coupled with the increase in OSS uptake in the federal government, TCS found itself receiving requests from customers for Linux-based MLS security applications. So the company decided to create Trusted Linux as a base for porting Trusted Solaris applications.

Trusted Linux will be based on the National Security Agency's SELinux, a distribution that already includes complex security protections, but has been lacking much of the multi-level security implementations that Hammersla said are necessary to run the kind of information sharing applications TCS' government customers need.

Hammersla said working with Linux is not a new concept for the company. "Many of our people use Linux at home and have a background in Linux," he said. "It's a new initiative, but we have a tremendous amount of experience."

TCS has been coding the project for about a year, creating MLS patches for SELinux and dutifully offering them to the community. Hammersla said he expects TCS to release the first version of Trusted Linux in early 2005.

Click Here!