Linux as a Trusted Operating System: A

rrrajesh84in · #1 (**permalink**) 03-12-2008, 01:40 AM

Linux as a Trusted Operating System: A
Secure and Cost-Effective Choice for
Government Systems

rrrajesh84in · #2 (**permalink**) 03-12-2008, 01:41 AM

INTRODUCTION

"Trusted" is moving to open source. Work is under way by members of
the open source community to make Linux a trusted operating system.
Computers that run "trusted" operating systems (OSs) have long found a
home in select government agencies because of the government's unique
need to protect and share data and establish secure connections. Secure
operating systems and trusted systems play important roles in many
niches throughout the government, but historically, the Department of
Defense and intelligence organizations have shown the strongest interest
in these systems. Growing demand, in other parts of the government and
in the private sector, for increased security and integrity of systems
should expand the usage of trusted operating systems.

rrrajesh84in · #3 (**permalink**) 03-12-2008, 01:41 AM

Until now, a trusted operating system has been a distinctive version of a
standard OS that has been enhanced with special security mechanisms
and services to allow a computer to compartmentalize data and protect
information and connections. The acceptance of the work now under
way by the open source community will make Linux a trusted operating
system. Organizations will have the option of running Linux in their
traditional manner or with configured trusted options.
The debut of trusted Linux will move trusted OS solutions firmly into
the open source community, making the trusted OS a more mainstream
solution for government users

rrrajesh84in · #4 (**permalink**) 03-12-2008, 01:42 AM

Implementation results may vary by organizations, but federal, state,
and local government IT managers may find this open source offering
a friendly and affordable solution for their secure system needs.
This IDC Government Insights Executive Summary explores the
benefits of trusted Linux in the government IT space and looks at why
it is likely to become a favorite of the large systems integrators (SIs)
that serve this space. It also looks at how IBM, Red Hat, and Trusted
Computer Solutions are working together to put trusted Linux on the
fast track.

rrrajesh84in · #5 (**permalink**) 03-12-2008, 01:43 AM

Ke y G o v e r nme n t I T M a r k e t D r i v e r s

Before we delve into the particulars of trusted Linux, it's important to
understand the key issues that drive government IT spending today.
These issues are as follows:
● Government budgets are tightly constrained. There is
substantial pressure from the Office of Management and Budget to
reduce costs and consolidate IT systems. Events such as the wars
in Iraq and Afghanistan and natural disasters such as Hurricanes
Katrina and Rita have consumed government resources and made
all government spending, including IT budgets, extremely tight.

rrrajesh84in · #6 (**permalink**) 03-12-2008, 01:43 AM

● Demands are increasing for improved and integrated
government services. Constituents are demanding better-
performing and more reliable online interactions, effective
handling of security threats, and better collaborative environments.
● Accountability for compliance and efficiency is increasing.
Agencies must track and report on how they are complying with a
variety of laws and government reporting structures, including
those aimed at streamlining costs. Secure, reliable data sources are
needed if these reports are to be reliable.

rrrajesh84in · #7 (**permalink**) 03-12-2008, 01:44 AM

● Emphasis on security continues, but with a requirement for
improved accessibility. A system can be made so secure that it
fails to share data in a timely manner with those who need it most.
A system is most valuable when it is both secure and quickly
accessible to the right people.
● Innovative buying models are being developed. From packaged
solutions to new pricing structures that reach across multiple levels
of government, costs are being driven down while new higher
expectations for performance are being set.

rrrajesh84in · #8 (**permalink**) 03-12-2008, 01:44 AM

W h a t I s t h e D e f i n i t i o n o f T r u s t e d L i n u x ?

The standard open source Linux operating systems will become trusted
operating systems with the trusted Linux enhancement. A trusted
Linux is being developed in response to the needs and demands of
government agencies for a secure, mainstream operating system
capable of addressing system access and other security concerns. This
response from open source technology providers heeds the
government's call by using open source Linux as the platform for
delivering a highly secure operating system to the marketplace.

rrrajesh84in · #9 (**permalink**) 03-12-2008, 01:45 AM

Government IT infrastructures are being challenged today to meet very
stringent security requirements by business, citizens, and various
government regulations. In addition, government systems managers
must find new methods to efficiently handle interenterprise and
interagency information flows across security boundaries while
meeting the ongoing operational and business challenges of their
organizations.

rrrajesh84in · #10 (**permalink**) 03-12-2008, 01:45 AM

If organizations are to accomplish this goal, then the underlying
platform must provide a certain level of trust. Traditional architectures,
which support only discretionary access control (DAC), have proven
to be inadequate solutions to emerging threats and high-connectivity
requirements. They are unable to provide the fine-grained access
control necessary to support trusted platforms.

rrrajesh84in · #11 (**permalink**) 03-12-2008, 01:46 AM

A trusted platform then must support some form of mandatory access
control (MAC) capability. In its most general form, a MAC capability
is an access control mechanism that enforces a system security policy
that cannot be altered at the discretion of the system user. This
enforcement of a system-level security policy provides much of the
"trust" in the trusted platform.

rrrajesh84in · #12 (**permalink**) 03-12-2008, 01:47 AM

In addition to providing the trusted functionality, the trusted platform
must provide a level of assurance for this functionality. This assurance
is normally achieved through security certifications, such as the
Common Criteria Evaluation and Validation Scheme (CCEVS). Such
capabilities have been built into the standard Linux infrastructure,
leading to a "trusted" Linux.

rrrajesh84in · #13 (**permalink**) 03-12-2008, 01:47 AM

S e c u r i t y E n h a n c e d L i n u x

As a first step, organizations must understand the baseline Security
Enhanced Linux, also known as SELinux.

SELinux is a set of capabilities adopted by the open source
community. It is used with the Linux kernel available in some Linux
distributions (e.g., Red Hat Enterprise Linux 4). It forms the
foundational baseline for trust and is important to understand.
An outgrowth of National Security Agency (NSA) research projects,
SELinux capabilities are built around the Linux kernel, with several
additional utilities. Its security functions provide MAC, plus details on
how such controls should be built into Linux.

rrrajesh84in · #14 (**permalink**) 03-12-2008, 01:48 AM

SELinux is not a "trusted" operating system by itself. A trusted OS
(which is what trusted Linux will be) includes support for multilevel
security and complies with government requirements that literally fill a
whole book. It includes a layered extension of the standard Linux OS
at the kernel level (with user-level support) and specific containment
properties to guard against application intrusion and compromise. It
has security mechanisms and services to allow systems to protect,
distinguish, and separate or compartmentalize classified government
data or sensitive corporate information. Such systems should also have
detailed development, documentation, and testing requirements to
ensure that the security features have been properly implemented.

rrrajesh84in · #15 (**permalink**) 03-12-2008, 01:48 AM

The NSA has been very supportive of efforts to bring trusted Linux
into the open source realm.
The value of trusted Linux is that it provides the foundation to allow:
● Access to secure information across different domains — system
to system, agency to agency
● Information sharing between different security levels without
compromising protected data
● Transfer of information across domains using the security
protocols required

rrrajesh84in · #16 (**permalink**) 03-12-2008, 01:49 AM

T h e C e r t i f i c a t i o n P r o c e s s f o r T r u s t e d
L i n u x

In the case of trusted Linux, the term "trusted" also refers to an
operating system that has been evaluated under the CCEVS with an
evaluation assurance level (EAL) of 4 or higher under specific
protection profiles. A trusted operating system must have security
functionality that includes MACs, role-based access, and labeled
security access. The labeled security access is enforced by MACs
utilizing multilevel security (MLS).

rrrajesh84in · #17 (**permalink**) 03-12-2008, 01:50 AM

CCEVS is the result of a multiyear effort by the governments of the
United States, Canada, the United Kingdom, France, Germany, and the
Netherlands to develop harmonized security criteria for IT products.

Details on who is pushing the development of a solid trusted Linux OS
can be found in the Vendor Synergy section of this document.

rrrajesh84in · #18 (**permalink**) 03-12-2008, 01:50 AM

Other vendors and operating systems are also going through the
CCEVS process. Government systems administrators will need to
make a choice as to whether they will install and support multiple
trusted systems or whether they will standardize on a single enterprise
trusted solution. In such cases, price point may be a major deciding
factor.

rrrajesh84in · #19 (**permalink**) 03-12-2008, 01:51 AM

W h e r e D o e s T r u s t e d L i n u x F i t I n ?

Any security-conscious organization, public or private, may have a
need for trusted Linux. However, government agencies, especially
those with a strong need to protect classified data or to protect any sort
of data or system from hackers, have a particularly strong need.
Trusted Linux addresses the same security requirements that have been
addressed by traditional, more expensive operating systems over the
past 10 years. Thus, the scope of this cost-effective open source
solution could be very extensive if adopted by government agencies.

rrrajesh84in · #20 (**permalink**) 03-12-2008, 01:52 AM

The types of government applications, environments, and networks
that would use trusted Linux are numerous and varied. They include
financial management systems, human resources systems that need to
protect personal records, transaction processing systems, and, of
course, intelligence agencies, defense installations, and homeland
security data and systems that are needed to help keep the country
secure.

Virtually any organization that adheres to the National Information
Assurance Partnership (NIAP), the CCEVS, or the Defense
Information Systems Agency Common Operating Environment (COE)
should pay attention to trusted Linux as it matures.