Security-enhanced Linux prototype available

The National Security Agency has developed — and is releasing to the public — a prototype of a security-enhanced Linux operating system.

The security mechanisms support a range of security policies, according to a Jan. 2 agency announcement. The publicly released prototype comes with sample security policy configuration files designed to meet common, general-purpose security goals.

"The prototype includes enhancements to Linux that provide new, stronger protection against tampering and bypassing of application security mechanisms and greater limits on the damage that can be caused by malicious or flawed applications," NSA said in a statement.

The prototype's release follows high-level calls for increasing the federal government's role as a user of, and contributor to, open-source software. The President's Information Technology Advisory Committee, for example, recommended in September that the federal government encourage open-source software as an alternative to software development for high-end computing.

"Open-source software plays an increasingly important role in federal IT systems," said Jeffrey Hunker, senior director for infrastructure protection at the National Security Council. "I'm delighted the NSA's security experts are making this valuable contribution to the open-source community."

NSA said its prototypical security-enhanced Linux is not intended to be a complete solution and that it does not fix existing security problems with Linux. However, "The system provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements," NSA states on its security-enhanced Linux Web site.

The project Web site (www.nsa.gov/selinux) contains the source to the system as well as some technical documentation about it.

NSA provided the prototype with the intention of working with the Linux community to refine these enhancements for eventual inclusion in Linux.

Featured

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.