From:   Jay Lepreau <lepreau@cs.utah.edu>
To:     open-source@csl.sri.com, securedistros@nl.linux.org
Subject: Re: NSA funds SCC for robust/secure Linux 
Date:   Wed, 26 Jan 2000 06:50:21 MST

The recent press release and email from Secure Computing Corp.
regarding type-enforced Linux are confusing.  No longer regarding
the GPL aspect-- I'm pleased to hear it's all going to be openly
released-- but regarding the origins of the technology.

Over several years our research group at the Univ. of Utah-- the Flux
group-- collaborated closely with the NSA in integrating flexible
mandatory access controls into our research OS, "Fluke", with some
consulting support from Secure Computing.  This extended over several
years, resulting in the "Flask" system.  That security architecture is
derived from DTOS, which was developed by the NSA, SCC, and maybe others.

Since September our colleagues at the NSA have been working to transfer
those concepts into Linux.  According to my discussions with them and the
content on their project web page
(http://www.cs.utah.edu/flux/fluke/html/linux.html), it is the NSA
researchers who have actually performed the kernel security modifications,
and Secure Computing is using that source code-- the working secure Linux
prototype that Steve Smalley talked about at the November meeting-- as the
foundation for their work.  (There is certainly need for a lot of
work above the kernel in this system!) Could we get a clarification
from SCC or NSA on this issue?

Other than that, I'm delighted to see this excellent security
architecture going mainstream, backed by a major company. Good luck!

Other relevant URLs:
Flask:	http://www.cs.utah.edu/flux/flask/
The OSKit, which contains some Flask-y components, suitable for drop-in
use in other OS's including Linux: http://www.cs.utah.edu/flux/oskit/

Jay Lepreau
University of Utah
-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/