From: Jay Lepreau <lepreau@cs.utah.edu> To: open-source@csl.sri.com, securedistros@nl.linux.org Subject: Re: NSA funds SCC for robust/secure Linux Date: Wed, 26 Jan 2000 06:50:21 MST The recent press release and email from Secure Computing Corp. regarding type-enforced Linux are confusing. No longer regarding the GPL aspect-- I'm pleased to hear it's all going to be openly released-- but regarding the origins of the technology. Over several years our research group at the Univ. of Utah-- the Flux group-- collaborated closely with the NSA in integrating flexible mandatory access controls into our research OS, "Fluke", with some consulting support from Secure Computing. This extended over several years, resulting in the "Flask" system. That security architecture is derived from DTOS, which was developed by the NSA, SCC, and maybe others. Since September our colleagues at the NSA have been working to transfer those concepts into Linux. According to my discussions with them and the content on their project web page (http://www.cs.utah.edu/flux/fluke/html/linux.html), it is the NSA researchers who have actually performed the kernel security modifications, and Secure Computing is using that source code-- the working secure Linux prototype that Steve Smalley talked about at the November meeting-- as the foundation for their work. (There is certainly need for a lot of work above the kernel in this system!) Could we get a clarification from SCC or NSA on this issue? Other than that, I'm delighted to see this excellent security architecture going mainstream, backed by a major company. Good luck! Other relevant URLs: Flask: http://www.cs.utah.edu/flux/flask/ The OSKit, which contains some Flask-y components, suitable for drop-in use in other OS's including Linux: http://www.cs.utah.edu/flux/oskit/ Jay Lepreau University of Utah - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/