OpenSolaris, Security and the NSA (National Security Agency)

We made a very significant announcement last week, of a collaboration with one of the most (if not the most) security sensitive institutions on earth, the United States government’s National Security Agency. They’ve joined the burgeoning OpenSolaris community, to collaborate with Sun and other community members on the future of ultra-secure operating systems.



To put this in context, community engagement has always been one of the most important ways Sun innovates in the marketplace – we partner with those that have extreme demands (whether it’s the world’s largest supercomputing facility, or the world’s most paranoid security professionals (no offense intended), or the world’s largest archival storage facilities), and then we leverage that expertise to create products for the mass market. We let extreme customers teach us what the rest of the world will ultimately experience.


Nine times out of ten, what extreme customers experience is a great leading indicator for the industry as a whole.


Historically, this type of collaboration used to involve reams and reams of legal documents describing all kinds of confidentiality restrictions, intellectual property exchanges, or cumbersome institutional processes. But it got really simple when we

embraced the open source community – now our most fruitful collaborations boil down to this: “come join the community.” And that’s exactly what we’re announcing with the National Security Agency, they’ve joined the OpenSolaris community.


And rather than walk through the details of our collaboration, I figured I’d have Bill Vass, the president of Sun’s Federal Systems Group do all the heavy lifting – so I sent him a bunch of questions, and thought I’d post the resulting Q&A. His responses are below.


So Bill, what did we announce?

That we’ve formalized a relationship with the United States National Security Agency (NSA) to incorporate their security research into an OpenSolaris community project called Flexible Mandatory Access Control (FMAC). The press release for the project is available here.

What’s Flexible Mandatory Access Control (FMAC)?

First, Mandatory Access Control (MAC) is a mechanism generally implemented in the operating system that provides unbypassable restrictions over system privileges. MAC’s exists so that not just anyone, for example, can look at your passport file without permission, or turn off a machine in mission critical deployment. MAC is all about managing privileges.


But when it comes to MAC, there isn’t one size that fits all, so that’s where the flexible part comes in. An installation’s security goals can vary
based upon the value of its information assets or systems, and the methods used to protect them. By allowing flexibility, the security policy can be
described to meet the actual needs for access control based upon an extensible enforcement model.


Thus, Flexible Mandatory Access Controls – you can read more about FMAC here. FMAC isn’t just a government issue, of course, it’s just as much an issue for a social networking site, or a bank – everyone wants simplified, easy to use access controls, consumers and corporations, too.


Who’s involved in the project?

Sun and the NSA are jointly working in the OpenSolaris community, and we’re inviting broad participation – one of the great benefits of being an open source company is that Sun can innovate out in the open, within a very large community. For security technologies in particular, transparency of development is absolutely vital, even for the NSA – you can’t sneak trojan horses into open source platforms. So open source allows high security customers to trust vendors *and* verify.


This collaboration is a great endorsement for the integrity of the OpenSolaris community among government users focused on technical and commercial progress.


So why did the NSA select Sun?

Security and performance are really the core of our relationship with governments around the world. We’ve been focused on security since our inception, and we’ve got more than 20 years experience in the trusted operating system business (remember, Trusted Solaris spawned from collaboration with the US government about a decade ago).



Our security technologies touch everything from the SIM card in your cell phone, to the identity management platforms at the heart of some of the world’s largest web services – and Solaris has long been recognized as the most secure open source OS in deployment, from battlefields to command and control systems. So this seemed like a natural partnership to us.


You mentioned something about integrating NSA security research?

Yes, we are investigating how the NSA research on Flux Advanced Security Kernel (FLASK) architecture and type enforcement (TE) policy can be
combined with our Solaris Trusted Extensions technology. They’re potentially complementary, and we think we can leverage that in the delivery of a fully open source application stack – from MySQL through Glassfish/Java, and up to the user.








The Flask architecture separates policy enforcement from the policy itself. Policies can be modified without needing to change the enforcement “hooks” in the operating environment, which makes life a lot easier for security administrators, and makes the systems more flexible and useful.


Type Enforcement policy allows for very fine-grained access control that can be used to to protect against malicious software.


Why are we embarking on this work with the NSA?

We’ve received requests for a Flask/TE based implementation in Solaris from a number of government customers. And now that we have Solaris Trusted Extensions out the door, it’s a great time to start looking toward the future. We already have a great Multilevel Security (MLS) infrastructure with Solaris Trusted Extensions but the value of the combined technologies may provide a single extensible platform that can be used to protect sensitive government information, along with mainstream enterprises, and ultimately, even consumer electronics like your phone or digital video recorder.


What audience does FMAC address?

Like I said above, MAC based systems are used primarily by governments. Our goal moving forward is to make technologies such as FMAC more accessible to commercial markets, from startups to big enterprises. Governments tend to be good leading indicators for broader commercial security concerns.



High security used to be esoteric, now it’s essential – for the US government, for international governments, and most importantly, for users.


Is this limited to the US?

Nope. It’s an OpenSolaris project and we want the global community to help drive it forward. If others want to collaborate, just create an account on opensolaris.org and join in.


If someone wants to get a hold of your team to talk about FMAC in the open source community, what should they do?

Just send me an email, bill.vass@sun.com. We’ve got lots of folks in Washington, DC, as well as contacts around the world, who can help organizations understand security and open source, and understand how to join the community to collaborate around security innovation. Now’s the time, join in!


Thanks, Bill. Much appreciated.

You’re very welcome. ADDITION: if any of your readers are local to Silicon Valley, and would like to hear Sun’s lead John Weeks discuss Flask/TE and the OpenSolaris collaboration project, you might stop in on us in at Sun’s Santa Clara campus at 7:30p. If not, I’ll post a video of the session so interested parties can share their insights.

21 Comments

Filed under General

21 responses to “OpenSolaris, Security and the NSA (National Security Agency)

  1. Alfredo Garcia

    Broken link to the NSA blog (http://blogs.sun.com/www.nsa.gov)

  2. nsaornotnsa

    That’s great news to hear that Sun is in cahoots with the NSA, it’s about time, ever since the trusted Solaris kinda ‘disappeared’.
    Also good to know there will now be an open source alternative to MAC. The commercial alternative has been around for years from Argus. That way, one can be free, and one who really needs heavy duty stuff can pay to use Argus’ solution. And never mind the AIX stuff — that’s just for kids.

  3. Solaris_Lover

    Solaris Rocks!
    The HP-UX, AIX (and some LNUX) folks need to roll with Solaris.

  4. raghunath L

    Jonathan,
    Solaris is growing , i have no doubt it would survive and be victorious from the onslaught of Windows-2008 and Linux.
    But My question is where would be much loved Sparc line of hardware end up ?
    Are you trying to get on to X86 bandwagon to survive? just keep the sparc business to some of the F500 companies only?
    Why can’t you get Vista/XP ported on to Rock? or can you think some trick which can make them to boot on Rock?
    I think it’s going to be tough to keep sparc line sparking but effort will give you some diversity at the time of economic downturn.
    Think hard but fair with this.
    Raghu

  5. Michael

    Nsaornotnsa, Trusted Solaris didn’t disappear. 80% of TS is rolled into Solaris 10. The remaining 20% is available in pkg form should you need it.

  6. Benoit Flippen

    This is really kool, and a great leap forward for Sun.
    I think something left out of the post though, is a quick comparison of this initiative with the NSA’s existing work on SELinux. How is FMAC different? How is it better? I assume the idea is to make it easier to use (Hence the "F"), but at least some mention of the fact would have been appropriate!
    Keep up the good work.
    Benoit

  7. awesome news for Solaris fans like me! Thanks!

  8. Salvo

    Great news, Sun is always at the top edge of Computer Science, and Security in this particular case…
    What I like of Sun is that it’s a company that can work on mission critical things, partnered with very serious organizations (NSA), but yet it is able to remain a young, fresh and positive company (just have a look at the webpage, with all those nice landscapes and travel photos), with a preference over open-source technologies and a big corporate responsibility policy.
    If there would be more companies like Sun (or Google), I’m sure the world would be a better place…

  9. I think something left out of the post though, is a quick comparison of this initiative with the NSA’s existing work on SELinux.

  10. ww

    Trusted Solaris still exists under a classified name..right Jonathan?
    Some 256 bit OS’s were reported in developement by the Swedish Air Force for IBM Europe..and GCHQ was involved (POWER7 protos anyone?).
    The T4 chips and their "optical equivalents" are the keys here for
    the "ultra community"…maybe Jonathan can get JavaOS ported to
    the Python platform for us..and a "Quantum Computing secure system".
    ww in INDIGOLAND

  11. Hi Folks,
    Solaris Trusted Extensions is the feature that provides full multi-level security to the Solaris 10 OS. In Solaris 10 11/06 and Solaris 10 8/07, you must add these packages once you have installed the base OS.
    See http://docs.sun.com/app/docs/coll/175.9 for full install docs
    Note that all of these packages will be installed automatically in the next update release of Solaris 10 and are already installed by default in Solaris Express Community Edition.

  12. Jonathan,
    Thanks much for the easy to understand write-up on this really important work.
    Advanced computer science like this, implemented in ways that serve customers and organization, will let us tackle some real challenges. One of the biggest challenges the world is still trying to deal with is how to enhance security, enhance personal privacy and enhance information sharing all at the same time. My sense is that Open Solaris and FMAC will help us make great strides there.
    I guess I’m strongly agreeing with you and Bill’s point that "FMAC isn’t just a government issue, of course, it’s just as much an issue for a social networking site, or a bank – everyone wants simplified, easy to use access controls, consumers and corporations, too."
    You guys have always been at the forefront of security, privacy, sharing and performance and I have no doubt you will be staying there.
    Cheers,
    Bob Gourley

  13. Linux was quite intentionally left out. The last thing Sun wants is anyone pointing out that this technology has been fully integrated with the Linux kernel for years now. It makes Sun look way behind. Linux has stolen enough of Sun’s thunder that you can be sure that Jonathan will cringe when he sees that you mentioned it.

  14. Mike

    So this is yet another step in Sun’s plan of 100% Linux envy?? Ironic that Sun’s sales/engineers have been knocking Linux’ implementation of FLASK architecture with SELinux and now Sun is copying Linux… how do you explain that about face to customers?

  15. Vladimir Cotfas

    Hate to be a small troll, here’s an off-topic comment: I and some other old-timer sysadmins continue to be fanatically in love with SunOS 4.1.3 so could you GPL it so we can update it and port it to new hardware?
    I would even give up Linux for a chance to run SunOS (not Solaris!) again.
    Regards,
    Vlad

  16. Bill

    Meh.
    Whatever makes you money. The US military pork barrel is a good drip feed.
    Why are they bothering? Well the cynic in me says:
    – you give better support than Open BSD.
    – They can port their OpenBSD apps easily to your AT&T/BSD Unix variant.
    – by saying the NSA supports/uses Solaris you imply that it is secure. What you do not say is that by the same token the NSA is also skilled in securing and *breaking* these systems.

  17. Johnathan,
    Welcome to the open-source Mandatory Access Control community (which already includes SELinux and TrustedBSD)! I look forward to seeing how Sun improves and transforms this technology.
    Karl

  18. J. A. Sturmthrond

    You act like this makes you special. Don’t forget the NSA also put lots of work into a secure Linux variant. They have an interest in securing U.S. interests.
    Also, I wonder if FMAC will be as useless as RBAC? (e.g., completely orthogonal to normal users/groups, vague syntax where you can’t specify which role/profile to execute a particular command with, brokenness where even if you have the right privilege system utilities still check for uid==0)

  19. Way to go Solaris!
    I agree, HP-UX, AIX and LNUX folks need to roll with Solaris.

  20. Jim

    A bigger and pressing question, why isn’t gears.google.com supported on Solaris. They support Linux. Urg! What about google toolbar? Yahoo toolbar??
    Don’t get me wrong, I love Solaris. However, I find it so repressive that google and yahoo doesn’t support it as a desktop when they support linux.
    Can’t some executive at Sun talk to Eric S. or Yahoo’s CEO. Heck, Eric was Sun.
    Thanks.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s