« Previous day (Mar 24, 2008) | Main | Next day (Mar 26, 2008) »  

Tuesday Mar 25, 2008

OpenSolaris, Security and the NSA (National Security Agency)

We made a very significant announcement last week, of a collaboration with one of the most (if not the most) security sensitive institutions on earth, the United States government's National Security Agency. They've joined the burgeoning OpenSolaris community, to collaborate with Sun and other community members on the future of ultra-secure operating systems.

To put this in context, community engagement has always been one of the most important ways Sun innovates in the marketplace - we partner with those that have extreme demands (whether it's the world's largest supercomputing facility, or the world's most paranoid security professionals (no offense intended), or the world's largest archival storage facilities), and then we leverage that expertise to create products for the mass market. We let extreme customers teach us what the rest of the world will ultimately experience.

Nine times out of ten, what extreme customers experience is a great leading indicator for the industry as a whole.

Historically, this type of collaboration used to involve reams and reams of legal documents describing all kinds of confidentiality restrictions, intellectual property exchanges, or cumbersome institutional processes. But it got really simple when we embraced the open source community - now our most fruitful collaborations boil down to this: "come join the community." And that's exactly what we're announcing with the National Security Agency, they've joined the OpenSolaris community.

And rather than walk through the details of our collaboration, I figured I'd have Bill Vass, the president of Sun's Federal Systems Group do all the heavy lifting - so I sent him a bunch of questions, and thought I'd post the resulting Q&A. His responses are below.

So Bill, what did we announce?
That we've formalized a relationship with the United States National Security Agency (NSA) to incorporate their security research into an OpenSolaris community project called Flexible Mandatory Access Control (FMAC). The press release for the project is available here.

What's Flexible Mandatory Access Control (FMAC)?
First, Mandatory Access Control (MAC) is a mechanism generally implemented in the operating system that provides unbypassable restrictions over system privileges. MAC's exists so that not just anyone, for example, can look at your passport file without permission, or turn off a machine in mission critical deployment. MAC is all about managing privileges.

But when it comes to MAC, there isn't one size that fits all, so that's where the flexible part comes in. An installation's security goals can vary based upon the value of its information assets or systems, and the methods used to protect them. By allowing flexibility, the security policy can be described to meet the actual needs for access control based upon an extensible enforcement model.

Thus, Flexible Mandatory Access Controls - you can read more about FMAC here. FMAC isn't just a government issue, of course, it's just as much an issue for a social networking site, or a bank - everyone wants simplified, easy to use access controls, consumers and corporations, too.

Who's involved in the project?
Sun and the NSA are jointly working in the OpenSolaris community, and we're inviting broad participation - one of the great benefits of being an open source company is that Sun can innovate out in the open, within a very large community. For security technologies in particular, transparency of development is absolutely vital, even for the NSA - you can't sneak trojan horses into open source platforms. So open source allows high security customers to trust vendors *and* verify.

This collaboration is a great endorsement for the integrity of the OpenSolaris community among government users focused on technical and commercial progress.

So why did the NSA select Sun?
Security and performance are really the core of our relationship with governments around the world. We've been focused on security since our inception, and we've got more than 20 years experience in the trusted operating system business (remember, Trusted Solaris spawned from collaboration with the US government about a decade ago).

Our security technologies touch everything from the SIM card in your cell phone, to the identity management platforms at the heart of some of the world's largest web services - and Solaris has long been recognized as the most secure open source OS in deployment, from battlefields to command and control systems. So this seemed like a natural partnership to us.

You mentioned something about integrating NSA security research?
Yes, we are investigating how the NSA research on Flux Advanced Security Kernel (FLASK) architecture and type enforcement (TE) policy can be combined with our Solaris Trusted Extensions technology. They're potentially complementary, and we think we can leverage that in the delivery of a fully open source application stack - from MySQL through Glassfish/Java, and up to the user.

The Flask architecture separates policy enforcement from the policy itself. Policies can be modified without needing to change the enforcement "hooks" in the operating environment, which makes life a lot easier for security administrators, and makes the systems more flexible and useful.

Type Enforcement policy allows for very fine-grained access control that can be used to to protect against malicious software.

Why are we embarking on this work with the NSA?
We've received requests for a Flask/TE based implementation in Solaris from a number of government customers. And now that we have Solaris Trusted Extensions out the door, it's a great time to start looking toward the future. We already have a great Multilevel Security (MLS) infrastructure with Solaris Trusted Extensions but the value of the combined technologies may provide a single extensible platform that can be used to protect sensitive government information, along with mainstream enterprises, and ultimately, even consumer electronics like your phone or digital video recorder.

What audience does FMAC address?
Like I said above, MAC based systems are used primarily by governments. Our goal moving forward is to make technologies such as FMAC more accessible to commercial markets, from startups to big enterprises. Governments tend to be good leading indicators for broader commercial security concerns.

High security used to be esoteric, now it's essential - for the US government, for international governments, and most importantly, for users.

Is this limited to the US?
Nope. It's an OpenSolaris project and we want the global community to help drive it forward. If others want to collaborate, just create an account on opensolaris.org and join in.

If someone wants to get a hold of your team to talk about FMAC in the open source community, what should they do?
Just send me an email, bill.vass@sun.com. We've got lots of folks in Washington, DC, as well as contacts around the world, who can help organizations understand security and open source, and understand how to join the community to collaborate around security innovation. Now's the time, join in!

Thanks, Bill. Much appreciated.
You're very welcome. ADDITION: if any of your readers are local to Silicon Valley, and would like to hear Sun's lead John Weeks discuss Flask/TE and the OpenSolaris collaboration project, you might stop in on us in at Sun's Santa Clara campus at 7:30p. If not, I'll post a video of the session so interested parties can share their insights.

Posted on 09:35AM Mar 25, 2008 | Comments[21]

Share this post  del.icio.us | digg.com | slashdot.org | technorati.com | reddit | facebook | stumbleupon