UK government and IBM trial secure Linux

Summary:The Central Sponsor for Information Assurance said the initiative in the North of England will show Linux can provide security in a complex environment

The Cabinet Office and IBM are working together on a secure open source environment for public and private sector organisations.

The Central Sponsor for Information Assurance (CSIA) said this week that the initiative had been launched to assure public and private sectors that Linux could provide security in a complex environment.

The design is based on Security Enhanced Linux (SELinux) and IBM Websphere, a mandatory access control (MAC) application, which gives "need to know" access to security.

"We've been looking at Websphere middleware to say we can apply SELinux and a suite of applications with a security policy in a complex environment," Stephen Marsh, director of CSIA, told ZDNet UK.

On Unix and Windows the administrative privilege rights can allow the wrong people to get unrestricted access to a system, said Marsh. "Mandatory access is controlled by the security policy, which defines what the administrator can do. The administrator can only do what the security policy says you can do, even if you escalate the privilege to root user," Marsh explained.

Hackers commonly gain control of systems by giving themselves administrative access as the root user, allowing them all rights and permissions in all modes.

Open source software has been growing in popularity in recent years, primarily on the server but increasingly on the desktop, too. The CSIA is keen to test it from a security point of view.

"Linux is emerging from academic and developer communities, and we wanted to see how it could work in a complex business environment," said Marsh. "That meant work developing tools to allow systems administrators to simply apply a security policy."

Over the next month IBM, with partners Tresys and Belmin, will pilot Websphere in Durham and Darlington Health Trust. CSIA anticipates a smooth crossover from the Trust's existing Linux platform to SELinux.

"SELinux is a good example of how you take security to the next generation," said Adam Jollans, IBM Linux strategy manager. "We wanted to have wider access between government departments, but also wanted to increase the level of security, without locking down functions."

CSIA affirmed its commitment to encourage the development of secure open source architecture for public sector organisations, but said it would also work with vendors and recommend proprietary products where appropriate.

"It is government policy to use open source where we can," Harvey Mattinson, head of accreditation at the CSIA, told ZDNet UK. "We have a good working relationship with Microsoft, but we're agnostic — we work with everybody."

"We're trying to provide a menu of different techniques in transforming government architecture," said Marsh.

Topics: Apps, Software Development

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.