Decision time for reaching true computer security

Decision time for reaching true computer security

Summary: Good news for military (or financial) controllers who sit at a desk with a half-dozen PCs when one secure one would do.

SHARE:
TOPICS: Security
6

The quest for secure computing has come to a crossroads. On one hand the most popular computing platform in the land, Microsoft Windows, is being significantly upgraded with many security enhancements, but the biggest IT advisory firm in the land says wait until 2008 to use it with confidence.

On the other hand, the U.S. government's pursuit of general standards for secure computing, Don't hold your breath waiting for military-grade Windows.capped under the umbrella of Common Criteria Evaluation and Validation Scheme, is now being publicly embraced by scores of IT vendors as they rush to show how their products meet or exceed these latest dictates of military- and national security-level best practices for IT security.

One nice thing about the new Common Criteria 3.0 (CC) is that you don't have to wait for some third-party research firm to give the thumbs-up on whether it is safe to use software. Once a software product, or any controlled code distribution, has gained CC-level accreditation, you should feel pretty darn good about using it. If it's good enough for the National Security Agency and the Pentagon, it should be be good enough for my address book.

Indeed, if Microsoft could attain CC validation when it brings Vista to market in about a year, then there would be no need to wait to use it. In fact, you'd be a damned fool not to rip out any of your older Windows, Linux, Netware, or Solaris right then and there and replace it all with CC-grade Vista. And you wouldn't have to wait for Gartner to say it's okay to use it. You'd know: Bada-bing, bada-boom.

But don't hold your breath waiting for military-grade Windows. The validation process for those many millions of lines of code -- even if the stuff was secure enough -- would take hundreds of man-years of labor and testing. Seeking such accreditation wouldn't make market nor financial sense; Windows 2011 would be out by then.

It's really hard to get CC-type security clearance. Even Sun's Trusted Solaris is operating on waivers from some of the strictest military certifications. The certifiers reckon that Trusted Solaris has been so good for so long that it should be "trusted," but that is still does not mean it has actually attained the highest levels of security clearance. It has simply gained an a priori clearance of sorts. You have to imagine that Sun would call it "Totally Certain Solaris" if it weren't for those pesky waivers.

Indeed, one of the biggest hurdles for vendors to gain the CC-level clearance and Pentagon's MILS/MLS-level benefits is size. When there is so much code, all the ins and outs need to be checked and cleared. So a general rule of thumb is the smaller the code base, they easier it is to certify. It's no coincidence that smaller code also usually means more secure, too. Also, each part of the code needs to be independently secure from all the other parts, hence the Multiple Independent Levels of Security (MILS) part. The key is independent levels of security, initially proposed brilliantly more than 20 years ago by J.M. Rushby. Thanks, doc.

So why are we at a crossroads for computer security? Because as more vendors gain CC-clearance, it makes sense to swap out non-CC stuff, or at least to put the CC stuff around the non-CC stuff as a wrapper, or at least build your firewalls and defenses with CC-grade solutions. Windows in a CC-grade container is better than just plain old Windows (POW).

Here's an example. At a Green Hills Software conference last week I saw an awesome demonstration of a standard x86 PC running a military-grade certified embedded software real time operating system, Green Hills' INTEGRITY, that itself acted as the security blanket for Windows and Linux, themselves running natively their applications. They call it running the commercial OSes in a padded cell, but I like calling it a security blanket better.

They say that many of the vulnerabilities of Windows or Linux still exist in such a mode, but at least the OSes are fully isolated. And you can manage the apps' access by giving them different levels of security, with no way to allow contact between apps not cleared for access.

That means for those needing real security -- you people with my credit card number online, that means you -- no longer need a separate PC on a separate network for multiple applications. They can run them in an INTEGRITY PC or server and gain beautiful and certified isolation. This is good news for military (or financial) controllers who sit at a desk with a half-dozen PCs, each running one or two applications, only to properly isolate them from potential security lapses between them and from the OSes.

The notion of a small, tight, highly certified OS -- one good enough to fly a fighter jet -- offering a powerful security benefit and full partitioning on an off-the-shelf PC has major ramifications. Sun has been chatting up the benefits of the partitioning in Solaris 10 and its Janus Project for doing a similar security blanket benefit, but INTEGRITY is small enough to run on an electric razor, and has some of the highest security clearance of any software anywhere.

Green Hills is being coy about how and when it will come to market with its security blanket PC solution. CEO Dan O'Dowd says they have an initial happy customer using the Padded Cell approach, but he won't say who. Probably some agency with three letters.

Perhaps an OEM deal might make sense with some other vendors. HP, are you listening? Red Hat? How about Microsoft? Why not make Vista market ready when it ships by getting it a security blanket?

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Re: "Why not make Vista market ready when it ships by getting it a security

    ...blanket" ????

    OBVIOUS ANSWER: ALL MICROSUCKS CODE IS CRAP !!!

    You can wrap Vista in toilet paper and it will still be EXCRETE as far as code is concerned. Maybe (but I doubt it), it will be more secure, but history has shown us that the code will still have 10,000+ KNOWN DEFECTS that MICROSUCKS will fail to DISCLOSE PRIOR TO SALE, but will be discovered within months of Bill Gates reaping BILLIONS more in personal compensation for selling DEFECTIVE GOODS. And these 10,000+ KNOWN DEFECTS that are NOT disclosed prior to sale will result in TRILLIONS OF DOLLARS in financial and data losses to consumers worldwide, while Dollar Bill lines his pockets with stolen money.

    IMNHO, anyone foolish enough to use or buy Vista deserves exactly what they get including all the pain, suffering, financial losses, exploitation, and other unsavory MICROSUCKS abuse. IMNHO the world does NOT need nor should it ever adapt ANY defective MICROSUCKS O/S, be it Vista or any other totally defective code.

    Why on Earth would ANYONE touch this CRAP with a ten foot pole ???
    realitycheck101
  • Military grade Linux

    This level of security and more can now be achieved to provide a military grade Linux. Provides mandatory access controls and tamper resistant auditing of all system users.

    Trustifier is security sub-system designed for the enterprise, that converts Linux servers into a trusted computing environment, but without the complexity, training and Linux skill requirements, (and high TCO) of many other solutions.

    Product information can be found at www.googgun.com.
    praetorpal9
  • Military grade Linux

    This level of security and more can now be achieved to provide a military grade Linux. Provides mandatory access controls and tamper resistant auditing of all system users.

    Trustifier is security sub-system designed for the enterprise, that converts Linux servers into a trusted computing environment, but without the complexity, training and Linux skill requirements, (and high TCO) of many other solutions.

    Product information can be found at www.googgun.com.
    praetorpal9
  • When you

    I would be extremely naive to believe there will ever be any kind of totally secure computing. It's more that a system may be made harder to crack/hack than another and this too will be a variable in time. If one was to believe that they had the most secure system and relied on that system they would be living in a fools paradise, because eventually someone will break in. Throughout history people have looked for security only to discover that it is an illusion.

    Usually the better the illusion the worse the disaster which befalls the believer. The best form of security is a kind of controlled paranoia where you are always on watch for any breach of your security, always changing the way you secure your system, never relying on anyone outside for your security. Even so some hapless fool may blunder in and discover the "Emperor has no cloths" your secrets discovered and laid open to the world.

    I guess a lot depends on what you wish to keep secret, it's value and the time for which it will have value. You could I suppose form an equation where you plug in values to determine the cost and time over which that cost would span if the secret was revealed. With that information you could determine what you must do to protect your secret. Suppose your secret was the winner of the next horse race then time may be the biggest factor, all you'd want to do is delay that knowledge from being revealed until you collected your winnings. This is a case of the secret is only of value for a short time and maybe to a limited number of people so it could possibly be kept secret with little effort. However if you'd been really bad and had committed fraud at a high level in a major corporation or had committed war crimes, that will take much more effort to cover it up and the chances are that no matter what you do will stop you from being detected or even getting caught.

    Back to computers, most discussion of security seems to be around technology not on the thing that is being secured. As above much of what is stored on computers fits with the above, it has a value, it has a life time in which it has value and it has a cost should it be revealed. These factors seem to not have been the concern of many if any commentators, yet they have a direct bearing on how and how well we wish to protect our systems.

    The main thing seems to have an understanding of what we are attempting to secure and the cost of securing it, compared with the cost of exposure.

    On a different more technical track, the constant desire by some to standardize and integrate systems works against security. The diversity of systems promotes security as also does fragmentation. This is an area I could expand on at great lengths but not here or now.
    Gravitas9
  • When you're hiding under your security blanket, will you feel safe?

    I would be extremely naive to believe there will ever be any kind of totally secure computing. It's more that a system may be made harder to crack/hack than another and this too will be a variable in time. If one was to believe that they had the most secure system and relied on that system they would be living in a fools paradise, because eventually someone will break in. Throughout history people have looked for security only to discover that it is an illusion.

    Usually the better the illusion the worse the disaster which befalls the believer. The best form of security is a kind of controlled paranoia where you are always on watch for any breach of your security, always changing the way you secure your system, never relying on anyone outside for your security. Even so some hapless fool may blunder in and discover the "Emperor has no cloths" your secrets discovered and laid open to the world.

    I guess a lot depends on what you wish to keep secret, it's value and the time for which it will have value. You could I suppose form an equation where you plug in values to determine the cost and time over which that cost would span if the secret was revealed. With that information you could determine what you must do to protect your secret. Suppose your secret was the winner of the next horse race then time may be the biggest factor, all you'd want to do is delay that knowledge from being revealed until you collected your winnings. This is a case of the secret is only of value for a short time and maybe to a limited number of people so it could possibly be kept secret with little effort. However if you'd been really bad and had committed fraud at a high level in a major corporation or had committed war crimes, that will take much more effort to cover it up and the chances are that no matter what you do will stop you from being detected or even getting caught.

    Back to computers, most discussion of security seems to be around technology not on the thing that is being secured. As above much of what is stored on computers fits with the above, it has a value, it has a life time in which it has value and it has a cost should it be revealed. These factors seem to not have been the concern of many if any commentators, yet they have a direct bearing on how and how well we wish to protect our systems.

    The main thing seems to have an understanding of what we are attempting to secure and the cost of securing it, compared with the cost of exposure.

    On a different more technical track, the constant desire by some to standardize and integrate systems works against security. The diversity of systems promotes security as also does fragmentation. This is an area I could expand on at great lengths but not here or now.
    Gravitas9
  • RE: Don't hold your breath...

    Don't hold your breath waiting for Microsoft (or any single Government or company) to make this world safer for you! On the Computer side of this - I wonder if the writer of this article is employeed by Microsoft. Wow - we will all be waiting for Vista to complete us ... and the next....? My main point is: do you think that by locking your door at night, that this will keep any one out that realy wants to get in? A lock (on our door) is just a deterent - a message that we do not want uninvited visitors. WE need to make those who trespass more accountable for their actions - that is the simple answer. I, personally have found that my Windows SP1 has been more stable, since I quit downloading every patch (except for major virus problems) that M/S thinks I need. I - do not want any govenment agency, or (whoever else) babysitting my actions (has no one heard of George Orwell's version of 1984?).

    ...Steve
    stevezd