|
Thread: Comments for: "Linux and Security: Mission Impossible?"
|
|
|
|
Replies:
6
-
Pages:
1
-
Last Post:
Oct 31, 2009 7:10 PM
Last Post By: Longpoke
|
|
|
|
|
|
|
Comments for: "Linux and Security: Mission Impossible?"
Posted:
Oct 24, 2009 1:40 AM
|
|
|
|
|
|
|
|
|
|
Re: Comments for: "Linux and Security: Mission Impossible?"
Posted:
Oct 24, 2009 1:40 AM
in response to: Guest
|
|
|
|
uh, so what would it take to make an OS suitable for "high criticality" systems? according to your logic, it would need to have no flaws - not just a history of close, conntinuing scrutiny and fixing flaws. and since you're mixing local priv escalation issues with remote user-land bugs, you're not just requiring the kernel to be perfect, but also all the user space daemons and utilities. overall, this article is not very well-thought-through. for instance, the 11M LOC for 2.6.30 is counting all possible architectures and drivers - that doesn't measure exposure of any single system. further, what is the threat model here? talking about local-priv vulns imply that you've got untrusted users - does that sound like a "high criticality" system? isn't such a system more likely a non-user-accessible server?
aren't there more interesting issues here? like how much OSS benefits from vastly higher levels and diversity of scrutiny and testing? how apps which are actually explosed to threats can be partitioned or hardened - heck, how can they receive the kind of testing that the kernel gets?
actually, a comment like "never designed for robustness" is pretty insulting - Linus was hardly oblivious to the long history of unix security awareness.
|
|
|
Posts:
1
Registered:
10/24/09
|
|
|
|
Re: Comments for: "Linux and Security: Mission Impossible?"
Posted:
Oct 24, 2009 1:01 PM
in response to: Guest
|
|
|
|
Actually the article is spot on, and we must take care to separate our opinions on Linux from the technical fact that it is a general-purpose operating system that was not designed with security or robustness as a primary requirement. Of course Linus and all contributors work hard to make Linux more secure and more reliable, but if you've never gone through some of the specifications for safety critical (e.g. DO-178B) or robust (e.g. Common Criteria for particular PPs), you can't quite appreciate the difference between a desire for, a best effort towards and a formal proof of these requirements.
Answering the Guest's question of what it takes has been done, but it's worth another article to answer. The fact is that using Linux in an IT environment can indeed add diversity alongside BSD and even Windows, and where Windows PCs protect National secrets I believe (but I can not yet prove) that Linux is a better choice, but to Mr. Cole's point, no way am I getting on an airplane controlled by Linux. I have a hard enough time keeping an Android phone from rebooting and a Linux Web server from crashing.
Smaller, more purposefully designed RTOSs with formally applied methods are still better suited critical tasks. How long that remains true is up to how badly both the RTOS and GPOS camps want to play in each-other's spaces.
|
|
|
Posts:
2
Registered:
10/23/09
|
|
|
|
Re: Comments for: "Linux and Security: Mission Impossible?"
Posted:
Oct 26, 2009 3:42 AM
in response to: Guest
|
|
|
|
Great article and I agree with the comments made by EmirO. Is QNX certified to any particular security standard?
|
|
|
Posts:
1
Registered:
10/26/09
|
|
|
|
Re: Comments for: "Linux and Security: Mission Impossible?"
Posted:
Oct 26, 2009 12:52 PM
in response to: Guest
|
|
|
|
This article reads like a smear: distorting of the facts subtlety combined with emotionally laden bias.
Just exactly what high capability OS in broad use has NO CVE reports? Who would be irresponsible enough to incorporate a software product without waiting for a normal upstream maturation for issues related to security, reliability, and performance (latency, throughput, scalability)? When would an embedded product be developed without identifying the specific nature of the hardware, characterization of I/O, and constraining to required capabilities?
Even in the case of more general purpose computing application in secure contexts there are input and networking constraints; physical access constraints; and possibly even the need to operate in a Faraday cage. Furthermore, maturity of an upstream source (say RHEL5 a minimum of 18 months after release) combined with meticulous tracking of security issues; rapid incorporation or mitigation for solutions; custom high constraint security profiles (SELinux, standard security; constrained daemons; auditing; ACLs; etc.).
If my solution includes Linux in a embedded secure context I get the benefit of its extensive exposure to insane hardware configures; naive users; remote cracker hackers; complex daemon configurations; heavy loads; etc. These use cases provide focus for developing of constraints and system maturation which few solutions can match. Furthermore, I can look at tools like Coverity for doing my own security auditing.
None of the other RTOS solutions can make these claims since none of them have the level of resources and real world auditing to which Linux is exposed. OpenBSD can make some pretty good security claims due to the attention paid to auditing early in the process, but I don't see the proprietary commercial solutions matching the benefits of either one.
If someone discovers a bug in an X server I don't use (and doesn't exist on a competitive platform) when used in conjunction with a NIC driver I don't use (and also doesn't exist in the competition) along with a print driver solution that I don't use and a security configuration I don't use with a filesystem type that I don't use and kernel options that I don't use: should I consider the comparatively limited proprietary solutions to be superior or irrelevant?
|
|
|
Posts:
1
Registered:
10/26/09
|
|
|
|
Re: Comments for: "Linux and Security: Mission Impossible?"
Posted:
Oct 26, 2009 3:51 PM
in response to: Guest
|
|
|
|
INTEGRITY is the market leading (revenue market share) high reliability RTOS technology, deployed for more than a decade in life-critical medical devices, aircraft control systems, industry/process control systems, NSA-approved crypto communications equipment, printers, networking gear, web servers, automobiles, etc. Many of these devices are network-connected and must protect against the most sophisticated attackers (not your run-of-the-mill Internet script kiddie).
This technology has also been certified to the highest levels of safety (DO-178B Level A) as well as the highest Common Criteria security level (EAL 6+/High Robustness) ever achieved for any software product. This level requires, among other things, a formal mathematical proof of system security. While Linux is great for many things, high robustness security was simply not a goal of its designers.
But there’s no reason why the security of INTEGRITY and the bells and whistles of Linux (and other general purpose platforms – Android, Windows, etc.) cannot coexist. INTEGRITY first hosted Linux in virtual machines within hand-held mobile devices back in 2003. And over the years, that model has extended to PCs and smartbooks, networking equipment, and many other types of embedded and mobile devices with many different “guest” operating systems. So we can have the best of both worlds – bullet proof security alongside our favorite multimedia environments. Surf the web with Firefox or Chrome while INTEGRITY guarantees the authenticity of your financial transactions. INTEGRITY’s security design and modern CPU architecture have made this practical. So let’s get beyond the argument of how secure Linux is and apply best of breed technology in harmony to truly unlock the potential of our digital world.
|
|
|
Posts:
1
Registered:
10/31/09
|
|
|
|
Re: Comments for: "Linux and Security: Mission Impossible?"
Posted:
Oct 31, 2009 7:10 PM
in response to: Guest
|
|
|
|
The reason why General Purpose O/S are insecure isn't that complicated, Using C or low level languages alike is just fundamentally insecure (unless you are God).
If you want to see General Purpose O/S become secure, the entire paradigm which they lay upon will have to shift. I hate to admit it, but things like Java CPU would have to become mainstream, and even then, there is still the possibility of semantic flaws in code. Then after all that, you have to be able to trust 1) your O/S vendor, 2) your software vendors, 3) your hardware vendors. This is why I agree with the article.
I don't think truly secure GPOS will be possible until significant fundamental changes are made. I can see it becoming impossible for stack smashing bugs to happen, but vendor trust, how would that ever happen? Thousands of people work on systems such as Windows, *Nix, and *BSD. I'm sure a little evil code slips in every now and then.
|
|
|
|
|
|
|
