IBM Corp has announced that it has completed a pilot project with the UK government’s Cabinet Office to test advanced security mechanisms in Linux and WebSphere, and is now looking for new projects to test the Mandatory Access Control capabilities with DB2 and Tivoli.
Questions in the House of Lords in June 2005 revealed that the Cabinet Office’s Central Sponsor for Information Assurance unit was developing proof-of-concept systems using Security Enhance Linux to support remote working and web services. In May this year IBM revealed that it was involved in the project along with Red Hat, Tresys Technology, and Belmin Group.
The proof-of-concept trial at County Durham and Darlington Acute Hospitals NHS Trust focused on providing secure system access for Belmin’s Aries (automated reconciliation and invoicing efficiency savings) service. Aries utilizes IBM WebSphere MQ messaging to enable communication between the NHS and external suppliers.
IBM’s executive IT architect for its Linux Technology Center, Doc Shankar, explained that the project was designed to overcome a problem governments face in trying to provide joined-up government services while maintaining the security of individual systems.
Describing connectivity as the biggest nightmare you have he explained how hackers will look for a weak spot in the system and then spread out from there to target critical applications.
The majority of attacks are pretty much done the same way, he said. A hacker is not going to go after strong places. The first thing they do is go after your weak systems. In a standard operating system there is nothing you can do to prevent this. Either you’re a standard user or you are root, and if you’re root you have access to everything.
The answer is Mandatory Access Control, which provides fine-grained policy-based security on individual operating system and application components, preventing any actions that are not explicitly allowed by policy. MAC has been around for a long time, and is already included in Red Hat Enterprise Linux, thanks to the SELinux functionality originally developed by the US National Security Association.
The problem is that it is extremely costly and complicated to implement despite its benefits. You have the value proposition, now it’s an implementation problem, said Shankar. The challenge is writing the policy. He said in the proof-of-concept trial that meant a three-day policy requirements meeting, which generated about 40,000 rules.
In order to make the job of writing and testing those rules easier, IBM and the CSIA turned to SELinux specialist Tresys and its policy compiler technology, which defines the policy at a higher level and maps it to fine-grained component actions. It then to three-to-four months of testing and the input of IBM’s ethical hacking team to fine tune the policy and prove it worked, said Shankar.
With the project now live, Shankar said that IBM is now looking for new proof-of-concept trials to repeat the development work with its DB2 database and Tivoli systems management tools, while also considering ways it which it can commercialize what it has learned.
What we’re going to do is take it back to the software group and services team, said Nallu Reddy, director of world wide open source and Linux sales for IBM software. We’re looking for the next pilot to do DB2 and Tivoli, and we’re looking at a business case to build a services business around this.
Shankar also maintained that there’s nothing we’re doing in this project that only applies to government.
In the meantime, Linux-related improvements will be delivered in the form of Trusted Linux, a project initiated by Red Hat, IBM, and Trusted Computer Solutions Inc, a provider of secure information sharing technologies to the US Department of Defense and the intelligence community.
We’ve actually taken SELinux and are adding this multi-level security into it, said Shankar. Trusted Linux will be available in the second quarter of next year and will enable data sharing in government. Trusted Linux is Red Hat Enterprise Linux 5.0 certified with Common Criteria EAL4.