Open Source

FBI supplier readies secure Linux

A new version of the operating system has been built by TCS, which sells software to U.S. intelligence agencies.

Stay on top of the latest tech news with our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!

By Ingrid Marson
ZDNet (UK)

Trusted Computer Solutions is branching out from its Solaris roots with a secure version of Linux, due out in spring 2005.

The software company, also known as TCS, is currently testing the secure version of Linux, which will provide its customers with an alternative to Sun Microsystems' Trusted Solaris operating system for running the TCS product line.

TCS builds applications that allow information to be shared securely. Edward Hammersla, the company's chief operating officer, said that when the British Ministry of Defence or NATO requires a piece of U.S. intelligence, the data is often shared using TCS software. The company's customers include the FBI, the U.S. Defense Intelligence Agency and the U.S. Office of Naval Intelligence.

At present, TCS customers can only run applications on Trusted Solaris, as this is the only "trusted" operating system available on the market. To provide an alternative to Trusted Solaris, developers at TCS have built a custom version of Linux by extending the functionality of SELinux—a security-enhanced version of Linux developed by the U.S. National Security Agency.

The product is targeted at certification under the U.S. Common Criteria Evaluation at Evaluation Assurance Level 4 (CC-EAL4). Hammersla said that the CC-EAL4 certification is essential if TCS solutions on Linux are to be sold to the intelligence industry, and this is not the only challenge that needs to be overcome.

"Intelligence agencies need to go through a number of approval bodies before they can buy anything—which is a bit like the Olympics with 25 extra hurdles you don't expect," Hammersla said.

Hammersla said there has been significant interest in the product, primarily for cost reasons. The Trusted Solaris operating system runs only on Sun hardware, while Linux can be run on numerous hardware platforms, including low-cost Dell and IBM systems.

TCS is not the only company working on secure Linux. At the end of September, a consortium including French Linux vendor Mandrakesoft won a three-year contract from the French Ministry of Defense to develop a secure version of Linux.

Francois Bancilhon, the chief executive officer of Mandrakesoft, said that he expects a beta version of this product in two years. The consortium aims to get the software certified at CC-EAL5, one level higher than the certification TCS is aiming for. He admits this will be challenging.

"That level is a toughie—few operating systems have reached this level of certification," Bancilhon said.

But TCS' Hammersla is not convinced that reaching this extra level is worth it.

"EAL4 is the highest level for general-purpose computing," Hammersla said. "Once you get beyond EAL4, you lose Windows and point-and-click functionality. Instead you have to use command lines. Most EAL 5, 6 and 7 systems are embedded systems, for example, in planes."

Ingrid Marson of ZDNet UK reported from London.

Editor's Picks

Free Newsletters, In your Inbox