DARPA Hoists the Red, White and GNU

by Don Marti

According to the solicitation for proposals on DARPA's web site, "These trusted operating system capabilities will be created by engaging the Open Source development community in the development of security functionality for existing open-source operating systems." In other words, military security development is coming soon to your friendly neighborhood CVS server, and, by the way, free software licenses mean that you won't have to wait, or negotiate technology transfer red tape, to benefit from spinoffs.

"DARPA has developed an entire research program in the area of Trusted Open Source Operating Systems and has been coordinating the research agenda with NSA," said Dr. Douglas Maughan, program manager, in an announcement to the National Security Agency's Security Enhanced Linux mailing list. "Most of it is aimed at improving existing open-source operating systems," he added.

NSA already has a program to develop a Security Enhanced Linux, based on kernel version 2.2.12, that implements some advanced security concepts including role-based access control.

DARPA, when it was known as ARPA, was the original sponsor of ARPAnet, which became the Internet. The agency has long been a sponsor of fundamental computer science research. The mainstream military-industrial complex in the US, however, has been paying sutler's prices for unreliable proprietary operating systems, causing alarm among DARPA's elite computer science researchers, as well as public embarrassment, as the Navy's proprietary-OS-based "smart ship" had to be towed to shore in 1997. "Using Windows NT, which is known to have some failure modes, on a warship is similar to hoping that luck will be in our favor," Atlantic Fleet Technical Support Center engineer Anthony DiGiorgio wrote in the Proceedings of the U.S. Naval Institute the following year.

In a 1998 report to DARPA, Mark Berman of BBN Technologies wrote that military users are demanding that DARPA develop for a proprietary operating system, but "common complaints include the lack of a real remote login capability, poor support for scripting and utility languages, and frequent system crashes (the so-called "blue screen of death")." With the new commitment to free-software-based defense information systems for the future, DARPA seems determined to mark the beginning of the end for this frightening state of affairs and, perhaps more importantly in peacetime, secure and improve the free software we use every day.

Resources:

Broad Agency Announcement: COMPOSABLE HIGH ASSURANCE TRUSTED SYSTEMS http://www.darpa.mil/ito/Solicitations/CBD_01-24.html

National Security Agency Security Enhanced Linux: http://www.nsa.gov/selinux/

Load Disqus comments