In an earlier blog, I commented on the potential use of Linux in Aerospace & Defense, but I didn't provide any background information to support my assertion that people seem to either love or hate Linux, and that often their views are formed from emotive arguments and prejudice rather than rational fact-based discussions.
Last week, Paul Tingey discussed some interesting examples of polarised views in different countries in a recent blog Open Source: Do you love or hate it? So, I thought I should comment on some of the views which have been expressed in relation to the use of Linux in defence.
In the article 'No Defense for Linux' (Design News), Green Hills Software CEO, Dan O'Dowd, shared his views into what he believes are potential security issues relating to the use of Linux in defence systems. The article is both interesting and thought provoking, and Mr. O'Dowd raises some important questions which do need to be considered.
A number of other bloggers have already commented on this article from a number of angles, the one's which I found the most interesting were Victor Yodaiken: Green Hills, foreigners and the gummi bear threat'; Dana Blankenhorn: 'Is Linux a Danger to National Security?', and Perry E. Metzger: 'News Flash: Proprietary OS vendor dislikes Linux!'). However, I want to follow-up on two of the arguments in the article in particular, as they do not appear to stand up to close scrutiny:
- Open Source peer review
Mr O'Dowd asserted that "many eyes" are no defence against subversive or malicious code which could be used to undermine system security. However, this argument is inconsistent with the accepted best practice for the definition of network security protocols. It has been well documented that security protocols, such as Wireless Equivalent Privacy (WEP), which was designed in isolation without peer review by security experts, was fundamentally flawed. The flaws are documented in Security of the WEP algorithm (Berkeley), and the lack of peer review is highlighted by Jon Edney and William Arbaugh in their book "Real 802.11 Security". This should be contrasted with the approach taken to develop 802.11 wireless security which uses the Advanced Encryption Standard (AES, wikipedia).
- Vulnerabilities in Binary Code
Mr. O'Dowd also asserted that 'source code inspection will never detect vulnerabilities that are only manifest in a system’s executable binary code', which is of course a valid statement. However, the example which he used to illustrate this doesn't actually support this argument. He cited the story of Ken Thompson, one of the original designers of the UNIX operating system, who installed a backdoor (a.k.a. Trojan Horse - wikipedia). Mr. O'Dowd said that Thompson "installed a back door in the binary code of Unix". This statement seem to be slightly ambiguous to me, and I wasn't sure if it meant that the backdoor was installed into the UNIX kernel, so I checked the original article by Ken Thompson 'Reflections on Trust ' (ACM) and found that states explicitly that the Trojan code was actually contained within the UNIX C compiler:
So, the comparison between Linux and UNIX does not appear to be valid in this instance because the GNU C compiler used in Linux is Open Source whereas the UNIX C compiler was not. So the Linux GNU C compiler can undergo source code inspection in the same way as the Linux kernel, so there will be no binary code that has not undergone source code review. Ken Thompson also described a very devious approach to install a backdoor into the UNIX C compiler, which would re-insert itself without when the compiler was recompiled. However, Ken Thompson acknowledged in his article that:"The actual bug I planted in the compiler would match code in the UNIX "login" command. The replacement code would miscompile the login command so that it would accept either the intended encrypted password or a particular known password. Thus if this code were installed in binary and the binary were used to compile the login command, I could log into that system as any user."
A backdoor could be inserted into the GNU C compiler using the same technique, but this could be detected by disassembly of the compiler."Such blatant code would not go undetected for long. Even the most casual perusal of the source of the C compiler would raise suspicions."
So, it would seem that at least some of the arguments against the use of Linux in defence systems do not seem to have a firm foundation based on facts. Don't get me wrong, I'm not saying that Linux is suitable for all types of defence application, but as I discussed previously, I do think we need to have an open mind.
Paul Parkinson is a Principal Systems Architect with Wind River in the UK, working with Aerospace, Defence and Security customers across EMEA. Paul's professional interests include Information Security (InfoSec), Integrated Modular Avionics (IMA) and Intelligence Surveillance Target Acquisition Reconnaissance (ISTAR) systems.
Subscribe to RSS feed.
Paul,
Just wanted to echo you idea of the value of open source in military systems with a reference to a recent blog post of mine that looked at the issue from the 35,000 foot level.
It's here in case you or your readers are interested: http://jakaplan.blogspot.com/2006/10/why-do-militaries-love-open-source.html
Bottom line: Properly used, open source offer big benefits to national security agencies. Which explains is growing usage by them worldwide.
Posted by: Jeff Kaplan | November 28, 2006 at 06:10 PM
Jeff,
Thank you for your feedback. I found your blog very interesting, especially your insights as to why various countries are adopting Open Source in defence.
I have subcribed to your RSS feeed and will look forward to reading your forthcoming posts.
Posted by: Paul Parkinson | December 01, 2006 at 04:50 AM
Thanks, Paul.
Given the leadership that national security agencies in several countries are showing on open technologies, our next phase of the Open ePolicy Group intends to include participants from such agencies from several different countries.
I find it remarkable that they have moved aggressively on open ICT while so many other public sector agencies continues to dither about it.
Posted by: Jeff Kaplan | December 01, 2006 at 08:09 AM