Many Eyes - No Assurance Against Many Spies

Many of the objections to Dan O'Dowd, CEO of Green Hills Software, assertion that the Linux operating system is unsafe for defense systems were based on the dangerous misconceptions that it is equally easy for foreign intelligence agents or terrorists to infiltrate malicious code into any operating system and that the many eyes looking at the Linux source code will find any malicious code infiltrated into Linux.

The most critical software in a computer system is the operating system code that runs in the computer's privileged mode. Privileged-mode code controls all of the operations, communications, and security of the computer system. It has unrestricted access to anything in the computer. Privileged-mode code can read or write any data on any device. It can send or receive messages from any other computer system, disk drive, or monitor. It can do anything it wants with anything that the computer controls, it can turn (or not turn) the tank, fire (or not fire) the missile, transmit (or not transmit) a message.

Privileged-mode code can read any secret encryption keys stored on the computer system, it can monitor the keyboard to capture any passwords as they are typed in, and it can use those encryption keys, passwords, and its complete control over every encryption device and all encryption software on the system to encrypt or decrypt any message that passes through or is stored on the computer system. It can then transmit that message to any other computer system on any computer network to which the computer system is connected without creating any record of the transmission.

Privileged-mode code can bypass all security checks and encryption. There is no hardware security system that can protect a computer system from complete seizure by malicious privileged-mode code.

The primary objective of an attacker is to insert privileged-mode code into the operating system. This enables the attacker to gain complete control of the system and download any amount of additional attack, analysis, disruption, or spy software. No matter how secure the design of the hardware, algorithms, encryption chips, and application software, a few lines of malicious privileged-mode code defeats the security of the entire system and any other systems that depend on it.

There are plans to deploy Linux in new defense systems including the Global Information Grid and Future Combat Systems. These systems (command and control, radios, tanks, aircraft, etc.) will share information over the Internet from sensors to decision makers and back out to field-based military personnel, "edge-to-edge." Relying on an insecure operating system at any point in the chain, from data gathering to communications to control of equipment, means that these defense systems can be easily subverted, spied on, or redirected at any time by our enemies.

View Entire Paper | Previous Page | White Papers Search

If you found this page useful, bookmark and share it on: