Re: Crypto FS

Re: Crypto FS

[Pete Loscocco]

Dustin Reyes wrote:

> Will the SE Linux team (NAI Labs, NSA, etc.) be conducting
> an extensive security audit of current Linux disk encryption?
> 

No. The goals of this project are pretty specific. We are looking to
incorporate a flexible mandatory access control architecture into
Linux. We are not trying to find/fix bugs or to analyze security
components like a crypto FS to improve on their designs. That is not to
say that these activities aren't useful or needed to improve the
security of Linux in general. It is just not what we have set out to
do. The security of Linux will be improved by the addition of such
security features as those in SE Linux.

>From the point of view of this project our interest in cryptography is
really to investigate ways that the selection of cryptographic
mechanisms can be integrated with the MAC policy applying the same
principles of policy flexibility and separation of enforcement from the
policy decisions. In short we'd like to see a flexible cryptographic
usage policy which is enforced just as the system security policy is.
We hope to be able to make crypto mechanism selection decisions,
including a decision of whether crypto is even required, based on the
security contexts.

I think that these ideas should be investigated in both file system and
network implementations. Certainly cryptography defined behind a
well-defined crypto API makes this idea more feasible. Doing this for
file cryptography is still something we would like to try in the
future, but have no immediate plans. However, we do have plans to build
upon our previous work in this area for networking. We will be
integrating IKE and IPSEC with the existing MAC policy. As this work
really gets started, we'll have more to say about it.

> I know that the team hopes that the philosophy behind SE Linux's
> architecture and SE Linux itself become a standard in
> the industry, but will the strength of fs crypto be compromised,
> or not examined with the same rigor, as the rest of the
> distribution/system?

Again, the goals of our project are not to improve or certify existing
cryptography. We are interested in providing the necessary system
support to use whatever cryptography the system supports in a way that
can be tied to the mandatory access control policy. The details of the
cryptography should be independent of this support, or as much so as is
possible.

Peter Loscocco
Security-enhanced Linux Project Leader
Information Assurance Research Office
National Security Agency

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Crypto FS

[Sandy Harris]

Pete Loscocco wrote:

> I think that these ideas should be investigated in both file system and
> network implementations. Certainly cryptography defined behind a
> well-defined crypto API makes this idea more feasible. Doing this for
> file cryptography is still something we would like to try in the
> future, but have no immediate plans. However, we do have plans to build
> upon our previous work in this area for networking. We will be
> integrating IKE and IPSEC with the existing MAC policy. As this work
> really gets started, we'll have more to say about it.

Are you going to use FreeS/WAN IPSEC?

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Crypto FS

[Dustin Reyes]

Re: Integrate existing publicly available file cryptography
with file mandatory controls 

Will the SE Linux team (NAI Labs, NSA, etc.) be conducting
an extensive security audit of current Linux disk encryption?

I'm asking this question from more of a legal viewpoint,
due to the Executive branch of the federal government's
traditional negative stance towards *effective* personal data
encryption without key escrow as it interferes with
law enforcement to some degree.

I know that the team hopes that the philosophy behind SE Linux's
architecture and SE Linux itself become a standard in
the industry, but will the strength of fs crypto be compromised,
or not examined with the same rigor, as the rest of the
distribution/system?

It may not be a legal problem per se, but I'm concerned that NSA
culture and tradition would prevent a thorough analysis (and the
release of solutions or enhancements to any problems)...

Finally, I'm not a professional coder or cryptologist, so this question
may be completely invalidated by encrypted filesystems are
already implemented... if so, I apologize in advance.

Thanks for your patience and time.

-Dustin

-- 
Dustin Reyes - crusader@linuxgames.com
LinuxGames - http://www.linuxgames.com

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Crypto FS

[Dustin Reyes]

On Thu, Feb 08, 2001 at 03:53:29PM -0600, Dustin Reyes wrote:
> Finally, I'm not a professional coder or cryptologist, so this question
> may be completely invalidated by encrypted filesystems are
> already implemented... if so, I apologize in advance.

Grrr, need caffeine :)

That should've read:

Finally, I'm not a professional coder or cryptologist, so this question
may be completely invalidated by the way encrypted filesystems are
already implemented...  if so, I apologize in advance.

-Dustin

-- 
Dustin Reyes - crusader@linuxgames.com
LinuxGames - http://www.linuxgames.com

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Crypto FS

[Dale Amon]

On Thu, Feb 08, 2001 at 03:53:29PM -0600, Dustin Reyes wrote:
> Re: Integrate existing publicly available file cryptography
> with file mandatory controls 
> 
> Will the SE Linux team (NAI Labs, NSA, etc.) be conducting
> an extensive security audit of current Linux disk encryption?
> 

I doubt they could step into that area. I also doubt they would
want to take on the grief because no one would believe them
anyway.

> Finally, I'm not a professional coder or cryptologist, so this question
> may be completely invalidated by encrypted filesystems are
> already implemented... if so, I apologize in advance.
> 

The linux crypt tree is managed by a lot of very fine people
spread all over the world and anyone who found a hole would
gain instant fame in their esoteric coterie. If you were a 
young math wizard, what better way to gain notoriety that to 
find a backdoor in a popular cipher? I'd say that
there are probably more people pounding on codes outside
government circles now than the total of all the ones who
were ever *inside*. Some people even think its fun. :-)

In any case, there are also standards like AES that are
well trusted. And everyone knows you shouldn't trust DES
for anything more serious than a teen love letter.

In short, I think the people doing the hard work here
should make sure they don't break the international
patches, but it is perhaps not wise for them to step into
quicksand.

And I would in fact be happy to test the interoperability of
the two sets of patches and report any problems. At the
end of the day, its' my customers data that I need to 
protect, and that means a full systemic approach.

-- 
------------------------------------------------------
Use Linux: A computer        Dale Amon, CEO/MD
is a terrible thing          Village Networking Ltd
to waste.                    Belfast, Northern Ireland
------------------------------------------------------

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.