NSA funds work to thicken Linux armor

The NSA awarded the two-year, $1.2 million contract to the PGP Security division of the Santa Clara, Calif.-based company, Network Associates announced Monday. The company will add more security features into a version of Linux the NSA already has paid for called "Security-Enhanced Linux" (SELinux).

Network Associates also will help present the changes to the community of programmers who collectively produce Linux under the open-source method.

The NSA is interested in a version of Linux that is kept more secure by restraining programs so they have only the bare minimum of privileges required to do their jobs. That would make it harder for attackers to take advantage of "buffer overrun" or "format string" vulnerabilities.

The NSA already has worked with Secure Computing to develop SELinux. It's also working with VMWare to create software that will divide a single computer into partitions so, for example, one person working on unclassified work couldn't get access to another's top-secret work.

Network Associates will modify Linux so it can be used to accommodate different security policies, the company said.

The changes will be released to the open-source community, Network Associates said. The General Public License that governs Linux requires that anyone who distributes changes to the heart of the operating system must publish those changes.

Since 1991 when Linus Torvalds began work creating Linux, a clone of the Unix operating system, it has gained in popularity and now is a key part of newer businesses such as Red Hat and behemoths such as IBM.

Because Linux may be freely obtained and modified, it's become a popular foundation for experimentation, from trying out new Internet standards to creating cheap supercomputers.