In a speech intended to serve as a wake-up call to anyone relying on the "many eyes" that look at the Linux source code to quickly find any subversions, the CEO of Green Hills Software Inc. last week reminded his audience how Unix's creator Ken Thompson installed a back door in the binary code of Unix that automatically added his user name and password to every Unix system - a secret he revealed only 14 years later.
In a speech to the Net-Centric Operations Industry Forum, Dan O'Dowd, CEO of Green Hills Software Inc., argued that the proliferation of Linux through a growing number of U.S. defense systems poses a serious and urgent security threat,
"The very nature of the open source process should rule Linux out of defense applications," O'Dowd said.
"The open source process violates every principle of security. It welcomes everyone to contribute to Linux. Now that foreign intelligence agencies and terrorists know that Linux is going to control our most advanced defense systems, they can use fake identities to contribute subversive software that will soon be incorporated into our most advanced defense systems," he con tinued.
In addition, O'Dowd noted, developers in Russia and China are also contributing to Linux software. Recently, the CEO of MontaVista Software Inc., the world's leading embedded Linux company, said that his company has "two and a half offshore development centers. A big one in Moscow and we just opened one in Beijing."
Linux has been selected to control the functionality, security, and communications of critical defense systems including the Future Combat System, the Joint Tactical Radio System and the Global Information Grid, said O'Dowd.
"If Linux is compromised, our defenses could be disabled, spied on, or commandeered. Every day new code is added to Linux in Russia, China and elsewhere throughout the world. Every day that code is incorporated into our command, control, communications and weapons systems. This must stop," he added, before continuing:
"Linux in the defense environment is the classic Trojan horse scenario - a gift of 'free' software is being brought inside our critical defenses. If we proceed with plans to allow Linux to run these defense systems without demanding proof that it contains no subversive or dangerous code waiting to emerge after we bring it inside, then we invite the fate of Troy."
One of O'Dowd's most telling points came when he debunked the claim by Linux advocates that its security can be assured by the openness of its source code, arguing that "many eyes" looking at the Linux source code will quickly find any subversions.
Ken Thompson, the original developer of the Unix operating system (which heavily influenced Linux) proved that this just isn't true, O'Dowd argued. Thompson installed a back door in the binary code of Unix that automatically added his user name and password to every Unix system.
O'Dowd told his audience that, when Thompson revealed the secret 14 years later, he declared:
"The moral is obvious. You can't trust code that you did not create yourself. No amount of source-level verification or scrutiny will protect you from using untrusted code."
"Before most Linux developers were born, Ken Thompson had already proven that 'many eyes' looking at the source code can't prevent subversion," said O'Dowd. "Linux is being used in defense applications even though there are operating systems available today that are designed to meet the most stringent level of security evaluation in use by the National Security Agency, Common Criteria Evaluation Assurance Level 7 (EAL 7)."
"We don't need cheaper security. We need better security. One 'back door' in Linux, one infiltration, one virus, one worm, one Trojan horse and all of our most sophisticated network-centric defenses could crumble. We must not abandon provably secure solutions for the illusion that Linux will save money. We must not entrust national security to Linux," O'Dowd concluded.