Schneier on Security
A blog covering security and security technology.
« Friday Squid Blogging: Welcome Squid Overlords |
| Pirate Terrorists in Chesapeake Bay »
May 18, 2009
Kylin: New Chinese Operating System
China has developed more secure operating software for its tens of millions of computers and is already installing it on government and military systems, hoping to make Beijing's networks impenetrable to U.S. military and intelligence agencies.
The secure operating system, known as Kylin, was disclosed to Congress during recent hearings that provided new details on how China's government is preparing to wage cyberwarfare with the United States.
"We are in the early stages of a cyber arms race and need to respond accordingly," said Kevin G. Coleman, a private security specialist who advises the government on cybersecurity. He discussed Kylin during a hearing of the U.S. China Economic and Security Review Commission on April 30.
The deployment of Kylin is significant, Mr. Coleman said, because the system has "hardened" key Chinese servers. U.S. offensive cyberwar capabilities have been focused on getting into Chinese government and military computers outfitted with less secure operating systems like those made by Microsoft Corp.
"This action also made our offensive cybercapabilities ineffective against them, given the cyberweapons were designed to be used against Linux, UNIX and Windows," he said.
Is this real, or yet more cybersecurity hype pushed by agencies looking for funding and power? My guess is the latter. Anyone know?
Posted on May 18, 2009 at 6:06 AM
• 72 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Last I heard, FreeBSD - from which Kylin appears to be derived - was not regarded as a national secret anywhere.
I have seen some discussion that identifies "Kylin" as a hardened version of FreeBSD. If that is the case, I wouldn't think it would be to hard to understand it. It also begs the question: does the US have a well hardened version of a BSD or some other *nix available for military/intelligence/government use? I have a hard time believing that they don't.
The NSA contributed to SELinux, so I assume that competence is available in the USA. If government managers would chose a less leaky platform for their servers that would already make a lot of difference. (I also saw a mention of a "secure CPU" in the article... IIRC the "Dragon" is MIPS based and not that special.)
I place the article in the category "hyping", it spins sensible measures China government is taking to protect its infrastructure from hackers as "preparing for cyberwar". If the US was the leading nation in computing they would have taken similar measures several years ago.
SELinux is definitely an obvious candidate. One thing I wonder about is the nature of the BSD license which seems to allow modification without contribution. I suspect that the chinese are good at that. Also, some within the linux kernel community have shown a certain animosity towards security issues in general, although it seems like some of that is being dealt with "offline", for better or worse.
Wow, I didn't know that so many parts of the US government run Linux rather than Microsoft.
So, China's moving from MS to Linux and that people in the US are 'sexing it up' to look like a threat to US domination rather than MS domination...
What does it tell you when a purely defensive posture is interpreted as an arms race?
... no, it doesn't tell you what you think. It tells you that someone's spotted yet another buck to be made in a the weird party called "US Arms Appropriations"
Actually, I wonder it's available for download? I'll get our chinese speaking network admin to try it out.... ;-)
Source and docu can be downloaded from e.g. here (http://www.honeytechblog.com/downlod-kylin-operating-system-by-chinaqingbo-wu/)
Hardly anything to get all worked up about as it seems. Kylin appears to be a FreeBSD based OS with some proprietary security extensions. As if any other government creating their own proprietary security stuff would make that available to the public. (Last time I checked security by obscurity was still very popular :-)
Is this a chinese attempt to run Apple's OS X on the 'IBM PC' platform?
"Is this real, or yet more cybersecurity hype pushed by agencies looking for funding and power? My guess is the latter. Anyone know?"
No, but I feel I ought to speak up, lest someone think I know something :-|
I wonder, when a government-connected spokesman bewails the difficulty of penetrating Chinese OS security, could that be a bit of deliberate misdirection? Ordinarily, I wouldn't expect U.S. intelligence to encourage any discussion of our success at penetrating adversary systems. But this "consultant" feels he can bandy such information about publicly, without putting his government contracts --- or his security clearance --- at risk. I'd say, he has a green light from the securocracy to do so.
So the question is, what do they gain? Is this bit of fluff aimed at Congress, at the Chinese, or both?
This sort of reminds me of when companies in the US couldn't export strong crypto because if the "bad guys" outside the US had strong crypto, then the US wouldn't be able to "break their crypto" and read their data. Turns out the "bad guys" had strong crypto anyway, so the export ban only ended up penalizing US companies.
So what if foreign countries are using their own (non-US made) operating systems that are more secure than products they can buy from US companies? If the US cyberwar capabilities are based solely on the enemy using operating systems that they know how to break (i.e. Microsoft), then I would suggest they get a new strategy.
Why would China even want to wage a "cyber war" against the US ?
A large part of China's economy is based on manufacturing goods for the US. China owns a large portion of the US national debt. Surely disrupting the US would hurt China as well.
So what? Security fails at the seams, and there's plenty of other gaps between people, process and technology.
If the only attack vector available was technology then our spooks would be both helpless and hopeless, but I'm pretty sure it isn't and so they're not. ;)
I can think of a dozen reasons why China (or anyone) would move away from M$ products, so as combat indicators go it's not especially credible.
"U.S. operating system software, including Microsoft, used open-source and offshore code that makes it less secure and vulnerable to software "trap doors" that could allow access in wartime, he explained. "
Offshore code? Software trap doors? Either the clueless reporter totally mangled what his experts told him, or he should find some new experts. Since this is the Washington Times, I think it can be safely ignored.
Gary Smith, a cyber war needn't be only for the purpose of destroying the US's infrastructure (which you correctly point out would damage China's economy). It might be used to selectively damage (or steal information from) US companies to benefit China.
I hope that they will contribute their enhancements back to FreeBSD, so that we can all be better off.
The US government was on track to using a similarly secure OS, until GOSIP guidelines were derailed by MS Windows. Not sure how much of that can be blamed on the failure of SunOS and other Unix vendors to (continue to) develop the desktop market and how much to MS lobbying (probably equal parts of both) but this is probably a good time to revive the core GOSIP criteria as a requirement of all federal and state computing systems.
It is strange how comparatively little attention the OpenBSD project receives. It is, as far as I know, the only effort to develop a proper operating system. By proper, of course, I mean one that adheres to standards and coding discipline. SELinux - that's just bolted on. Who really runs it? I'll bet most people just turn it off. The *process* by which the OpenBSD people achieve their results (correctness) is true security.
I suspect that of more importance is not the OS but the hardware it runs on, I suspect the CPU's etc will be free of American "taint" such as microcode etc, oh and the chips will almost certainly be produced by China in quantities that will make Intel's eyes water.
With regards to MS If you think back awhile they virtualy gave the NT source code to the Chinese in an attempt to stop piracy (it failed) so the Chinese already have a very good idea of all the MS Stables strengths and weaknesses (as if it was not fairly obviouse to all including Bill, with his latest war on memcpy() and friends ;)
The simple fact is that China has enough native "low cost" talent to make their own OS and Apps atleast as well as the more expensive WASP nations products.
If the Chinese ditch C/C++ and friends with the inbuilt security problems and switch to another similar language (but without the security swiss cheese) then they could be streets ahead in just a few months should they want to put the effort in.
I suspect the next step will be to ensure that irespective of anything else their OS is a must use for all those bods in third world countries currently getting economic support from China.
Further it will be given (enforced) on those wishing to work with the Chinese in Africa etc, and within a few yesrs MS will be history in Africa and other parts of the third world including South America.
Not so much cyber warfare as plain old economic warfare but still a National Security issue none the less. Because if China wins this one then the US is seen to have lost irespective of the actual state of affairs.
I took a look at Kylin over the weekend. It can be downloaded from kylin.org.cn. It took about four days to download with wget -c. It is not FreeBSD, it is Linux with a 2.4 kernel and a zh-cn theme over KDE. The installer and menus are available in English and Chinese. It doesn't appear to have any way to update it like RHN, synaptic or yum. I also looked at the forums and news sections of the site. The news is updated regularly but the forum activity is infrequent. There aren't any recent bug reports and I don't think Kylin 2 has had an update in a long time. An Oracle 9i binary is also available for download.
Well, based on past behavior, the real need for US Cyberwarfare capabilities is to improve it's ability to spy on its own citizens. The China fuss is a "red" herring.
Does this mean that it is official US Government policy that FreeBSD is more secure than Micrsosoft's operating systems?
>> Why would China even want to wage a "cyber war" against the US ?
Why would any nation result to conventional or nuclear war? The Chinese are quite naturally looking out for China first. I suppose the USAF is annoyed that they actually have to do some work, now that they've added cyberspace to their mission portfolio.
If I were a Chinese military planner, I'd be twitchy about America's oft-demonstrated capability to cut off a nation's infrastructure at her knees, plus a political system I'd find at best unpredictable and at worst insanely dangerous.
I hope I don't have to share what I think of organizations that use Microsoft Windows for national security purposes. Or who base their present budget requests on a threat first made known by public press releases in 2001?
What, have we had terrorists on the brain for so very long that we simply didn't notice the rest of the world?
The military is looking down the barrel of budget cuts, and so they have to hype every single bump, scratch and bruise as a life-threatening terror that must be defended against. Like how the Navy just started panicking about the Chinese DF-21 and is carefully dodging the question of why they haven't had a ship-based ABM system for the past 40 years (the DF-21 is an anti-shipping ICBM), likewise, the Navy has been dodging questions about why they've had such poor defenses against anti-shipping missiles.
One amusing version of this:
"If the Chinese ditch C/C++ and friends with the inbuilt security problems and switch to another similar language (but without the security swiss cheese) then they could be streets ahead in just a few months should they want to put the effort in."
I think at least part of any OS has to be written in a relatively low language. Any low level language gives developers more chances to make mistakes than a high-level language. I think dropping C++ entirely is not the solution, but using it when it is the best tool and using some other language when it is appropriate. The same way game developers almost never use assembly anymore but I'm fairly certain people writing drivers do. Maybe the kernel needs to be in C++ and the services and apps (which end up with most of the vulnerabilities anyway) should be in some higher level language.
Crazy old USA sees enemies in lot of places. This country or that are secretly planning something against them.
How about an equally crazy story? That neither Iran nor China is actively working to destroy you, o America.
It's nicer to think that it's budget-related hype rather than a profession of gross incompetence. If source and binary is freely downloadable with a simple search, then our cyberwarfare people, such as they are, certainly had better have a copy of it and a long list of potential holes. I would bet that black-hat hacker groups around the globe do.
Story published in the Washington Times. Not exactly a reliable source, IMO.
So, I wonder what's going on. If a serious move for more budget, why not WaPo or NYT? The effect I get from the original story is preaching to the chorus, thus more political motivation than budgetary.
Take a look at the comments on the story in the Wash Times.
"U.S. offensive cyberwar capabilities have been focused on getting into Chinese government and military computers outfitted with less secure operating systems like those made by Microsoft Corp."
Seems like someone's trying to sandbag the Evil Empire in the press. While I'm not a cybersecurity expert, it seems to me that predicating a strategy on getting the other guy to use technology you already know how to compromise is a loser right out of the gate, especially when there is a broad public perception that the technology has security issues. This guy's basically saying that Windows is so insecure the U.S. wants potential enemies to use it - sounds like he's on somebody's payroll.
"If the Chinese ditch C/C++ and friends with the inbuilt security problems and switch to another similar language (but without the security swiss cheese) then they could be streets ahead in just a few months should they want to put the effort in."
Well someone has to write assembler somewhere (or write the code that generates the assembler).
It puzzles me that people think that compiler writers are somehow immune from the errors that other programmers make!
C is about the same age as man landing on the moon (which is almost as long as I've been playing with electronics 8(
Which is something like five years before the first microprocessor chips (Intel 4004).
A lot of it's security issues are due to two assumptions,
1) That programers know what they are doing.
2) Resources are finite and a constraint on practical programing.
Arguably time has turned both these assumptions around.
Whilst you are correct when you say,
"I think at least part of any OS has to be written in a relatively low language. Any low level language gives developers more chances to make mistakes than a high-level language."
There is usually no reason why after an OS has been written day to day programers of user end code should carry on using low level languages.
In fact every study suggests that the higher the level language the more productive programmers are. And as bugs seem to be always related to the number of lines of code produced by a programer there will therefore be less bugs (anyone for lisp?).
I therefore would tend to disagree with you on,
"I think dropping C++ entirely is not the solution, but using it when it is the best tool and using some other language when it is appropriate."
C++ was an attempt to bolt on "object goodness" to a basic language that realy was intended for writing code where objects are not the way to go.
Even K&R admit they made some fundemental mistakes in C and would now do things differently. It has also been said that "C++ missed the oportunity" when it came to sorting C's fairly nasty issues out.
"The same way game developers almost never use assembly anymore"
The reason for this is due to the movment of which "resource constraines" development. In the past it used to be hardware resources, these days it's most definatly manpower.
"but I'm fairly certain people writing drivers do."
Err not where they can avoid it, when you write a driver it generaly consists of two parts the "topside" or "fast" interupt handler and the "bottom side" or "slow" timed interupt handler.
Essentialy all the fast handler does is involved with Real Time and Asysc I/O, where time/CPU cycles are paramount. Basicaly it moves data bytes from hardware to a (ring/circular) buffer and vis verser and sets a flag for the slow timed interupt handler.
The slow handler is usually synchronus to the CPU "tick" rate and copies data in and out of ring buffers into C-List buffers for passing out of kernel space into user space (the standard libraries add further buffereing and processing).
This multiple buffering usually ensures efficient utilisation of the user resorces to the kernal and I/O resources.
In most cases the asembler code is strictly limited to some small parts of the kernel to do with memory and context switching and very fundemental I/O and timing interupts and some CPU exception handaling.
"Maybe the kernel needs to be in C++"
I hope not C++ realy is the worst of all worlds, in that it tries to be a jack of all trades and fails to be competent in any of them.
"and the services and apps (which end up with most of the vulnerabilities anyway) should be in some higher level language."
Yes the higher the better, the average programer should not be allowed to get anywhere close to the metal, in general they have neither the training or experiance. They should be several well thought out and implemented layers of libraries and API's away at a minimum.
"It puzzles me that people think that compiler writers are somehow immune from the errors that other programmers make!"
They are not but in general they are a great deal more experiaced than your average journyman code cutters and have also have a strong ethos of testing, and importantly generaly get the time to test unlike their "consumer code cutter" brethren.
I used to work in a place where there were two guys who always always used formal methods to design their code (anyone remember Z?). They realy used to peve the macho code cutters and project managers at the start of a project as they produced so few lines of code. However as a project went on they where the ones meeting deadlines and going home to their familes at 5:30 and also went sailing at weekends.
The code cutters however where usually heading for a divorce, nervous break down or both by the time their part of the project was 20% over due...
I may not have been clear when I said driver writers still use assembly. I meant for the portions of the driver where it was appropriate (I have never written a driver). I have wondered why Microsoft in particular still writes services in C/C++. It would seem to me that writing services and re-writing Internet Explorer in some higher-level language would reduce the number of vulnerabilities signifigantly, possibly even saving money in the long term.
"I meant for the portions of the driver where it was appropriate (I have never written a driver)."
Having written a few of my own going back as far as the PDP/11-70, I quickly realised why assembler was best avoided. That's not to say I'm against assembler, I'm actually all for it where there are hardware constraints or extra profit to be made ;) and believe me when I say I've actually enjoyed it more than C or other higher level languages (but not as much as microcode where the pedel realy is striking sparcs of the iron 8)
The simple fact is you have a job to do a limited amount of time to do it and if you are developing to a standard hardware interface more than one CPU family and OS to support. Also the chances are you are not going to be the one to support it. Writing all but the high speed interupt call back in a high level language means not only is it portable, suportable and clean, but you often get to re-use your or others code. Which is where the big bucks are saved on in current development cycles.
The code-reuse issue is a lot to do with why,
"Microsoft in particular still writes services in C/C++."
They could not do networking etc to any realistic level so they just took a lot of networking code writen by UCSD/Berkley staff and students and changed little bits of it for the tools.
But they had to write the actual low level network code themselves and did some of it in assembler. Unfortunatly it was of such a poor quality that nobody dared sort it out which was one of the reasons the "tear-drop" attack was so devestating against MS platforms.
Part of it was todo with the fact that in a comercial environment there is little or no % in re-writing code you just re-use and modify if required.
Unfortunatly if you keep building on top it might look like an impossing edifice but like the walls of Jerico it will come crashing down when somebody knows the weakness ot the rotten foundations.
"It would seem to me that writing services and re-writing Internet Explorer in some higher-level language would reduce the number of vulnerabilities signifigantly"
You would think so but the general view has been "time to market" and "don't change what ain't broke" (even if it is).
One of the problems with re-writing that MS dread the most is third party apps. Often these use "unofficial" hooks into the code. If MS makes changes then some apps will break, and MS will get the blaim irrespective of who's fault it realy is.
This is partly MS's own fault by poorly documenting a poorly designed interface and also allowing their own developers to use unpublished asspects of the interface it was like waving a red rag to a bull. Various people wrote "MFC Secrets" and the like and the rot was well and truly in.
Then there was the Windows Interface it's self OMG what a kludge that was (and still is) due to over coupling to the underlying CPU functionality (Intels segmented memory model is something that belongs in a chamber of horrors) and what on Gods Little Green Apple did MS think they were doing with OLE 20,000 lines of code to do what exactly, then there was... and... then there was... You get the picture.
The chance of MS re-writting code just so it might,
"possibly even saving money in the long term."
Was not on the starting blocks. What forced code-re-write into MS was Bill Gates and his Security Drive. There are many out there who would argue "to little to late" but give them credit for cleaning up the OS atleast.
Unfortunatly MS had moved the OS out of the kernel into user space by integrating so much into the IE Desktop/browser. The kernel atleast had some semblance of protected memory etc.
Not so with IE, MS (and others) did not learn from the hard won lessesons of OS development. Although a number of us banged on about it for years it was Google quietly in the background taking the message and lessons on board with Chrome.
I'm not sure that FireFox or IE can catchup the level of re-work required is at the make/break point for them. However time will tell.
Meh, I think you're wrong about the kernel, Clive. I have it on good authority that the Windows kernel is written in GW-basic and I think the performane of Winows bears testament to that fact.
The Kylin Operating System
by Qingbo Wu
The Kylin operating system is a server OS focusing on high performance, availability and security, that was first funded by a Chinese government-sponsored R&D program in 2002. It has been organized in a hierarchy model, including the basic kernel layer which is responsible for initializing the hardware and providing basic memory management and task management, the system service layer which is based on FreeBSD providing UFS2 and BSD network protocols, and the desktop environment which is similar to Windows. It has been designed to comply with the UNIX standards and is compatible with Linux binaries. In this paper, we discuss the motivation for this new BSD operating system. Then we introduce its new software infrastructure and some key techniques. Later, we present the Kylin and FreeBSD 5.3 performance comparison using the standard benchmarks. Finally we discuss the roadmap of the Kylin and its future direction.
Kylin is a FreeBSD 5.3 derivative, with some security extensions (and Chinese character/font support) integrated in. Like many OS in general, a lot of the security is based on how it's configured. Having used FreeBSD (but not Kylin), I imagine the default settings are fairly secure if the intention is secure military and government servers.
I agree with Puffy Daddy, in that the Chinese could have looked at OpenBSD if they were going for security. Its development process and track record speak well, and its developers have produced a very solid OS.
I once read of an airline computer system failure, which caused delays at multiple airports. While mainstream media said "computer crashes" were to blame, a sys admin working on the problem said the passenger booking application crashed after the 32,768th passenger was added due to integer overflow. The AIX OS on the mainframe kept running.
Although OpenBSD has a strong history of security, the reason many people choose FreeBSD is for its superior performance (especially in SMP environments), fantastic ports system and support of a greater range of hardware.
Also there is a Trusted BSD project similar to the SELinux project in concept: http://www.trustedbsd.org/ There is lots in there that finds its way back into the main FreeBSD releases. This blog sometimes has too great a focus of looking at popular media and their mistakes: more discussion of projects like Trusted BSD would be very interesting and enlightening for the largely computer-savvy crowd that hangs out here.
The real danger is the new, super secure operating system THE TERRORISTS have developed: OS-ama. A full explication of the intitialism is the main task confronting CIA and NSA at the moment.
We are now officially helpless before their super powers. Our only chance is to bury them in money--money represents Our Values and Freedoms; not only do they hate these things but, more importantly, they are allergic to them; anaphylactic shock will kill them all and we will be safe.
If only our bold plan to bury Iraq in bucks had been carried out. Oh, if only.
There's also Trusted Solaris. Any major security deficiencies in government computers cannot be blamed on a lack of easily available security-enhanced operating systems.
> In my opinion RSBAC is much more better then > SELinux:
In this context it does not really matter.
In terms of Government and Military the SELinux shipped by companies like Redhat are designed for those markets.
Mandatory access controls, type-based controls, role-based access controls, and multilevel security. Much of which very few, if any, companies in the private sector care heavily about.
Of course it's all a huge pain to configure and all the rules and permissions need to be taylored for your specific server setup in order to have the best effectiveness.
Sounds more like this is really the US is upset it won't be able to break into China's computers and do exactly the same thing it is accusing the Chinese of doing...
nobody's hacked into my abacus yet
As others have noted, it's based on FreeBSD, not Linux so differs in a lot of details.
For some reason package management seems to be the last great home of NIH. The FreeBSD equivalent of yum, apt-get, etc... is freebsd-update http://www.freebsd.org/cgi/man.cgi?...
Has anyone really seen a copy of this "hardened" os?
"Is this a chinese attempt to run Apple's OS X on the 'IBM PC' platform?"
No. Apple already did that.
All you doubters that mouthed off should look further.
DoD stated the following.
“China has also identified 16 “major special items” for which it plans to develop or expand indigenous capabilities. These include core electronic components, high-end universal chips and operating system software, very large-scale integrated circuit manufacturing, next-generation broadband wireless mobile communications, high-grade numerically controlled machine tools, large aircraft, high-resolution satellites, manned spaceflight, and lunar exploration.”
The PLA is investing in electronic countermeasures, defenses against electronic attack (e.g., electronic and infrared decoys, angle reflectors, and false target generators), and Computer Network Operations (CNO). China’s CNO concepts include computer network attack (CNA), computer network exploitation (CNE), and computer network defense (CND). The PLA has established information warfare units to develop viruses to attack enemy computer systems and networks, and tactics and measures to protect friendly computer systems and networks. In 2005, the PLA began to incorporate offensive CNO into its exercises, primarily in first strikes against enemy networks.”
The above was taken from the US DoD Annual Estimates of Information Warfare Capabilities and Commitment of the PRC
NOW LOOK AT
The information from a summary of China's trusted computing program TCP
They specifically talk about the "trust chain" and that includes "new OS component, OS, BIOS and CRTM. (PAGE 6)
Their extended trust chain model includes an "OS loader and the OS Cernal as well as Applications" (PAGE 8)
Their security architecture shows "strengthened bios and a strengthened OS TSS" (PAGE 9)
They also present a secure memory area on a microprocessor. (PAGE 10)
@Bruce Clement freebsd-update is not any equivalent of apt-get/yum . It is just use for updating FreeBSD base-system to latest stable release.
What;s messed up is it makes to attempt to hide the fact that it is the US that is waging pre-emptive cyberwar against the Chinese and they, like anyone would, made defensive move. But now OMG they are attacking us and we MUST HAVE trillions of dollars now to protect America. Yeah it's a bunch of BS hype to get Congress to give the MIC taxpayers dollars.
Hey there Schneier,
Thanks for pulling my comment. I realize that the persona you've built for yourself is more important than anything else anymore, and that's fine -- I don't judge. I'll refrain from using the word "ass" in future posts when I'm letting one of the other commenters know precisely how uninformed they are, lest I offend a miniscule albeit important section of your readership.
All the best,
yep! the Chinese are using LINUX, enhanced.
and the U.S. is using Winbloze 7 Extra Holey
this is obviously propaganda.. This article is meant to make people think that we will need to upgrade our operating systems to protect ourselves against the Chinese... This is what they want us to believe so that they can bring in the Internet 2 which the fuckenilluminati will totally control to censor the American public...
Thank you for undertaking to be more civil in your future comments, Tarrant.
GRR, is it FreeBSD or Linux?
Russia might have went with Fedora for their national operating system.
What is up with the idea of an National Operating System? Does that hope to add unity to promote a better system in emerging markets?
Best utility seems to be in the loop with open source, like the *BSD elite market.
Just to summarize the confusion here....
Kylin is a FreeBSD-derived OS.... it has a FreeBSD kernel. However, it (like many other installations of FreeBSD) has a Linux Kernel compatibility layer, specifically in the latest versions of Kylin, it has a Linux 2.6 Kernel compatibility layer.
I think this may be the cause for the confusion regarding whether this is Linux or FreeBSD-based.
Quite honestly, it has limited distribution in China. I am familiar with a fairly wide range of computer science and security professionals who have contacts or actual presence in China, and no one I know has seen it running in anything other than a "let's play with this" setting, unlike something like RedFlag Linux.
That doesn't mean that this might change at some point, but I think the proper context for this is to see it in light of something like SELinux -- a more secure version of Linux with a wider range of more granular security features and permissions than standard Linux distributions.
And very specifically, the idea that Kylin changes anything whatsoever regarding the balance of power between China and US cyberwarfare or cyberdefense efforts is pure rubbish.
"If the Chinese ditch C/C++ and friends with the inbuilt security problems"
Inbuilt security problems? You mean like you can't produce secure application with C/C++? Even strcpy can be safe, when used appropriately.
There's inbuilt security problems with some programmers, languages just make it more obscure, but ultimately such programmer will mess up even in Java or whatever you consider "secure".
"Inbuilt security problems? You mean like you can't produce secure application with C/C++? Even strcpy can be safe, when used appropriately."
Even the best of programers tend "to stand on the shoulders of giants".
Ultamately you have to either hope those who's shoulders you are standing on have not mucked up or you test it...
Working it backwards you have,
0) CPU Hardware design.
1) CPU Microcode design.
2) CPU Internal Peripheral hardware design.
3) CPU Internal Peripheal Microcode design.
4) CPU to Memory interface design.
5) CPU to IO interface design.
) OS driver software.
) OS Kernel software.
) OS Interface library.
) Language to OS library.
) Language standard libraries
) Application Domain libraries.
) Specific Application libraries
) The OS loader
) The OS dynamic linker
) The asembler
) The compiler
) The pre-processor
) The OS file handler
) The editor/IDE
All can or have been messed with or have had bugs...
And in most cases the source code is most definatly not available to view (even when MS agreed to release the NT source to China there are rumours they did not release it al...)
Also a large number of high level languages (even the type safe ones) where originally written in C.
Oh and of course there are those dirty little secrets of "garbage collection" "hanging pointers" "memory leaks" "object leaks"... ... ...
I guess that is why the Chinese want to put some serious QA on the bits...
And to be quite honest I can not say I blaim them.
Irrespective of which country it is and what the colour of their flag and politics critical infrastructure is a National Security issue.
I still have shivers running down my back thinking about the UK's Royal Navy talking about having weapons systems based on MS Windows. Or critical services telco/power/water all controlled by systems based on MS Windows and at best due to bean counters only one or two firewalls from the Internet and due to "reliability issues" unpatched and even obsoleat OS's being used...
But hey that's the economy gains of the "free market" model ;)
Ahh the good old days.. when the DEC (Digital Equipment Corporation) ruled the world of computing with the super robust and secure OpenVMs....
Do Chinese made Dell computers have a back door that could compromise the machines and netowrks?
With regards to the C++ tangent, you can write low level software without something like C++. There's safer dialects of C, Ada/SPARKS, the language MULTICS was written in, Pascal, Typed Assembly Language, and even academic languages/efforts that use higher level languages. Also, NICTA did a formally verified Haskel to C conversion for the seL4/OKL4Verified kernel. So, you have plenty of options to choose from that are safer than C/C++ & quite a few have good tool support. Yet, people are still just using C/C++.
I'd also say a secure OS design is inherently going to be microkernel-based. The reference monitor requirements, covert channel suppression, and small TCB principle can only be satisfied using a microkernel with carefully analysed interfaces. Also, I'd recommend the OS very carefully manage CPU time and memory to prevent apps from causing harm. An excellent example of this is INTEGRITY RTOS. Additionally, a reverse stack (see MULTICS & modern SourceT) totally prevents buffer overflows so I see no good reason to do it the other way. And Trusted Xenix totally eliminated setuid issues. And so on and so forth. ;)
In other words, if you want a secure OS, modifying a vanilla UNIX/BSD isn't a good way to start. They would've been better off doing their usual "pirate an excellent product" strategy on INTEGRITY, GEMSOS or XTS-400, then modifying it to suit their needs. Hopefully they don't read this & just keep building security on insecure foundations like the rest of the world. ;)
seems like this is more of a defensive move than anything else. my guess is that the u.s regime hacked their own computers, pinned it on China, thats why China is switching to kylin, so the windows rootkits cant do their thing. ive been having a look around China, and i think they are extremely vulnerable to attacks from the u.s. military. a lot of China's infrastructure runs on windows and i think it is a terrible idea. now i really have no clue why anyone would use windows on atm machines, train stations, military hospitals and so on, unless they were bribed to do so by m$.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.