Back to article
Red Hat Enterprise Linux 6 Aims For Government-Ready Security
November 17, 2010
During Red Hat's official launch event for their new Red Hat Enterprise Linux 6 (RHEL 6) release, executives from the company focused heavily on new performance gains. While performance and scalability are key elements of RHEL 6, so too is security.
With RHEL 6, Red Hat is debuting a number of new features into its enterprise Linux, including new virtual security services as well as the System Security Services Daemon. Security services aren't the only area of RHEL 6 built for security, as all RHEL 6 packages now benefit from a new 4096-bit RSA hardware signing key as well.
"We have applied this most stringent level of encryption and we use it ourselves for the package signing for all new packages in RHEL 6," Tim Burke, vice president of RHEL engineering at Red Hat told InternetNews.com " It's using the best technology we have."
The new push for 4096-bit is partially driven by Red Hat's increasing engagement with government contracts that have stringent requirements. Government agencies also tend to require Common Criteria Certification which Red Hat already has for RHEL 5, though not yet for RHEL 6. Burke noted that common criteria certifications are currently underway for RHEL 6, though to the best of his knowledge none of them are complete yet.
Among the new security technologies for RHEL 6 is the sVirt API to secure virtualization. In RHEL 6, sVirt is integrated with SELinux as a way to provide additional security to virtual guests.
"What sVirt provides is a second line of defense for virtual guest containment," Burke said. "The first line of defense is within KVM itself"
Burke explained that there are only a small number of interfaces between the virtual guest and the KVM host, which only exposes a small potential attack surface that can closely monitored and audited. He added that in the event that anyone compromises KVM's base security mechanisms, SELinux can step up to the plate.
"We use SELinux and we label all the resources associated with a virtualized guest, including all the file systems the virtual guest would mount and things like network ports," Burke said.
With all virtual guest resources labeled for access control with SELinux, if a compromise were to occur in KVM and a guest breaks out, the risks could be minimized. Burke noted that if a virtualized guest did break KVM containment in some form of attack, it would likely attempt to manipulate the image of another guest or access files or network ports. Since all those resources are labeled with SELinux, unauthorized access would be prohibited, as each guest has its own label identification.
Going a step further, with the Red Hat Enterprise Virtualization system management layer, the virtualized guest SELinux identifier can even passed along with the virtual guest as part of a live migration.
"sVirt is the perfect example of demonstrating the power of KVM as being integral with Linux," Burke said. "Were it not for KVM being integral to the Linux, we would have had to implement all that stuff twice, like we used to have to do with Xen."