COMP 3000 2011 Report: LPS: Difference between revisions

From Soma-notes
Jeckhard (talk | contribs)
Created page with "== Background == This Distribution Report will be providing an analysis of the Lightweight Portable Security (LPS) operating system, which is developed and supplied by the Softw…"
 
Jeckhard (talk | contribs)
 
(50 intermediate revisions by the same user not shown)
Line 3: Line 3:
This Distribution Report will be providing an analysis of the Lightweight Portable Security (LPS) operating system, which is developed and supplied by the Software Protection Initiative section of the United States Department of Defense (DoD).
This Distribution Report will be providing an analysis of the Lightweight Portable Security (LPS) operating system, which is developed and supplied by the Software Protection Initiative section of the United States Department of Defense (DoD).


LPS has been developed as an operating system to be used by government and military workers as a secure digital environment on systems that may not necessarily be secure.  It has also been developed with a single use mentality.  This means, there is no storage, and if the session becomes comprised due to malicious software, a simple reboot will produce a clean slate for the worker to use (Software Protection Initiative, 2011).  
LPS has been developed as an operating system to be used by government and military workers as a secure digital environment on systems that may not necessarily be secure.  It has also been developed with a single use mentality.  This means, there is no storage, and if the session becomes compromised due to malicious software, a simple reboot will produce a clean slate for the worker to use (Software Protection Initiative, 2011).


As of June 15th, 2011, LPS was approved by the Air Force Network Integration Center to access the Global Information Grid (GIG) for general telecommuting use (Software Protection Initiative, 2011).    The GIG is described as a DoD system that includes any equipment, software, or service that transmits, stores, or processes DoD information, and provides any other associated services necessary to achieve information superiority (NSA, 2011).   
As of June 15th, 2011, LPS was approved by the Air Force Network Integration Center to access the Global Information Grid (GIG) for general telecommuting use (Software Protection Initiative, 2011).    The GIG is described as a DoD system that includes any equipment, software, or service that transmits, stores, or processes DoD information, and provides any other associated services necessary to achieve information superiority (NSA, 2011).   
Line 21: Line 21:


== Installation and Startup ==
== Installation and Startup ==
 
{| style="float: right;"
|[[File:jeckhardboot1.jpg|200px|thumb|right|Boot Screenshot One]]
|[[File:jeckhardboot2.jpg|200px|thumb|right|Boot Screenshot Two]]
|[[File:jeckhardboot3.jpg|200px|thumb|right|Post Boot License Agreement]]
|}
=== System Requirements ===
=== System Requirements ===
* A computer system with an x86 processor
* A computer system with an x86 processor
Line 33: Line 37:
Installation was simple and straightforward.  When setting up the VMWare Virtual Machine, VMWare Player was unable to detect the operating system automatically, so the Linux option “Other Linux 2.6.x kernel 64-bit version” was chosen.   
Installation was simple and straightforward.  When setting up the VMWare Virtual Machine, VMWare Player was unable to detect the operating system automatically, so the Linux option “Other Linux 2.6.x kernel 64-bit version” was chosen.   


Default settings were kept for the rest of the configuration, with the exception of customizing the virtual machine hardware memory.  This value was changed from the default 384 MB, to 1024 MB, as per meeting the distribution system requirements.  The following screenshots show the boot process.
Default settings were kept for the rest of the configuration, with the exception of customizing the virtual machine hardware memory.  This value was changed from the default 384 MB, to 1024 MB, as per meeting the distribution system requirements
 
Booting of the distribution took roughly one minute from start to the license agreement screen.  Upon accepting the agreement, the desktop loaded almost instantly.
 
== Basic Operation ==
{| style="float: left;"
|[[File:jeckharddesktop.jpg|200px|thumb|left|If this is Windows what is Tux doing there?]]
|}
With my configuration, there was 678.5 MB of free space left to be used.
 
Upon viewing the distribution's desktop, the first thing that is noticeable is the striking similarity in appearance to a Windows operating system.  There is a start menu, but instead of a Windows logo, the user will find Tux there.  There are also Windows Show Desktop and Command Prompt icons.  Show Desktop performs as expected, but the Command Prompt icon launches Xterm.
 
It is likely that most users of this operating system would be coming from a Microsoft background, so it does make sense that the developers would choose to make an experience that follows what one would expect in a Windows environment.  The developers have went so far as to even apply skins onto various utilities to have them more closely represent the Windows equivalents.  This can  be seen in the screenshot below.
 
=== Going to Work ===
{| style="float: right;"
|[[File:jeckhardmsclone.jpg|200px|thumb|right|Am I really running Linux?]]
|[[File:jeckhardencryptionwizard.jpg|200px|thumb|right|Encryption Wizard]]
|[[File:jeckhardyoutube.jpg|200px|thumb|right|What would a productive workday be without YouTube?]]
|}
Since the operating system was meant to provide workers with a secure environment for telecommuting, an attempt was made to replicate a “workday”.
 
First, Open Office was used to create and save an assortment of text documents, and spreadsheets.  Next, the Firefox browser was used to view a number of websites, including YouTube, WebCT, and CNN.com.  All websites performed smoothly and as expected. 
 
I was a little skeptical of logging into any websites, including my personal email, and banking.  Now, this is not because I did not expect my session to be secure, but at a stage of preliminary analysis, I am a bit too paranoid to enter login credentials into a DoD operating system.
 
There are a number of remote connection options available, including Citrix Receiver, Remote Desktop, and a remote SSH client.  The operating system should also allow for the use of a smart card reader that can contain the log in information required to remotely access a system.  I was unable to test this features, since I lack a smart card reader, but I was able to use the SSH client to remotely connect to a computer.
 
One of the features unique to this distribution that was tested was the Encryption Wizard.  This is an encryption and decryption program that uses a 128-bit implementation of the Advanced Encryption Standard (AES) with a drag-and-drop interface  (ATSPI Technology Office, 2011).  It creates the ability to encrypt files using a pass key, with a PKI Certificate,  or both, as well as add Meta Data, although this is not encrypted.  Decrypting a file that was encrypted using the Encryption Wizard follows a similar point and click method.  Both encrypting, and decrypting files was tested on the text documents created earlier in the session, and no problems were encountered.
 
After creating a number of files were created and downloading an assortment of PDFs,  as well as extensive Internet browsing,  an operating system restart was done to see if there would be any traces of the session.  Upon completing the reboot, all files from the previous use of LPS were gone, and web history from Firefox had also been cleared.
 
== Usage Evaluation ==
{| style="float: right;"
|[[File:jeckhardextensions.jpg|200px|thumb|right|AniWeather over the DoD Configuration makes sense]]
|[[File:jeckhardwebct.jpg|200px|thumb|right|Verifying signed Java applications]]
|}
LPS does appear to provide all of the features that would typically be required in an average work session.  Documents can be viewed, and edited, and websites are accessible.  I also assume that the remote access utilities available that were not tested, work as well.
 
However, there are a number of concerns I have with regards to how secure the operating system actually is.  This is due to some of the available options that an attacker has to takeover the session, most of which are browser based.
 
LPS uses the latest versions of much of its software, including Adobe Reader and Open Office, but Firefox is using version 3.6.2.2, when the latest version as of this writing 7.0.1, and Adobe Flash 10.3.183.10, when the latest version as of this writing is 11.  Using out of date versions of software is typically something that raises some eyebrows.
 
Next, Firefox itself does not use any common extensions that would be expected in a secure environment, such as NoScript, which helps the user to block unwanted scripts, extensions, and other malicious things from running in their browser (NoScript, 2011).  There also do not appear to be any restrictions on what extensions a user can install, or disable, including built in DoD extensions.
 
Not only can a user install potentially vulnerable extensions, but as can be seen from the following screenshot, “signed” Java applications can be executed as well.  In the case of WebCT, this not an issue, but it does provide the opportunity for a malicious attacker to use the Java Applet Attack Vector provided in tools such as the Social Engineering Toolkit (Social Engineer, 2011). 
 
The lack of basic checks in place when it comes to browser security seem counterintuitive for a “secure” operating system.  Even with the ability to create a clean session with a system reboot, it is hard to know how much information an attacker could gain before such a reboot occurs.
 
==Software Packaging==
With my operating system there is no package manager, and hence no packaging utilities.  Updates to programs and utilities are done with each new release of the operating system.  This is likely the case because Lightweight Portable Security (LPS) is a non-persistant storage operating system, meaning upon restarting it, all previous session information is lost. 
 
This is not to say that a package manager and installation could not still be supported, with any packages installed during a given session just being lost in the next.  However, with the security oriented focus of LPS, it can be reasonably assumed that the Department of Defence (DoD) wanted to make any initialization of the OS homogenous, so given any instance of the OS, they should be assured no “unknown” packages are being used.
 
In order to determine the packages being used on LPS, the user is left to browse the file system to try and gain an idea of everything that is available, with /bin being the location that provides a good general idea. 
 
Since there is no supplied way of installing software packages, the user is left with what is given to them, which although sparse, should cover most basic computing needs.  The software available allows the user to edit a variety of document types, browse the Internet, encrypt and decrypt files, and remotely access computers with Citrix Receiver, SSH, or Remote Desktop.
 
==Major Package Versions==
===Chosen Packages===
{| class="wikitable" border =1
|-
! Header Package
! Header Distribution Version - Date
! Header Current Version - Date
|-
| Kernel
| 2.6.27.56 -  November 22nd, 2010
| 3.1.1 -  November 11th, 2011
|-
| libc
| 2.8 - April 2008
| 2.14 - June 2011
|-
| X.org X Server
| 1.7.1 - October 22nd, 2009
| 1.11.2 - November 4th, 2011
|-
| Ice WM
| 1.2.38 - 2009 - Estimate
| 1.3.7 - October 16th, 2010 (Stable)
|-
| Java SE Runtime Environment
| 1.6.0_27 - August 24th, 2011
| 1.6.0_29 - October 20th, 2011
|-
| BusyBox
| 1.1.3 - May 17th 2006 
| 1.19.3 - October 29th, 2011
|-
| Adobe Reader
| 9.4.2 - February 11th, 2011
| Version is current
|-
| Firefox
| 3.6.22 - September 6th, 2011 
| 3.6.24 - November 8th, 2011
|-
| Open Office
| 3.3.0 - January 25th, 2011
| Version is current
|-
| Open SSH
| 5.9p1 - September 6th, 2011
| Version is current
|}
 
===Modifications===
With the exception of Firefox, there do not appear to be any apparent modifications to any of the above listed packages.  In the case of Firefox, there is a set of custom extensions installed, including incorporation of the Encryption Wizard, and a DoD configuration extension that allows the updating of DoD and Federal certificates, as well as the use of a Smart Card Reader for verifying user credentials.  There are also a number of bookmarks to various United States Military websites.
 
As for differences between versions, the breakdown is as follows: <br>
 
''Kernel''<br>
Changes have been extensive between the distribution version and the current version and include security fixes, hardware support improvements, and bug fixes (The Linux Kernel Archives, 2011).<br> 
 
''libc''<br>
Numerous changes, again this can be accounted for the by the over three year difference between the distribution version and the current version (GNU Project Archives, 2011).<br>
 
''X.org X Server''<br>
Differences between the distribution version and the current version include code clean up, bug fixes, and improved hardware support (X.Org Wiki, 2011).<br>
 
''Ice WM''<br>
Between the distribution version and the current version there appear to be only minor fixes with regards to battery statuses displaying incorrectly, and the task bar auto hiding (SourceForge.net Repository – icewm, 2010).<br>
 
''Java SE Runtime Environment''<br>
Between the distribution version and the current version, security fixes were applied including the blackisting of the Cisco AnyConnect Mobility Client and the Microsoft UAG Client (Oracle, 2011)<br>
 
''BusyBox''<br>
There have been significant changes between the distribution version and the current one, which is altogether not surprising considering there was more than a four year time lapse between the two.  These include new features, bug fixes, and improvements of the integration of various utilities (BusyBox, 2011).<br>
 
''Firefox''<br>
Between versions 3.6.22 and 3.6.24 there were mostly security fixes applied which included things such as memory corruption while profiling Firebug, and some XSS attacks (Home of the Mozilla Project, 2011).<br>
 
===Package Selections===
Looking at the packages, Adobe Reader, Java Runtime Environment, Open SSH, Open Office, and Firefox, are all either running the latest versions, or close to.  For a security oriented distribution it would make sense that these packages are the most up to date, as many security exploits are often centered around Adobe Reader and PDFs, Java, web browsers and Office programs like Open Office.  Open SSH is also an integral apart of maintaining secure communications, so the latest version there makes sense as well. 
 
On the other hand, the kernel, libc, X.org X server, Ice WM, and BusyBox, are all running less than up to date versions.  In some cases the included software packages are more than a year older than whatever the latest released version is. 
 
Some of this might be because of software compatibility concerns.  For instance, X.org X server is from 2009, and so is Ice WM.  In terms of the older version of the kernel, it might be possible that the DoD has determined that this version is the most easy to lock down and hardest to exploit, or again, there are compatibility issues with the other older software packages that come with the distribution.  However, since this is supposed to be a secure distribution, security concerns are probably more important than compatibility, unless of course, situations arise where the two go hand in hand.
 
== Initialization ==
LPS follows an init process of initialization, beginning with running: <br>
/etc/inittab<br>
 
which calls:<br>
/etc/thinstation.init<br>
 
thinstation.init does some file system configuration and mounting before initializing the packages to be used.  The scripts to initialize the packages are found in /etc/rc0.d and /etc/rc5.d
 
Based on the rc0.d script, the operating system initialization process begins starting SSH to setup an SSH key, then configures the network settings with a basic loopback using ifconfig (127.0.0.1), followed by starting acpi, CRON, and then syslog.
 
It appears that the rc0.d folder starts some of the more system level programs as listed above, while rc5.d initializes the higher level user type applications, as it contains files for initializing Firefox, NetworkManager, java, and icewm.
 
The method to determine LPS initialization involved opening the init files listed above, analyzing them, and following the breadcrumbs to the other init files they referred to.
 
=== Major Processes Running ===
The following is a description of five major processes that are running as indicated by executing the ps -e command after booting to the desktop:
 
{| class="wikitable" border =1
|-
! Header Process
! Header Description
|-
| kthread
| A kernel thread
|-
| kfoftirqd
| A kernel thread that handles processing soft interrupts if they are being triggered faster than they can be serviced (tin.org - TIN newsreader development headquarters, 2003)
|-
| khelper
| A kernel thread which provides the kernel a method of making calls out to applications (Indiana University, 2004)
|-
| crond
| A scheduler to execute commands
|-
| klogd
| Intercepts and logs Linux kernel messages (Linux Operating System and Linux Distributions, 2011)
|}
 
The full list of processes is available in Appendix 1.
 
 
 
== References ==
"6u29-relnotes." ''Oracle''. Web. 11 Nov. 2011. <http://www.oracle.com/technetwork/java/javase/6u29-relnotes-507960.html>.
 
ATSPI Technology Office.'' Lightweight Portable Security (LPS) Public Edition (LPS-Public) User’s Guide''. Web. 10 Oct. 2011. <http://spi.dod.mil/docs/lpsmanual.pdf>.
 
"BusyBox." ''BusyBox''. Web. 11 Nov. 2011. <http://busybox.net/>.
 
"Global Information Grid – NSA/CSS." Welcome to the National Security Agency - NSA/CSS. NSA. Web. 10 Oct. 2011. <http://www.nsa.gov/ia/programs/global_industry_grid/index.shtml>.
 
"GNU Project Archives." ''GNU Project Archives''. Web. 11 Nov. 2011. <http://ftp.gnu.org/gnu/glibc/>.
 
"klogd - Linux Command - Unix Command." Linux Operating System and Linux Distributions.Web. 16 Dec. 2011. <http://linux.about.com/library/cmd/blcmdl8_klogd.htm>.
 
"ksoftirqd(9)." tin.org - TIN newsreader development headquarters. Web. 16 Dec. 2011. <http://www.tin.org/bin/man.cgi?section=9&topic=ksoftirqd>.
 
"Linux-Kernel Archive: Re: 2.6.7 and khelper." Indiana University. Web. 16 Dec. 2011. <http://lkml.indiana.edu/hypermail/linux/kernel/0406.3/0318.html>.
 
''NoScript - JavaScript/Java/Flash Blocker for a Safer Firefox Experience! - What Is It?.''  NoScript. Web. 10 Oct. 2011. <http://noscript.net/>.
 
"The Official Social Engineering Framework - Computer Based Social Engineering Tools: Social Engineer Toolkit (SET)." Social Engineering - Security Through Education. Social Engineer. Web. 10 Oct. 2011. <http://www.socialengineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_(SET)>.
 
"Security Advisories for Firefox 3.6." ''Home of the Mozilla Project''. Web. 11 Nov. 2011. <http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.24>.
 
"Software Protection Initiative - Lightweight Portable Security." Software Protection Initiative. Software Protection Initiative. Web. 10 Oct. 2011. <http://www.spi.dod.mil/lipose.htm>.
 
"SourceForge.net Repository - [icewm] Index of /icewm." ''SourceForge.net Repository - [icewm]''. Web. 11 Nov. 2011. <http://icewm.cvs.sourceforge.net/viewvc/icewm>
 
"The Linux Kernel Archives." ''The Linux Kernel Archives''. Web. 11 Nov. 2011. <http://www.kernel.org/>.
 
"X.Org Wiki - XServer." ''X.Org Wiki'' .Web. 11 Nov. 2011. <http://www.x.org/wiki/XServer>.
 
 
 
=== Sources for Software Version Releases ===
1. Kernel <br>
In Distribution: http://lwn.net/Articles/416654/<br>
Current: http://en.wikipedia.org/wiki/Linux_kernel<br>
 
2. libc<br>
In Distribution: http://en.wikipedia.org/wiki/GNU_C_Library#Version_history<br>
Current:  http://en.wikipedia.org/wiki/GNU_C_Library#Version_history<br>
 
3. X.org X Server <br>
In Distribution: http://www.x.org/wiki/Server17Branch<br>
Current: http://en.wikipedia.org/wiki/X.Org_Server<br>
 
4. Ice WM <br>
In Distribution: http://sourceforge.net/projects/icewm/files/icewm-1.2/<br>
Current: http://en.wikipedia.org/wiki/IceWM<br>
 
5. Java SE Runtime Environment <br>
In Distribution: http://blogs.oracle.com/javase/entry/java_se_6_update_27<br>
Current: http://blogs.oracle.com/javase/entry/java_6_update_29_has<br>
 
6. BusyBox <br>
In Distribution: http://www.busybox.net/oldnews.html<br>
Current: http://busybox.net/<br>
 
7.  Adobe Reader <br>
In Distribution: http://get.adobe.com/reader/otherversions/<br>
Current: http://get.adobe.com/reader/otherversions/<br>
 
8. Firefox <br>
In Distribution: http://www.mozilla.org/en-US/firefox/3.6.22/releasenotes/<br>
Current 3.6: http://www.mozilla.org/en-US/firefox/3.6.24/releasenotes/<br>
Current (non 3.6): http://www.mozilla.org/en-US/firefox/new/<br>
 
9. Open Office <br>
In Distribution: http://www.openoffice.org/<br>
Current: http://www.openoffice.org/<br>
 
10. Open SSH_5.9p1<br>
In Distribution:  http://www.openssh.com/<br>
Current:  http://www.openssh.com/<br>
 
==Appendix==
===1: PS -e output after first logging into desktop===
PID  Uid    VmSize Stat Command
  1 root        580 S  init
  2 root            SW< [kthreadd]
  3 root            SW< [ksoftirqd/0]
  4 root            RW< [events/0]
  5 root            SW< [khelper]
  6 root            SW< [kblockd/0]
  7 root            SW< [kacpid]
  8 root            SW< [kacpi_notify]
  9 root            SW< [ata/0]
  10 root            SW< [ata_aux]
  11 root            SW< [kseriod]
  12 root            SW  [pdflush]
  14 root            SW< [kswapd0]
  15 root            SW< [aio/0]
  16 root            SW< [aufsd/0]
  17 root            SW< [aufsd_pre/0]
  18 root            SW< [kpsmoused]
  19 root            SW  [pdflush]
  61 root        892 S < udevd --daemon
154 root            SW< [ksuspend_usbd]
156 root            SW< [khubd]
317 root      4488 S  /bin/haveged -w 4096
406 root        552 S  acpid
473 root        524 S  crond
512 root        508 S  syslogd -m 0
514 root        504 S  klogd
727 root        840 S  /bin/pcscd --debug
1208 root        856 S < udevd --daemon
1212 root        752 S < udevd --daemon
1239 messageb    812 S  /bin/dbus-daemon --system
1842 root      3288 S  NetworkManager
1844 root      2248 S  /sbin/modem-manager
1855 root        740 S  /bin/dhcpcd -B -K -L -c /libexec/nm-dhcp-client.actio
1859 root        812 S  /bin/wpa_supplicant -c /etc/wpa_supplicant.conf -B -u
2079 root        628 S  /bin/sh /bin/start-session 0
2080 root        264 S  init
2154 root      12312 R  Xorg :0 -fp /usr/X11/lib/X11/fonts/75dpi,/usr/X11/lib
2169 root        656 S  /bin/sh /etc/init.d/icewm console
2405 root        300 S  /bin/sh /etc/init.d/icewm console
2406 root        580 S  /bin/sh /bin/icewm_startup
2427 root      2204 S  /bin/icewmtray
2439 root      3376 S  icewm
2484 root      6448 S  /bin/volumeicon
2485 root      8632 S  /bin/nm-applet
2486 root      7676 S  pcmanfm -d
2489 root      1128 R  /usr/local/libexec/gam_server
2493 root        692 S  //bin/dbus-daemon --fork --print-pid 5 --print-addres
2494 root        804 S  dbus-launch --autolaunch 551c148ca109c4709c9560794eeb
2496 root      2368 S  /libexec/gconfd-2
2498 root      8428 S  /libexec/notification-daemon
2500 root      2748 R  xterm
2501 root        720 R  sh
2582 root        296 S  /bin/sh /etc/init.d/firefox window
2583 root      91808 S  /lib/firefox/firefox-bin
2648 root      18832 S  /lib/firefox/plugin-container /lib/firefox/plugins/li
2652 root        660 R  ps -e

Latest revision as of 19:43, 16 December 2011

Background

This Distribution Report will be providing an analysis of the Lightweight Portable Security (LPS) operating system, which is developed and supplied by the Software Protection Initiative section of the United States Department of Defense (DoD).

LPS has been developed as an operating system to be used by government and military workers as a secure digital environment on systems that may not necessarily be secure. It has also been developed with a single use mentality. This means, there is no storage, and if the session becomes compromised due to malicious software, a simple reboot will produce a clean slate for the worker to use (Software Protection Initiative, 2011).

As of June 15th, 2011, LPS was approved by the Air Force Network Integration Center to access the Global Information Grid (GIG) for general telecommuting use (Software Protection Initiative, 2011). The GIG is described as a DoD system that includes any equipment, software, or service that transmits, stores, or processes DoD information, and provides any other associated services necessary to achieve information superiority (NSA, 2011).

The operating system has two variants, which can be obtained from the following locations:

Public ISO (137.3 MB Image) http://www.spi.dod.mil/docs/LPS-1.2.5_public.iso

Public Deluxe ISO (317.3 MB Image) http://www.spi.dod.mil/docs/LPS-1.2.5_public_deluxe.iso

Note: This report will be looking specifically at the Deluxe version of the distribution, which also provides Adobe Reader and Open Office.

The heritage of this operating system is not clearly documented anywhere, but based on the settings required for the Virtual Machine environment, it can be concluded that it is using a 2.6.x Linux kernel variant.


Installation and Startup

Boot Screenshot One
Boot Screenshot Two
Post Boot License Agreement

System Requirements

  • A computer system with an x86 processor
  • 512 MB of RAM (LPS-Public), 1 GB RAM (LPS-Public Deluxe)
  • Wired, Wifi, or broadband cellular Ethernet (DHCP highly recommended)
  • Ability to boot from either USB or CD-ROM (LPS is available on either media)
  • CCID-compliant USB smart card reader (SCR 331 w/current firmware [>5.22])

Although LPS is meant to be used as a live boot distribution, for the purposes of this report and testing, VMPlayer 4.0 was used as the operating environment.

Installation was simple and straightforward. When setting up the VMWare Virtual Machine, VMWare Player was unable to detect the operating system automatically, so the Linux option “Other Linux 2.6.x kernel 64-bit version” was chosen.

Default settings were kept for the rest of the configuration, with the exception of customizing the virtual machine hardware memory. This value was changed from the default 384 MB, to 1024 MB, as per meeting the distribution system requirements.

Booting of the distribution took roughly one minute from start to the license agreement screen. Upon accepting the agreement, the desktop loaded almost instantly.

Basic Operation

If this is Windows what is Tux doing there?

With my configuration, there was 678.5 MB of free space left to be used.

Upon viewing the distribution's desktop, the first thing that is noticeable is the striking similarity in appearance to a Windows operating system. There is a start menu, but instead of a Windows logo, the user will find Tux there. There are also Windows Show Desktop and Command Prompt icons. Show Desktop performs as expected, but the Command Prompt icon launches Xterm.

It is likely that most users of this operating system would be coming from a Microsoft background, so it does make sense that the developers would choose to make an experience that follows what one would expect in a Windows environment. The developers have went so far as to even apply skins onto various utilities to have them more closely represent the Windows equivalents. This can be seen in the screenshot below.

Going to Work

Am I really running Linux?
Encryption Wizard
What would a productive workday be without YouTube?

Since the operating system was meant to provide workers with a secure environment for telecommuting, an attempt was made to replicate a “workday”.

First, Open Office was used to create and save an assortment of text documents, and spreadsheets. Next, the Firefox browser was used to view a number of websites, including YouTube, WebCT, and CNN.com. All websites performed smoothly and as expected.

I was a little skeptical of logging into any websites, including my personal email, and banking. Now, this is not because I did not expect my session to be secure, but at a stage of preliminary analysis, I am a bit too paranoid to enter login credentials into a DoD operating system.

There are a number of remote connection options available, including Citrix Receiver, Remote Desktop, and a remote SSH client. The operating system should also allow for the use of a smart card reader that can contain the log in information required to remotely access a system. I was unable to test this features, since I lack a smart card reader, but I was able to use the SSH client to remotely connect to a computer.

One of the features unique to this distribution that was tested was the Encryption Wizard. This is an encryption and decryption program that uses a 128-bit implementation of the Advanced Encryption Standard (AES) with a drag-and-drop interface (ATSPI Technology Office, 2011). It creates the ability to encrypt files using a pass key, with a PKI Certificate, or both, as well as add Meta Data, although this is not encrypted. Decrypting a file that was encrypted using the Encryption Wizard follows a similar point and click method. Both encrypting, and decrypting files was tested on the text documents created earlier in the session, and no problems were encountered.

After creating a number of files were created and downloading an assortment of PDFs, as well as extensive Internet browsing, an operating system restart was done to see if there would be any traces of the session. Upon completing the reboot, all files from the previous use of LPS were gone, and web history from Firefox had also been cleared.

Usage Evaluation

AniWeather over the DoD Configuration makes sense
Verifying signed Java applications

LPS does appear to provide all of the features that would typically be required in an average work session. Documents can be viewed, and edited, and websites are accessible. I also assume that the remote access utilities available that were not tested, work as well.

However, there are a number of concerns I have with regards to how secure the operating system actually is. This is due to some of the available options that an attacker has to takeover the session, most of which are browser based.

LPS uses the latest versions of much of its software, including Adobe Reader and Open Office, but Firefox is using version 3.6.2.2, when the latest version as of this writing 7.0.1, and Adobe Flash 10.3.183.10, when the latest version as of this writing is 11. Using out of date versions of software is typically something that raises some eyebrows.

Next, Firefox itself does not use any common extensions that would be expected in a secure environment, such as NoScript, which helps the user to block unwanted scripts, extensions, and other malicious things from running in their browser (NoScript, 2011). There also do not appear to be any restrictions on what extensions a user can install, or disable, including built in DoD extensions.

Not only can a user install potentially vulnerable extensions, but as can be seen from the following screenshot, “signed” Java applications can be executed as well. In the case of WebCT, this not an issue, but it does provide the opportunity for a malicious attacker to use the Java Applet Attack Vector provided in tools such as the Social Engineering Toolkit (Social Engineer, 2011).

The lack of basic checks in place when it comes to browser security seem counterintuitive for a “secure” operating system. Even with the ability to create a clean session with a system reboot, it is hard to know how much information an attacker could gain before such a reboot occurs.

Software Packaging

With my operating system there is no package manager, and hence no packaging utilities. Updates to programs and utilities are done with each new release of the operating system. This is likely the case because Lightweight Portable Security (LPS) is a non-persistant storage operating system, meaning upon restarting it, all previous session information is lost.

This is not to say that a package manager and installation could not still be supported, with any packages installed during a given session just being lost in the next. However, with the security oriented focus of LPS, it can be reasonably assumed that the Department of Defence (DoD) wanted to make any initialization of the OS homogenous, so given any instance of the OS, they should be assured no “unknown” packages are being used.

In order to determine the packages being used on LPS, the user is left to browse the file system to try and gain an idea of everything that is available, with /bin being the location that provides a good general idea.

Since there is no supplied way of installing software packages, the user is left with what is given to them, which although sparse, should cover most basic computing needs. The software available allows the user to edit a variety of document types, browse the Internet, encrypt and decrypt files, and remotely access computers with Citrix Receiver, SSH, or Remote Desktop.

Major Package Versions

Chosen Packages

Header Package Header Distribution Version - Date Header Current Version - Date
Kernel 2.6.27.56 - November 22nd, 2010 3.1.1 - November 11th, 2011
libc 2.8 - April 2008 2.14 - June 2011
X.org X Server 1.7.1 - October 22nd, 2009 1.11.2 - November 4th, 2011
Ice WM 1.2.38 - 2009 - Estimate 1.3.7 - October 16th, 2010 (Stable)
Java SE Runtime Environment 1.6.0_27 - August 24th, 2011 1.6.0_29 - October 20th, 2011
BusyBox 1.1.3 - May 17th 2006 1.19.3 - October 29th, 2011
Adobe Reader 9.4.2 - February 11th, 2011 Version is current
Firefox 3.6.22 - September 6th, 2011 3.6.24 - November 8th, 2011
Open Office 3.3.0 - January 25th, 2011 Version is current
Open SSH 5.9p1 - September 6th, 2011 Version is current

Modifications

With the exception of Firefox, there do not appear to be any apparent modifications to any of the above listed packages. In the case of Firefox, there is a set of custom extensions installed, including incorporation of the Encryption Wizard, and a DoD configuration extension that allows the updating of DoD and Federal certificates, as well as the use of a Smart Card Reader for verifying user credentials. There are also a number of bookmarks to various United States Military websites.

As for differences between versions, the breakdown is as follows:

Kernel
Changes have been extensive between the distribution version and the current version and include security fixes, hardware support improvements, and bug fixes (The Linux Kernel Archives, 2011).

libc
Numerous changes, again this can be accounted for the by the over three year difference between the distribution version and the current version (GNU Project Archives, 2011).

X.org X Server
Differences between the distribution version and the current version include code clean up, bug fixes, and improved hardware support (X.Org Wiki, 2011).

Ice WM
Between the distribution version and the current version there appear to be only minor fixes with regards to battery statuses displaying incorrectly, and the task bar auto hiding (SourceForge.net Repository – icewm, 2010).

Java SE Runtime Environment
Between the distribution version and the current version, security fixes were applied including the blackisting of the Cisco AnyConnect Mobility Client and the Microsoft UAG Client (Oracle, 2011)

BusyBox
There have been significant changes between the distribution version and the current one, which is altogether not surprising considering there was more than a four year time lapse between the two. These include new features, bug fixes, and improvements of the integration of various utilities (BusyBox, 2011).

Firefox
Between versions 3.6.22 and 3.6.24 there were mostly security fixes applied which included things such as memory corruption while profiling Firebug, and some XSS attacks (Home of the Mozilla Project, 2011).

Package Selections

Looking at the packages, Adobe Reader, Java Runtime Environment, Open SSH, Open Office, and Firefox, are all either running the latest versions, or close to. For a security oriented distribution it would make sense that these packages are the most up to date, as many security exploits are often centered around Adobe Reader and PDFs, Java, web browsers and Office programs like Open Office. Open SSH is also an integral apart of maintaining secure communications, so the latest version there makes sense as well.

On the other hand, the kernel, libc, X.org X server, Ice WM, and BusyBox, are all running less than up to date versions. In some cases the included software packages are more than a year older than whatever the latest released version is.

Some of this might be because of software compatibility concerns. For instance, X.org X server is from 2009, and so is Ice WM. In terms of the older version of the kernel, it might be possible that the DoD has determined that this version is the most easy to lock down and hardest to exploit, or again, there are compatibility issues with the other older software packages that come with the distribution. However, since this is supposed to be a secure distribution, security concerns are probably more important than compatibility, unless of course, situations arise where the two go hand in hand.

Initialization

LPS follows an init process of initialization, beginning with running:
/etc/inittab

which calls:
/etc/thinstation.init

thinstation.init does some file system configuration and mounting before initializing the packages to be used. The scripts to initialize the packages are found in /etc/rc0.d and /etc/rc5.d

Based on the rc0.d script, the operating system initialization process begins starting SSH to setup an SSH key, then configures the network settings with a basic loopback using ifconfig (127.0.0.1), followed by starting acpi, CRON, and then syslog.

It appears that the rc0.d folder starts some of the more system level programs as listed above, while rc5.d initializes the higher level user type applications, as it contains files for initializing Firefox, NetworkManager, java, and icewm.

The method to determine LPS initialization involved opening the init files listed above, analyzing them, and following the breadcrumbs to the other init files they referred to.

Major Processes Running

The following is a description of five major processes that are running as indicated by executing the ps -e command after booting to the desktop:

Header Process Header Description
kthread A kernel thread
kfoftirqd A kernel thread that handles processing soft interrupts if they are being triggered faster than they can be serviced (tin.org - TIN newsreader development headquarters, 2003)
khelper A kernel thread which provides the kernel a method of making calls out to applications (Indiana University, 2004)
crond A scheduler to execute commands
klogd Intercepts and logs Linux kernel messages (Linux Operating System and Linux Distributions, 2011)

The full list of processes is available in Appendix 1.


References

"6u29-relnotes." Oracle. Web. 11 Nov. 2011. <http://www.oracle.com/technetwork/java/javase/6u29-relnotes-507960.html>.

ATSPI Technology Office. Lightweight Portable Security (LPS) Public Edition (LPS-Public) User’s Guide. Web. 10 Oct. 2011. <http://spi.dod.mil/docs/lpsmanual.pdf>.

"BusyBox." BusyBox. Web. 11 Nov. 2011. <http://busybox.net/>.

"Global Information Grid – NSA/CSS." Welcome to the National Security Agency - NSA/CSS. NSA. Web. 10 Oct. 2011. <http://www.nsa.gov/ia/programs/global_industry_grid/index.shtml>.

"GNU Project Archives." GNU Project Archives. Web. 11 Nov. 2011. <http://ftp.gnu.org/gnu/glibc/>.

"klogd - Linux Command - Unix Command." Linux Operating System and Linux Distributions.Web. 16 Dec. 2011. <http://linux.about.com/library/cmd/blcmdl8_klogd.htm>.

"ksoftirqd(9)." tin.org - TIN newsreader development headquarters. Web. 16 Dec. 2011. <http://www.tin.org/bin/man.cgi?section=9&topic=ksoftirqd>.

"Linux-Kernel Archive: Re: 2.6.7 and khelper." Indiana University. Web. 16 Dec. 2011. <http://lkml.indiana.edu/hypermail/linux/kernel/0406.3/0318.html>.

NoScript - JavaScript/Java/Flash Blocker for a Safer Firefox Experience! - What Is It?. NoScript. Web. 10 Oct. 2011. <http://noscript.net/>.

"The Official Social Engineering Framework - Computer Based Social Engineering Tools: Social Engineer Toolkit (SET)." Social Engineering - Security Through Education. Social Engineer. Web. 10 Oct. 2011. <http://www.socialengineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_(SET)>.

"Security Advisories for Firefox 3.6." Home of the Mozilla Project. Web. 11 Nov. 2011. <http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.24>.

"Software Protection Initiative - Lightweight Portable Security." Software Protection Initiative. Software Protection Initiative. Web. 10 Oct. 2011. <http://www.spi.dod.mil/lipose.htm>.

"SourceForge.net Repository - [icewm] Index of /icewm." SourceForge.net Repository - [icewm]. Web. 11 Nov. 2011. <http://icewm.cvs.sourceforge.net/viewvc/icewm>

"The Linux Kernel Archives." The Linux Kernel Archives. Web. 11 Nov. 2011. <http://www.kernel.org/>.

"X.Org Wiki - XServer." X.Org Wiki .Web. 11 Nov. 2011. <http://www.x.org/wiki/XServer>.


Sources for Software Version Releases

1. Kernel
In Distribution: http://lwn.net/Articles/416654/
Current: http://en.wikipedia.org/wiki/Linux_kernel

2. libc
In Distribution: http://en.wikipedia.org/wiki/GNU_C_Library#Version_history
Current: http://en.wikipedia.org/wiki/GNU_C_Library#Version_history

3. X.org X Server
In Distribution: http://www.x.org/wiki/Server17Branch
Current: http://en.wikipedia.org/wiki/X.Org_Server

4. Ice WM
In Distribution: http://sourceforge.net/projects/icewm/files/icewm-1.2/
Current: http://en.wikipedia.org/wiki/IceWM

5. Java SE Runtime Environment
In Distribution: http://blogs.oracle.com/javase/entry/java_se_6_update_27
Current: http://blogs.oracle.com/javase/entry/java_6_update_29_has

6. BusyBox
In Distribution: http://www.busybox.net/oldnews.html
Current: http://busybox.net/

7. Adobe Reader
In Distribution: http://get.adobe.com/reader/otherversions/
Current: http://get.adobe.com/reader/otherversions/

8. Firefox
In Distribution: http://www.mozilla.org/en-US/firefox/3.6.22/releasenotes/
Current 3.6: http://www.mozilla.org/en-US/firefox/3.6.24/releasenotes/
Current (non 3.6): http://www.mozilla.org/en-US/firefox/new/

9. Open Office
In Distribution: http://www.openoffice.org/
Current: http://www.openoffice.org/

10. Open SSH_5.9p1
In Distribution: http://www.openssh.com/
Current: http://www.openssh.com/

Appendix

1: PS -e output after first logging into desktop

PID  Uid     VmSize Stat Command
  1 root        580 S   init
  2 root            SW< [kthreadd]
  3 root            SW< [ksoftirqd/0]
  4 root            RW< [events/0]
  5 root            SW< [khelper]
  6 root            SW< [kblockd/0]
  7 root            SW< [kacpid]
  8 root            SW< [kacpi_notify]
  9 root            SW< [ata/0]
 10 root            SW< [ata_aux]
 11 root            SW< [kseriod]
 12 root            SW  [pdflush]
 14 root            SW< [kswapd0]
 15 root            SW< [aio/0]
 16 root            SW< [aufsd/0]
 17 root            SW< [aufsd_pre/0]
 18 root            SW< [kpsmoused]
 19 root            SW  [pdflush]
 61 root        892 S < udevd --daemon
154 root            SW< [ksuspend_usbd]
156 root            SW< [khubd]
317 root       4488 S   /bin/haveged -w 4096
406 root        552 S   acpid
473 root        524 S   crond
512 root        508 S   syslogd -m 0
514 root        504 S   klogd
727 root        840 S   /bin/pcscd --debug
1208 root        856 S < udevd --daemon
1212 root        752 S < udevd --daemon
1239 messageb    812 S   /bin/dbus-daemon --system
1842 root       3288 S   NetworkManager
1844 root       2248 S   /sbin/modem-manager
1855 root        740 S   /bin/dhcpcd -B -K -L -c /libexec/nm-dhcp-client.actio
1859 root        812 S   /bin/wpa_supplicant -c /etc/wpa_supplicant.conf -B -u
2079 root        628 S   /bin/sh /bin/start-session 0
2080 root        264 S   init
2154 root      12312 R   Xorg :0 -fp /usr/X11/lib/X11/fonts/75dpi,/usr/X11/lib
2169 root        656 S   /bin/sh /etc/init.d/icewm console
2405 root        300 S   /bin/sh /etc/init.d/icewm console
2406 root        580 S   /bin/sh /bin/icewm_startup
2427 root       2204 S   /bin/icewmtray
2439 root       3376 S   icewm
2484 root       6448 S   /bin/volumeicon
2485 root       8632 S   /bin/nm-applet
2486 root       7676 S   pcmanfm -d
2489 root       1128 R   /usr/local/libexec/gam_server
2493 root        692 S   //bin/dbus-daemon --fork --print-pid 5 --print-addres
2494 root        804 S   dbus-launch --autolaunch 551c148ca109c4709c9560794eeb
2496 root       2368 S   /libexec/gconfd-2
2498 root       8428 S   /libexec/notification-daemon
2500 root       2748 R   xterm
2501 root        720 R   sh
2582 root        296 S   /bin/sh /etc/init.d/firefox window
2583 root      91808 S   /lib/firefox/firefox-bin
2648 root      18832 S   /lib/firefox/plugin-container /lib/firefox/plugins/li
2652 root        660 R   ps -e