Common Operating Systems and SP 800-90C Compliance (N31c)
Over the few last years, the focus for entropy discussions was the entropy source to demonstrate that sufficient entropy is provided and it is compliant to SP 800-90B. As this topic is now understood (the implications for Linux are discussed and solutions are provided), the focus now shifts on the embedding of the entropy source into the overall operating system environment. This consideration brings us immediately to SP 800-90C. Although this standard is not released, it is actively being developed to be released in the not too far future. Thus, its implications to software architectures of operating systems in general and Linux in particular must be researched and understood. This presentation presents a study on the implications of SP 800-90C on the overall software architecture with a focus on Linux. The study outlines pitfalls that must be considered and shows which implementations are compliant. The conclusion of the analysis provides recommendations for changes in the design of existing modules. This will allow vendors to integrate change requests into the regular development cycle now, before they are enforced, and frantic searches for solutions are conducted.