[TUHS] Government-Issue UNIX?

GARY LUCKENBAUGH via TUHS tuhs at tuhs.org
Sat Oct 11 00:25:23 AEST 2025 

Yep, that is me. I went through all the mergers and acquisitions as well, and retired from Leidos in 2017. At the time I was working in the plant in Gaithersburg. I spent probably 20 years off and on in that building. The entire thing was torn down a few years after Leidos acquired it, and Lockheed Martin had completed a full renovation a few years before it was torn down. 

My longest stint on FAA programs was during the ERAM period. I was the security architect from around 2001-2007. 

I had some intermittent periods during the AAS project, but I was mostly on loan to IBM Advanced Workstations Division during the AAS project. 

Sadly, I think all copies of IBM B2 Secure Xenix, CMW Xenix, and AIX/CMW have been lost to history. The tapes all became the property of Loral, and they didn't have an interest in keeping them. I had a complete set of product manuals for B2 Secure Xenix, but tossed them out in my last move. 

I'm curious about AT&T's Orange Book Security work, and SE/Linux. It sounds like there have been multiple waves of work on Defense related Unices; Ford Aerospace KSOS in the late 70s, IBM B2 Secure Xenix in the early 80s, the IBM/DEC/HP CMWs in the late 80s and early 90s, TIS takeover of IBM Xenix in late 80s, and then after my time, mid-90s maybe, the deployment of Secure Xenix in an application at NSA in Ft. Meade. I think it might have been for a telephone or secure guard of some sort. This might have been the work that Tom Wellington spearheaded for IBM. 

It's interesting that there wasn't much, if any, communication between the different generations of people working on defense Unices. I only met the the KSOS guys after IBM Federal and Ford Aerospace both became part of Loral. 

I only very recently heard that AT&T was building an Orange book Unix, and I know nothing about SE/Linux other than its existence. When Secure Xenix was being evaluated by the NCSC we went through dozens of rounds of "bring me a rock" please, and IBM just gave up, and sold it to TIS.

Around 1986, when we were going through the painful "bring me a rock" phase, Andrew Tanennbaum wrote his book on Minix. I suggested that the Mitre guys create a reference implementation of a B2 Unix-like system using Minix. I've often wondered if the genesis of SE/Linux was the result of my planting a bug in the ear of the Mitre guy, whose name unfortunately I can't remember. 

I'm also really curious about the AT&T secure Unix. It appears that neither of us knew of the other's existence. I'm really curious if you were successfully certified by the NCSC or whatever they were called at the time. 

Gary Luckenbaugh

Sent from my iPhone

> On Oct 9, 2025, at 11:27 PM, Andy Wallis via TUHS <tuhs at tuhs.org> wrote:
> 
> IBM Federal Systems got sold off to Loral then Lockheed and is now owned by Leidos. The Gaithersburg plant was partially torn down to make way for a FedEx or UPS depot.
> There are still a number of ex IBM FS people still working at Leidos.
> I think Gary worked with me in the FAA ATC programs if it the same  person I remember.
> 
> It is still very much a UNIX shop. AIX has been replaced by RHEL. That place gave me my love of AIX from our FAA programs going back to AAS to ERAM.
> -Andy Wallis
> 
>> On Oct 9, 2025, at 10:28 PM, Ron Natalie via TUHS <tuhs at tuhs.org> wrote:
>> 
>> I was consulting for IBM FSC (Gaithersburg MD).   Tom Wellington was who I was dealing with there.
>> 
>>>> On Oct 9, 2025, at 21:30, GARY LUCKENBAUGH via TUHS <tuhs at tuhs.org> wrote:
>>> 
>>>  BTW, Ron Natalie, where did you work on IBM Secure Xenix? I'm surprised we didn't cross paths. Maybe we did, and I just don't remember. My 68 y/o brain isn't what it used to be.
>>> 
>>> Gary Luckenbaugh
>>> 
>>> 
>>> Sent from my iPhone
>>> 
>>>>> On Oct 9, 2025, at 9:11 PM, GARY LUCKENBAUGH via TUHS <tuhs at tuhs.org> wrote:
>>>> 
>>>> I was the lead developer on IBM Secure Xenix. I designed all the APIs and did much of the kernel work from Jan 1984 until 1989 when we handed off the project to Steve Walker's Trusted Information Systems.
>>>> 
>>>> My dream job was to work on the Unix kernel, and by some miracle I got to do that at IBM. I was the first IBMer on the project and the last off. This was my first job out of graduate school. My thesis advisor, Virgil Gligor, was an IBM consultant, and he knew they were looking for kernel developers, dare I say kernel hacker.
>>>> 
>>>> Besides my advisor, and my IBM manager, I was the only one working the project until the summer of 1984 when we brought in two PhDs to work the project, one was from IBM's Yorktown Research Division, and one was a hire from AT&T Naperville.
>>>> 
>>>> I was the only one with knowledge of the Unix kernel. I was two steps down the ladder from the guys with PhDs, but my manager quickly figured out I was the only one that really knew what I was doing. I got really annoyed with the analysis paralysis. I decided I had enough of that, and implemented the Mandatory Access Controls over a weekend. 😆
>>>> 
>>>> That project was a heck of a lot of fun, and the highlight of my career. I was one of IBM's first Unix people, and I got to run all around the corporation giving talks. My home base was IBM Federal Systems Division in Gaithersburg, MD, but I spent a lot of time at IBM's Advanced Workstation Division in Austin, TX the home of IBM's AIX.
>>>> 
>>>> Gary Luckenbaugh
>>>> 
>>>> Sent from my iPhone
>>>> 
>>>>>> On Oct 9, 2025, at 5:44 PM, segaloco via TUHS <tuhs at tuhs.org> wrote:
>>>>> 
>>>>> 
>>>>>> 
>>>>>>>> On Fri, 10 Oct 2025, at 01:35, Jon Forrest via TUHS wrote:
>>>>>>>> 
>>>>>>>> KSOS was made from scratch at Ford Aerospace in the late
>>>>>>>> 1970s. I was in the group that did it, although I didn't
>>>>>>>> work on it because I didn't have a security clearance.
>>>>>> 
>>>>>> 
>>>>>> There seems to be an IEEE paper on this, though I’ve not read it yet. Hate it when things need a login :-(
>>>>>> 
>>>>>> Do you know where it belonged on the spectrum from “zero AT&T code” to “new kernel but overwhelmingly AT&T userland”?
>>>>>> 
>>>>>> Intrigued,
>>>>>> 
>>>>>> John
>>>>> 
>>>>> Fwiw the manual I have on hand is just for the kernel API, so I couldn't
>>>>> say.  On a quick flip-through, the sections appear to have been
>>>>> rearranged (.e.g Section I describes datatypes used by syscalls) and in
>>>>> none of the sections did I spot anything particularly resembling
>>>>> userland applications, although I think the API documentation includes
>>>>> non-syscall entrypoints implying parts of a userland C library.
>>>>> 
>>>>> - Matt G.
>>

More information about the TUHS mailing list