When it comes to validating operating system security, one of the toughest certifications is the Common Criteria EAL 4+. Intel’s Wind River embedded operating systems division is now ramping up an effort to get EAL 4+ certified on its secure Linux embedded offering, providing a new secure embedded Linux operating system.
The Wind River Secure Linux effort isn’t just about Linux on Intel either. The goal is to have a certified Linux for multiple chip vendors including Freescale and Texas Instruments. The new effort could provide new market opportunities for Linux in highly-secure environments.[login]
The EAL 4+ certification is a security evaluation of the Common Criteria Evaluation and Validation Scheme (CCEVS) that is operated by The National Information Assurance Partnership (NIAP). Government agencies as well as enterprises and vendors that work with the government can be required in some cases to be running software that carries the certification.
“Wind River is committed to delivering software designed to comply with national security criteria to meet diverse customer needs,” said Chip Downing, director for aerospace and defense at Wind River in a statement. “Additionally, with security mandates and tighter regulations on the rise across industries, the potential to use embedded Linux in secure solutions for networking infrastructure, energy and medical systems is tremendous.”
Downing explained to InternetNews.com that Wind River Linux Secure is a separate product line from Wind River’s existing in-market embedded Linux operating system solution. He said the Wind River Linux Secure solution has additional security features and implementation of the General Purpose Operating System Protection Profile (GP-OSPP) v7 as mandated by NIAP.
In addition to the EAL 4+ certification, Wind River Linux Secure will include SELinux (security enhanced Linux). While Wind River has a Linux solution in the market today, the Wind River Linux Secure EAL 4+ product is in development and is expected by Wind River to be available by the first half of 2011 pending the completion of the certification process.
But even as Wind River pursues EAL 4+ for its embedded Linux, rival embedded Linux vendor Montavista isn’t as bullish on the market opportunity.
Montavista is now owned by chip vendor Cavium after being acquired for $50 million at the end of 2009.
“We have had SELinux in our CGE (Carrier Grade Edition) and Mobilinux products for a number of years but the uptake by customers has been low,” Montavista spokesperson Dean Misenhimer told InternetNews.com. “It can be complicated to configure and if you don’t get the configuration 100 percent right, you leave security holes. Most customers don’t see the value for the complexity.”
SELinux is an effort originally started by the US. Government’s National Security Agency (NSA)in 2004 and first adopted by Red Hat’s Fedora Core 2 Linux. From an Enterprise Linux perspective, Red Hat Enterprise Linux has been EAL 4+ certified since the RHEL 4 release in 2006.
Misenhimer added that Montavista has not seen any demand for EAL4 from its customers.
“If and when we do, we will consider doing the certification — we already have SELinux experience and the expertise for doing this,” Misenhimer said.
From Wind River’s perspective the Wind River Secure Linux is something new for the industry.
“Enterprise Linux distributions may not meet all the typical embedded industry requirements such as multi-architecture support and customizations to support embedded hardware,” Downing said. “Wind River Linux Secure will support three hardware architectures, provides customizations to meet specific customer hardware and cost effective solutions to meet typical embedded customer needs.”
In addition to being an embedded Linux operating system vendor, Wind River also has its own proprietary embedded operating system called VxWorks. Downing noted that there are different use cases for Linux and VxWorks and different certifications. He added that currently the VxWorks MILS platform is being evaluated to EAL6+ to meet the real-time operating system (RTOS) requirements for high robustness (EAL6+) multilevel secure (MLS) systems.
“The EAL4+ certification of Wind River Linux Secure addresses moderate to high independently assured security with medium robustness requirements,” Downing said. “With Wind River Linux Secure, companies can expect to meet their security needs as well as choose the best software for the job from a surplus of mature and widely used Linux-based open source solutions on a wide range of hardware platforms.”
Tags: Linux, Wind River, Montavista, Intel, Cavium, EAL