[ISN] SE Linux embarks on Common Criteria testing

InfoSec News isn at c4i.org
Wed Sep 28 00:47:18 EDT 2005


By Joab Jackson 
GCN Staff

The National Security Agency's Security Enhanced Linux [1] has started
to undergo Common Criteria evaluation. Earlier this month, IBM Corp.  
submitted Red Hat Enterprise Linux v.5 (RHEL 5) - which includes the
SE Linux module - for Evaluation Assurance Level 4.

With the evaluation in place, this version of Linux, available from
Red Hat Inc. of Raleigh, N.C., in late 2006, could offer another
trusted operating system for handling sensitive information.  
Traditionally, Sun Microsystems Inc.'s Trusted Solaris operating
system has dominated this market.

"This allows our traditional customer base to look at Linux as a
viable alternative," said Ed Hammersla, chief operating officer of
Trusted Computer Solutions Inc. of Herndon, Va. Trusted Computer has
developed some of the extensions to SE Linux that were incorporated
into RHEL 5.

Atsec Information Security of Austin, Texas, is evaluating RHEL 5 on a
number of IBM servers, including the xSeries, pSeries and zSeries
mainframes, as well as IBM blade servers. IBM announced earlier this
year that it would submit [2] SE Linux to the National Information
Assurance Partnership's Common Criteria Evaluation and Validation

SE Linux is a set of software controls that can be used with Linux to
confine the actions of any process to a predetermined set of options,
allowing for a far finer grained policy-based management of
applications than operating systems offer.

"We're moving away from discretionary access control, so the
permissions for usage are out of the hands of users and rogue
programs," said Paul Smith, head of Red Hat's government office.

SE Linux lays the groundwork for Trusted Computer Systems' Application
Suite, for instance, which permits a single computer to run multiple
security levels. This multilevel security approach eliminates the need
to keep multiple computers at a single desktop, each for a different
security level.

Hammersla noted that because RHEL 5 is under evaluation, agencies can
use it to fulfill NSTISSP No. 11 National Policy, which calls for the
use [3] of Common Criteria-certified products to be used on networks
that carry sensitive information.

Although Red Hat won't officially release RHEL 5 until late next year,
users can test early implementations available [4] through the Fedora
Linux distribution, a volunteer effort that packages beta issues of
the Red Hat Enterprise Linux. Purchasers of Trusted Computer Systems'
Application Suite can also get the operating system, since it is
included in that software package as well.

[1] http://www.nsa.gov/selinux/
[2] http://www.gcn.com/24_8/tech-report/35516-1.html
[3] http://www.gcn.com/21_31/news/20302-1.html
[4] http://www.fedoracore.org/ 

More information about the ISN mailing list