New Red Hat Linux 5 version meets federal security standards

This story has been updated from its original versions with additional details. 

A version of Red Hat’s Linux 5 operating system that is capable of running various types of software thanks to a built-in kernel-based virtual machine hypervisor, has been certified to meet internationally recognized security standards. Developed to run in IBM servers, the modified version of Linux allows open-source virtualization techniques to be deployed in homeland security applications, command and control systems and across government agencies that had been limited by existing virtualization technologies 

With the Common Criteria Certification at Evaluation Assurance Level 4+, the KVM hypervisor on Red Hat Enterprise Linux and IBM x86 servers now meets federal security standards. This permits governments, financial institutions and security-conscious organizations to create secure, open virtualized IT environments and private clouds, Red Hat officials said.

The KVM hypervisor uses SE Linux to address agency security concerns about virtualization implementations because it allows virtual resources to run in separate containers that can be individually defended during an intrusion. Hypervisors allow computers to run multiple operating systems and/or software applications as separate virtual instances.

One of the advantages of Red Hat Linux with the KVM hypervisor is that it takes advantage of existing Red Hat developments, Gunnar Hellekson, chief technology strategist for Red Hat’s U.S. public-sector group, told GCN.

For example, Red Hat Linux 5 uses Security-Enhanced Linux, which is the result of a joint project by Red Hat and the National Security Agency. The security certification allows organizations to use Red Hat Linux 5 with the KVM hypervisor with confidence because the built-in SELinux will prevent virtual machines from attacking each other on the same host if they are compromised.

“No one had a general-purpose operating system with a hypervisor that had been Common Criteria certified,” said Hellekson. The Common Criteria accreditation process forces developers to choose a platform to certify on, hence Red Hat’s choice of IBM’s servers for the KVM hypervisor on Enterprise Linux 5, he said. Red Hat is working with other vendors to undergo Common Criteria accreditation with their platforms once Enterprise Linux 6 becomes available, he added.

The Red Hat system can also be stripped down to a core hypervisor for specialized operations, such as work in high-performance computing, he said. This flexibility is important because many users are wary of vendor lock-in with specialized tools such as hypervisors. Providing the KVM in an open system format with built-in security features offers users greater flexibility, he said.



Reader Comments

Thu, May 17, 2012 pnuw

The hardware vendor initiates and pays for CC evaluation, including testing and certification. The Target of Evaluation in this case would only include IBM systems, and those systems are defined in the certification. There is nothing preventing other hardware vendors from doing the same, if they are willing to pay for it.

Tue, May 15, 2012 Dennis McLain Virginia

"With the Common Criteria Certification at Evaluation Assurance Level 4+, the KVM hypervisor on Red Hat Enterprise Linux and IBM x86 servers" Source: GCN (http://s.tt/1bKrThis is 'open'? Last time I checked, IBM hardware was only offered by IBM, What about Dell, HP, Sun/Oracle, etc.. Assume IBM servers were part of the traget of evaluation'. If Red Hat doesn't intend to go beyond IBM, isn't there a problem?

Tue, May 15, 2012

Long live Linux!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above