SE Linux embarks on Common Criteria testing
- By Joab Jackson
- Sep 27, 2005
The National Security Agency's Security Enhanced Linux
has started to undergo Common Criteria evaluation. Earlier this month, IBM Corp. submitted Red Hat Enterprise Linux v.5 (RHEL 5)'which includes the SE Linux module'for Evaluation Assurance Level 4.
With the evaluation in place, this version of Linux, available from Red Hat Inc. of Raleigh, N.C., in late 2006, could offer another trusted operating system for handling sensitive information. Traditionally, Sun Microsystems Inc.'s Trusted Solaris operating system has dominated this market.
'This allows our traditional customer base to look at Linux as a viable alternative,' said Ed Hammersla, chief operating officer of Trusted Computer Systems Inc. of Herndon, Va. Trusted Computer has developed some of the extensions to SE Linux that were incorporated into RHEL 5.
Atsec Information Security of Austin, Texas, is evaluating RHEL 5 on a number of IBM servers, including the xSeries, pSeries and zSeries mainframes, as well as IBM blade servers. IBM announced earlier this year that it would submit
SE Linux to the National Information Assurance Partnership's Common Criteria Evaluation and Validation Scheme.
SE Linux is a set of software controls that can be used with Linux to confine the actions of any process to a predetermined set of options, allowing for a far finer grained policy-based management of applications than operating systems offer.
'We're moving away from discretionary access control, so the permissions for usage are out of the hands of users and rogue programs,' said Paul Smith, head of Red Hat's government office.
SE Linux lays the groundwork for Trusted Computer Systems' Application Suite, for instance, which permits a single computer to run multiple security levels. This multilevel security approach eliminates the need to keep multiple computers at a single desktop, each for a different security level.
Hammersla noted that because RHEL 5 is under evaluation, agencies can use it to fulfill NSTISSP No. 11 National Policy, which calls for the use
of Common Criteria-certified products to be used on networks that carry sensitive information.
Although Red Hat won't officially release RHEL 5 until late next year, users can test early implementations available
through the Fedora Linux distribution, a volunteer effort that packages beta issues of the Red Hat Enterprise Linux. Purchasers of Trusted Computer Systems' Application Suite can also get the operating system, since it is included in that software package as well.
Joab Jackson is the senior technology editor for Government Computer News.