Submitted by Red Hat, with help from IBM and Trusted Computing Solutions, plans to put its operating system through the paces of the National Information Assurance Partnership’s Common Criteria evaluation program to create the first “trusted” Linux operating system.
First, there is Trusted Solaris for x86:
http://www.sun.com/software/solaris/trustedsolaris/
And does RedHat intend to certify a GUI as trusted, since Trusted Solaris has Common Desktop Environment certified as Trusted, or is it CLI only?
Not sure what you consider wrong in the article since it mentions that in the “past’ used to run only on RISC architectures.
An updated version of RHEL 4 targets EAL4 while ongoing efforts in RHEL 5 target the LSPP, CAPP and RBAC profiles which I believe dont include the GUI in a comprehesive way beyond potential visual display of current roles,labels or profile including printing
http://niap.nist.gov/cc-scheme/in_evaluation.html#r
https://www.redhat.com/mailman/listinfo/redhat-lspp
There are independant efforts to do this however that is not tied to the certification process
http://fedoraproject.org/wiki/FC5Future
Hope that helps
My bad.
From TFA: “The big thing here is that it makes Red Hat Enterprise Linux 5 the only other trusted operating system in the world, beyond Trusted Solaris,” says Ed Hammersla, chief operating officer of Trusted Computer Solutions, a provider of security software and services. “It’s a big milestone in the maturity of Linux.”
Even the article blurb doesn’t say first “trusted” operating system, but rather first “trusted” linux operating system.
The article is correct.
The article is still wrong. BAE Systems has the XTS-400 which is a trusted platform (OS and hardware), at EAL-5. RHEL and Solaris are therefore not the only trusted OSs.
Forgot about that one!
It’s even worse than that as SuSE has had EAL 4+ certification for at least 18 months, so the article is worse than just wrong….
Chris.
First
SUSE Enterprise 9 was released around Aug 2004, so 18 months is a bit of a stretch
Second
SEL9 has EAL4+ certification with the CAPP
Thrid
RHEL 5 will be going for EAL4+ certification with the CAPP, LSPP and RBAC
Fourth,
http://informationweek.com did do a pretty bad job of patching this news bit together
Last but not least, get your news from the horses mouth
http://www.trustedcs.com/news/6news6_1_1z.htm
😉
jlc
we should see more of non nsa funded stuff like http://www.rsbac.org http://www.adamantix.org
we should see more of non nsa funded stuff like http://www.rsbac.org http://www.adamantix.org
I agree,i would like to add http://www.grsecurity.net and pax.grsecurity.net
I doubt EAL alone is enough.There should be a penetration certificate also.Features such as advanced encrypting,digital keys,etc add some points to the overal EAL certification but don’t prevent a cracker from compromising the server.
Trusted Solaris might be a tough nut to crack but is exorbitant expensive.
I think this kind of stuff for Linux, is very cool. and is promising for for Linux in general.
Would be great Linux, made its way more into goverment and military systems.
-Nex6
-nex6.blogspot.com
this is A very good time , as all the apps that require
“EAL $ and above and or “trusted” status. can now be run on Linux, also means Companys and biz’s alike can now get there hands on a “trusted” system for a reasonable price.
altho the Certifcation will be on IBM hardware, which I belive (not sure off) to run a “trusted” app you need to run it on the hardware it was certified on i think, which is good for IBM.
but, many many comapnys can now get the benifit of a full EAL4_ trusted system for there apps if the need it.
cool
-Nex6
-nex6.blogspot.com