James Morris - RHEL now certified at EAL4+
RHEL now certified at EAL4+|
RHEL is now certified at EAL4+, when configured appropriately on IBM's mainframe, System x, System p5 and eServer boxes, according to the protection profiles LSPP (labeling), RBACPP (role based access control) and CAPP (audit).
EAL4+ is as far as you can go with an off the shelf OS. Beyond this, you need semiformal security design and pretty much a new OS. LSPP is the current equivalent of the old "orange book" B1 TCSEC rating.
This certification means that Linux is now officially considered appropriate for use as a "trusted" operating system, although with SELinux, it is far more flexible and capable than any of the existing MLS-oriented solutions. While the evaluation is specific to RHEL5 and IBM hardware, everything is freely available in source form, and also freely available as an installable distro via Fedora, Centos and derivatives thereof.
A lot of people thought it would be outright impossible to get an open source OS certified at this level. Not only were they wrong, but we've done it in a way which makes it part of the mainline kernel, upstream userland, and integrated into standard distributions. It is not some out-dated, incompatible and outrageously expensive fork of the OS, as has historically been the case with trusted OSes. "Military-strength" security is just now just another feature you get as standard in Linux, and it receives the same testing and community benefits as the rest of the OS.
Those who accuse Linux of lacking innovation might do well to look at this, and also see how others are now adopting these innovations.
|Date:||June 16th, 2007 05:31 pm (UTC)|| |
|Date:||June 16th, 2007 10:02 pm (UTC)|| |
> This certification means that Linux is now officially considered appropriate for use as a "trusted" operating system
Now that's how I like "trusted computing" :D
|Date:||June 17th, 2007 11:15 am (UTC)|| |
EAL number and security
I think it should be stressed that an EAL number by itself does not indicate how secure an operating system is. Higher numbers mean we can be more confident of something, whereas the list of protection profiles say what that something is. In this case, the protection profiles LSPP (http://www.cesg.gov.uk/site/iacs/index.cfm?menuSelected=1&displayPage=152&id=40), RBACPP (http://www.cesg.gov.uk/site/iacs/index.cfm?menuSelected=1&displayPage=152&id=31) and CAPP (http://www.cesg.gov.uk/site/iacs/index.cfm?menuSelected=1&displayPage=152&id=41) relate to how well the operating system supports users and groups and the like, but says nothing about the presence or absence of remote root exploits. If there's a root exploit (or comparable SELinux breech) then it doesn't matter how well the operating system honours user restrictions.
Re: EAL number and security
Mandatory access control, as implemented by SELinux and discussed somewhat in LSPP, does help address threats arising from vulnerabilities in userspace software.