France funds EAL5 Linux project
Oct 1, 2004 — by LinuxDevices Staff — from the LinuxDevices Archive — 1 viewsThe French Ministry of Defense will put up 7 million over the next three years to fund an industrial consortium building a Linux-based operating system that can achieve EAL5 certification. The coalition includes Bertin Technologies, SURLOG, Jaluna, Mandrakesoft, and OPPIDA.
EAL5, or Evaluation Assurance Level 5, is the fifth-highest level in a 7-level set of “Common Criteria” computer security standards maintained by the Computer Security Resource Center (CSRC). The Seven EALs (EALs) include:
- EAL1 — functionally tested
- EAL2 — structurally tested
- EAL3 — methodically tested and checked
- EAL4 — methodically designed, tested, and reviewed
- EAL5 — semiformally designed and tested
- EAL6 — semiformally verified design and tested
- EAL7 — formally verified design and tested
According to CSRC, “EAL5 permits a developer to gain maximum assurance from security engineering based upon rigourous commercial development practices supported by moderate application of specialist security engineering techniques . . . EAL5 is therefore applicable in those circumstances where developers or users require a high level of independently assured security in a planned development and require a rigorous development approach without incurring unreasonable costs attributable to specialist security engineering techniques.”
In practice, EAL5 certification is most often required by government agencies for military and aerospace applications. Lack of EAL certification has been a leverage point used by commercial mil/aero RTOS vendor Green Hills Software to attack Linux's suitability for military contracts.
The consortium says its EAL5 operating system will go “far beyond military utilization,” however, also targeting the industrial market at large, as well as telecommunications and enterprise systems. “Major industry players worldwide will be invited to join the project as associates, express their requirements, and interact with the development team,” the consortium says.
Roles and responsibilities in the effort break down as follows:
- Security specialist Bertin Technologies “will be responsible in particular for the CC-EAL5 security level”
- Embedded operating system specialist Jaluna, recently in the news for netting $12M to promote its platform virtualization technology, is charged with system development
- Mandrakesoft will contribute and adapt its Linux distribution, and foster an open source community around the open-source, EAL5 distribution
- SURLOG will instrument and monitor the software development processes, as required for EAL5 certification
- OPPIDA, which is accredited by the French National security Agency to perform IT security evaluations, will evaluate the project's work against the ISO 15408 Common Critera standard
According to Jaluna, the consortium partners expect virtualization technology to play a key role in designing future open operating system security solutions.
“Jaluna's vision has been validated by the choice of Jaluna/OSware as the software foundation for the project,” said Jaluna CEO Michel Gien.
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.