Wind River Launches Certified EAL4+ Embedded Linux Platform

23rd May 2011

ES Admin

0 0

Wind River, a world leader in embedded and mobile software, today announced availability of and security certification for Wind River Linux Secure, the first commercial embedded Linux platform to achieve Common Criteria Evaluation Assurance Level 4+ (EAL4+) certification by the National Information Assurance Partnership (NIAP) using the General Purpose Operating System Protection Profile (GP-OSPP).

Wind River Linux Secure provides organizations facing strict security and cryptography certification requirements, such as EAL4+ and FIPS 140-2, with a secure, commercial off-the-shelf (COTS) embedded Linux solution. This solution allows organizations to build secure platforms for military communications, such as software-defined radios, command/control ground stations, and combat systems, as well as Linux-based secure mobile operating systems. As security mandates and tighter regulations expand into broader market segments, there is also an increasing need for security-certified embedded Linux platforms in networking infrastructure, industrial, energy and medical systems, which Wind River Linux Secure is designed to meet.

Wind River is filling a growing critical need in the markets where embedded Linux with security is becoming a requirement and, equally important, where our customers want to create competitive security-based differentiation in their product offerings, said Paul Anderson, vice president of marketing and strategy for Linux products at Wind River. Now organizations can meet their security needs with an open architecture software platform designed to comply with national security criteria, based upon a mature and widely-used Linux distribution.

Wind River Linux Secure is based on the stable Linux 2.6.27 kernel and GCC 4.3.2 compiler is certified to EAL4+ and its Network Security Services cryptographic library is certified to Federal Information Processing Standard (FIPS) 140-2. Other key features of Wind River Linux Secure include:

Common Criteria EAL4+ certification on ARM including hardware from Texas Instruments, Intel and Power architectures. This allows organizations to quickly jumpstart projects on a wide range of processor platforms. Organizations looking to extend this security certification to their own hardware and software environments can now efficiently create incremental certifications of Wind River Linux Secure on new COTS or custom hardware and applications, significantly decreasing the time, cost and risk of certifying new products.
Full traceability of source code for all Linux modules, enabling the exact definition of a product from its open source origins through any modifications and the addition of patches, packages, or proprietary code.
A rich set of security features, including a comprehensive security policy, identification and authentication, system auditing, access control mechanisms, cryptographic services and memory protection. Additionally, organizations can take advantage of multilevel and multi-category security through National Security Agency (NSA)-developed Security Enhanced Linux (SELinux) and several Linux system recovery tools.
Backed by Wind River's global support and services organizations.

Wind River partnered with atsec information security as the Common Criteria Test Lab (CCTL) to conduct the independent evaluation of Wind River Linux Secure.

The evaluation of technical components and products against internationally-accepted, standardized criteria allows companies to objectively demonstrate the reliability of their security functionality, said Kenneth Hake, Common Criteria Laboratory Manager at atsec. The EAL4+ certification achieved by Wind River Linux Secure brings important new technology options to companies needing the rich features of embedded Linux and the assurance of medium to high robustness.