LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

RHEL 5 going for Common Criteria EAL 4 rating

RHEL 5 going for Common Criteria EAL 4 rating

Posted Sep 27, 2005 14:58 UTC (Tue) by jamesmrh (guest, #31622)
Parent article: RHEL 5 going for Common Criteria EAL 4 rating

An important aspect of this is that it will include LSPP (Labeled Security Protection Profile) certifcation. LSPP is the modern equivalent of the B1 "trusted" certification, and requires an implementation of MLS and more stringent auditing facilities.

EAL4 is the assurance level of the certification, which is considered to be the highest level that can be reached for an off the shelf OS that was not designed from scratch specifically as a security technology.

Certifcation-wise, this will put Linux in the same arena as Trusted Solaris etc.

[not speaking for Red Hat officially, just part of the team]

(Log in to post comments)

RHEL 5 going for Common Criteria EAL 4 rating

Posted Sep 27, 2005 16:58 UTC (Tue) by drag (subscriber, #31333) [Link]

Now I am not trying to be a dick or anything.. I just want to understand more or less what this means for us non-government types.

My previous understanding of EAL4 and below certifications was that it's mostly paper work and accountablity rather then actual real-life security of the operating system... Stuff like having documentation aviable about how a admin should configure the system, how obvious is it that the system is misconfigured. Stuff like that. There is nothing like full-blown code audits by the government or security evaluated 'code paths' and the such... Nothing realy terribly usefull for actual real-world security.

For instance W2k had EAL4, but obviously W2k is not a terribly secure operating system. Now OBSD on the other hand is a VERY secure system, but I wouldn't be suprised at all if they couldn't get EAL4 in it's current state. It's a more beuacratic thing, then real-world thing, at least that's my understanding.

Also as was pointed out above Windows 2000 had a CAPP/EAL4 certification, but only in a certain configuration and with huge restrictions on what software you could run... basicly you couldn't realy use it on a network or something like that.

Here is a critic of the Windows cert http://eros.cs.jhu.edu/~shap/NT-EAL4.html

Is this certification going to be for a specific config or a only a default install? Is this with the 'restrictive' style SELINUX config or the default ruleset?

Also I noticed that the article had terms like LSPP, CAPP, and RBAC.. so is it were Win2k had CAPP/EAL4, RH5 will have LSPP/RBAC/CAPP/EAL4? Which I suppose is more difficult/stringent.

Still good luck for Redhat. Hope they get it nailed.. it should make it much easier to get government contracts in many situations. More money for Redhat means we get more things like GFS and Fedora/Redhat directory services (formally netscape directory).

:)

RHEL 5 going for Common Criteria EAL 4 rating

Posted Sep 27, 2005 19:37 UTC (Tue) by jamesmrh (guest, #31622) [Link]

LSPP has some very specific security requirements, which are aimed at managing information at different classifications and users at different clearances. So, the direct value of this to non-govt types is unknown and historically limited.

What we're trying to do with SELinux, though, is make the technology available in the standard, current product, rather than an old fork of the OS like traditional "trusted" OS vendors. We're also trying to implement the technology in a more generalized way, so it can be re-used for other purposes. An example of this is MCS, which is an adaptation of MLS which allows users to assign security categories to files that they own.

There are several security technologies being rolled out for general use (Type Enforcement, MLS, MCS, RBAC etc), and rather than take a prescriptive stance, that is, to say "this is how your security should work", there's a lot of scope for users to innovate and feed their ideas back into the community.

The short answer to your question is that you get a bunch of security technologies which have not existed in a generally available, modern OS.

The certification will be for a specific configuration and on specific hardware, I believe, and I'm not sure which security policy (there are several mailing lists including the redhat-lspp list where these issues can be discussed in more detail).

RHEL 5 going for Common Criteria EAL 4 rating

Posted Sep 27, 2005 20:14 UTC (Tue) by bojan (subscriber, #14302) [Link]

>What we're trying to do with SELinux, though, is make the technology available in the standard, current product, rather than an old fork of the OS like traditional "trusted" OS vendors.

Good move. Do the same with GFS and Xen in RHEL5 and you'll have many more people jumping on the virualisation and cluster bandwagon. The current GFS/Cluster suite subscription fees are really not something your average company can afford. And yet, getting the hardware to run it almost is.

Bring it to the masses and see the adoption rate skyrocket.

RHEL 5 going for Common Criteria EAL 4 rating

Posted Sep 27, 2005 21:33 UTC (Tue) by drag (subscriber, #31333) [Link]

Ya, I've been following0 SELinux developements since it was just patches from NSA. It's pretty neat stuff and I've always been apreciative of Redhat/Fedora's work to make it more usefull for the average person.

Still kinda skirted around the issue, but it's a good enough answer so I'm happy. Just be carefull how it gets promoted, you don't want people to think: "Oh, look Redhat just reached the same level of security that Microsoft got back with Windows 2000 SP3." (which is obviously untrue)

RHEL 5 going for Common Criteria EAL 4 rating

Posted Oct 11, 2005 6:31 UTC (Tue) by Vladimir (guest, #33011) [Link]

Just wanted to comment on this:
"LSPP has some very specific security requirements.... So, the direct value of this to non-govt types is unknown and historically limited."

I don't need to be a government type to be able to use LSPP or Type Enforcement or RBAC for everyday business.
How on Earth would you let sysadmins to use root and in the same type to not have access to classified data stored on the servers the run?

Regards,

VG

RHEL 5 going for Common Criteria EAL 4 rating

Posted Oct 12, 2005 5:07 UTC (Wed) by etbe (subscriber, #17516) [Link]

The administrator has to perform tasks such as fixing file system
corruption, backing up data, and installing new applications (including
custom applications). These tasks are not compatible with preventing the
administrator from accessing secret data.

We have a secadm_r role for security administration which can be separate
from the sysadm_r for general system administration. This is currently
an experimental feature and is designed to be discretionary in nature.
We can't entirely prevent the sysadm from doing the wrong thing in regard
to security administration, but if they do so then they can't claim it to
be an accident, mistake, or an issue where their duties were unclear.

RHEL 5 going for Common Criteria EAL 4 rating

Posted Sep 27, 2005 19:37 UTC (Tue) by ncm (subscriber, #165) [Link]

"it should make it much easier to get government contracts in many situations."

That's the entire point. This isn't about security, this is about getting Free Software into the bidding pool. Unfortunately a certified RHEL wouldn't give anybody (except RH themselves) a bidding advantage, unless the bid were on a lot more than just the hardware and OS.

RHEL 5 going for Common Criteria EAL 4 rating

Posted Sep 27, 2005 19:55 UTC (Tue) by bojan (subscriber, #14302) [Link]

> Unfortunately a certified RHEL wouldn't give anybody (except RH themselves) a bidding advantage

Maybe you haven't heard, but RHEL is an open source operating system. You are free to take the code (that's already been certified) and run certification for your own flavour you're building from it. I reckon that's a huge advantage for *all* Linux distros, not just Red Hat.

RHEL 5 going for Common Criteria EAL 4 rating

Posted Sep 29, 2005 4:03 UTC (Thu) by lutchann (subscriber, #8872) [Link]

The whole product is certified, not just chunks of code. Having RHEL certified will make it easier for other vendors to get certified (although there's a lot to the certification package which won't be available under an open source license, particularly documentation) but any individual components you extract and put in another similar-but-slightly-different environment will have no special status what-so-ever.

RHEL 5 going for Common Criteria EAL 4 rating

Posted Sep 29, 2005 5:30 UTC (Thu) by bojan (subscriber, #14302) [Link]

Of course, but consider this. If you are building an OS and want it EAL 4 certified, does the fact that Windows is certified help you? Not much. If you are building an open source operating system, maybe even based on RHEL5 source, does the fact that it is certified help you? A lot more - you have the same source!

For instance, if CentOS wanted to certify their version 5, it would be much easier for them to do so (in terms of work required) once RHEL5 gets certified. No proprietary OS can claim the same. In other words, even in the certification space, the barrier to entry is reduced through open source.

RHEL 5 going for Common Criteria EAL 4 rating

Posted Sep 27, 2005 22:28 UTC (Tue) by veillard (guest, #31604) [Link]

Hi ncm :-)

I think the certification is only for a specific software on a specific
hardware platform, so in a sense this is limited. But this is still a
very important step to see *one* Linux distro get there.

DV

RHEL 5 going for Common Criteria EAL 4 rating

Posted Sep 27, 2005 22:37 UTC (Tue) by drag (subscriber, #31333) [Link]

Well I bet you'd be happy to know that Suse has had a EAL4 certification for some time now. :)

see:
http://www.heise.de/english/newsticker/news/56451

RHEL 5 going for Common Criteria EAL 4 rating

Posted Sep 29, 2005 19:57 UTC (Thu) by kweidner (subscriber, #6483) [Link]

This is different, the SUSE evaluation used the CAPP profile (same as the MS Windows evaluation mentioned here), and the new RH evaluation will be adding LSPP and RBAC for mandatory access control and role based security, making it comparable to Trusted Solaris and similar systems.

FYI, you can get the official lists of evaluated products and products in evaluation directly, no need to dig for old press releases ;)

Mandatory Access Control (MAC) means that the OS enforces restrictions and users can't override them. For example, you can't copy a file marked "secret" to an insecure device even if you own the file. By contrast, users can change the standard filesystem permissions (aka Discretionary Access Control or DAC) and give read or write access to others for files they own.

MAC is potentially interesting even outside government environments since it can protect against malicious software - for example it could ensure that your web browser cannot read your financial data even if an attacker has full control over it due to a security flaw.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds