Two independent projects are underway in the US and France to increase the security of the Linux operating system and provide it with MLS (multilevel secure) functionality to make it more suitable for use with defense systems.
MLS addresses government requirements for highly secure data that can be shared between government agencies, and is the target of a project at Trusted Computer Solutions Inc in the US and a consortium of vendors, including Linux distributor MandrakeSoft SA, in France.
Herndon, Virginia-based Trusted Computer Solutions is a provider of secure information sharing technologies to the US Department of Defense and the intelligence community and has announced plans to develop Trusted Linux as a key component of its trusted computing base.
The product will be based on the National Security Agency’s Security Enhanced Linux project and is targeted at certification under the US Common Criteria Evaluation and Validation Scheme at Evaluation Assurance Level 4.
With beta testing beginning in the fall of 2004, the product is expected to be available for purchase in early 2005 and will serve as the foundation of TCS’s SecureOffice suite of secure applications.
While Trusted Linux is aiming for CC-EAL4, a consortium of French technology suppliers is looking to go one better. Under a 7m euro ($8.6m), three-year contract with the French Ministry of Defense, Paris, Mandrake and its partners are aiming for CC-EAL5 to satisfy the security requirements of commercial, government and defense applications.
France-based Mandrake will be adapting its Mandrakelinux operating system for the project, with its share of the contract worth 1m euros ($1.2m), and will be responsible for communicating with and sharing the results of the project with the open source community.
Also in on the project is systems and services firm Bertin Technologies SA, which will be providing the security architecture for the project, as well as virtualization and embedded operating system vendor Jaluna SA, which will be responsible for system development.
Meanwhile, in process control systems specialist Surlog SA will be responsible for monitoring the software development process to ensure that it meets CC-EAL5 certification levels, while security systems consulting operation Oppida SA, which is accredited by the French National Security Agency, will evaluate the technology against the ISO 15408 Common Criteria standard.
As well as military uses, the resulting MLS version of the Linux operating system will be targeted at the industrial market at large. Similarly TCS’s Trusted Linux will also be aimed at commercial organizations looking to safeguard corporate data and meet stringent data security requirements and legislation as well as government and defense projects.