CC EAL-7 level COTS OS??
Page 1 of 4 123 ... LastLast
Results 1 to 10 of 31

Thread: CC EAL-7 level COTS OS??

  1. #1
    Junior Member f1fan's Avatar
    Join Date
    Feb 2005
    Posts
    13

    CC EAL-7 level COTS OS??

    Hey,

    I did a search and did not find any mention of this so if it is a repeat I apologise in advance.

    The news release is about a month old but I thought it was significant enough to be posted...

    LynuxWorks is stating at http://linuxdevices.com/news/NS6765352929.html

    it will ship a new super-high-security operating system in July, 2005 that was designed to meet the very highest levels of military certification...

    LynxSecure was designed for certification to Common Criteria EAL-7 (Evaluated Assurance Level 7), a level of certification unattained by any known OS to date.
    I have seen alot of stuff debating the pro's and con's of an open source OS being able to meet the security requirements of EAL-7... but I say if Linux can meet these requirements all the better.

    WOW...

    F1fan

    PS> For more info on EAL requirements ...http://csrc.nist.gov/cc/Documents/CC...RT3/PART36.HTM
    \"It amazes me the will of instinct...\" -- Kurt Cobain

  2. #2
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Hmmm. I can't imagine an opensource OS using anything more than a smattering of code previously available, and actually achieving this rating easily.

    I'm not saying it can't be done, but considering the track record of the likes of Sendmail, it would be difficult to do this without reinventing the wheel. I agree with the whole 'many eyes' argument that Eric and the zealots^H^H^H^H^H^H^Hboys make, I trully believe it works (as I type this post in Firefox). But I think the majority of the code out there being used may not be up to snuff to pass the scrutiny needed for EAL7.

    Of course, if it is opensource, and they do succeed, and we all get to play with this 'new code' I believe they'll have to write...weeeeeeee!
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  3. #3
    Banned
    Join Date
    May 2003
    Posts
    1,004
    If you read carefully in the article provided, you will note the product they are talking about is a security kernel that provides a Linux-like interface within a type verification system similar to SecureOS which provides a BSD-like environment.

    It is NOT Linux.

    It is not possible for an open development product to ever be evaluated EAL7.

    Note, I did not say "not easy" or even "very difficult" I said "not possible."

    EAL7 also provides assurance through the use of a structured development process, development environment controls, and comprehensive TOE Evaluation assurance levels configuration management including complete automation, and evidence of secure delivery procedures.
    Notice the "structured development process" bit. Considering open source development falls under Level 1 of the CMMI software development model, it cannot be considered structured under any circumstances.

    Their system, on the surface appears more likely to be EAL5 at best... but we'll see. It should be noted that the system it question is not listed on the ISO-15408 "in progress list" though another EAL7 product is (but it isn't an OS).

    One more point on this subject, to achieve high levels of security, such as TCSEC B3, which is more or less equal to ISO-15408 EAL6 with regard to assurance require data segregation at the hardware level, clearly this cannot be achieved with code alone. Hence:
    Common Criteria EAL-7 (Evaluated Assurance Level 7), a level of certification unattained by any known OS to date.
    is misleading. Even STOP 6.1.E currently the highest evaluated operating system against ISO-15408 only achieved that evaluation on the XTS-400 hardware platform.

    To roughly compare ISO-15408/CC to TCSEC (with consideration to assurance levels):

    EAL2 = C1
    EAL4 = C2/B1
    EAL5 = B2
    EAL6 = B3
    EAL7 = A1

    And A1 evaluated systems do exist.

    cheers,

    catch

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hello Catch,

    I would like your opinion (preferably professional/academic ) on this one:

    You said:

    Considering open source development falls under Level 1 of the CMMI software development model, it cannot be considered structured under any circumstances.
    Is that absolutely true?.............the reason I ask is that my experience with the CMM gave me the distinct impresion that it was an organisation's processes that earned a rating, rather than the OS/development style? So it ought to be possible to run an open source project under CMM?

    If you have any references, I would be very interested, as I am sure others would be.

    As for "security", I am with you 200% there..............I just have this feeling that it is security rather than structured methodology that is in the driving seat here?

    interesting?

  5. #5
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Hehe, I was reacting strangely to that comment as well. 'opensource development' and 'opensource software' are two different statements. We can do ALL development in house, and allow others to have it under an open source license...
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  6. #6
    Banned
    Join Date
    May 2003
    Posts
    1,004
    the reason I ask is that my experience with the CMM gave me the distinct impresion that it was an organisation's processes that earned a rating, rather than the OS/development style?
    It is the organization's process I'm talking about. In this case the organization in the Linux development community.

    Now "Open Source" typically means software that has had its code base contributed to by its user base. However, "Open Source" could just as easily mean any closed development product that makes its source code availible to the public. Although I cannot, offhand think of any products like the latter, I figured it better to place it safe and distinguish that I meant products that are developed by their user base.

    Security is the by product of structured methodology.

    The point of my original post was simply:

    1. The product in question isn't Linux.
    2. Linux can never reach that level of assurance.
    3. No software product alone can ever reach that level of assurance.

    cheers,

    catch

  7. #7
    Kwiep
    Join Date
    Aug 2001
    Posts
    924
    I disagree with the statement that open source software (as in developed by its userbase) can not be anything but cmm level 1. Even open source software can be well planned, tracked and controlled. Altough I agree that it mostly isn't and that it isn't in the case of the linux kernel, there actually are some projects who apply good rules about documenting of code and use of "formal" coding instead of quick workarround-the-problem "hacks" wich makes the developing prcess alot more proffesional.

    As for the software being reliant on the hardware... That's kinda obvious, adding special security stuff to the hardware architecture makes things different... It is however a choice you make for the most suitable system practically. If for example for some radio application you only have a very limited frequency band, you can't use an architecture that uses more frequencies altough it would be more secure for some reason.
    Double Dutch

  8. #8
    Banned
    Join Date
    May 2003
    Posts
    1,004
    I disagree with the statement that open source software (as in developed by its userbase) can not be anything but cmm level 1
    This is because you are unfamiliar with the CMM.

    Level 2 = the Repeatable Level; now what part of having a random college student from god knows where sending in a bug fix or tuned code is repeatable?

    Can the open source project manager (if one existed) rely on this person/process? As soon as you accept random input, all notions of repeatability are out the window.

    The software process capability of Level 2 organizations can be summarized as disciplined because planning and tracking of the software project is stable and earlier successes can be repeated. The project's process is under the effective control of a project management system, following realistic plans based on the performance of previous projects.
    -http://www.sei.cmu.edu/pub/documents/93.reports/pdf/tr24.93.pdf

    I didn't say software was reliant on hardware, I said that process segregation at the higher security levels needed to be done at the hardware level, consequently no chunk of code is sufficient by itself to achieve the higher security evaluations.

    cheers,

    catch

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    It is the organization's process I'm talking about. In this case the organization in the Linux development community.
    Thanks for the clarification, I thought that was what you might be saying.

    Security is the by product of structured methodology.
    In an ideal world it would be integral, like automobile or airplane safety?.............I am using a very broad concept of "security" as well

    2. Linux can never reach that level of assurance.
    Would I be right in thinking that a branded Unix product could (given the other environmental parameters)? The problem mainly lies in the fact that the Linux community is not integrated, so has not adopted structured methodologies?

    OK I know there are major players who must use some form of structured methodologies, but there are no cross community standards?

  10. #10
    Kwiep
    Join Date
    Aug 2001
    Posts
    924
    Originally posted here by catch
    This is because you are unfamiliar with the CMM.

    Level 2 = the Repeatable Level; now what part of having a random college student from god knows where sending in a bug fix or tuned code is repeatable?

    Can the open source project manager (if one existed) rely on this person/process? As soon as you accept random input, all notions of repeatability are out the window.

    -http://www.sei.cmu.edu/pub/documents/93.reports/pdf/tr24.93.pdf


    I am familiar with the cmm and the scenario you're sketching is quite the worse case scenario. It's like the minimum required to actually get anything working at all. I'm saying it doesn't have to be like that and actually isn't in the case of quite some projects, where people with actual programming job experience do stuff too.

    I didn't say software was reliant on hardware, I said that process segregation at the higher security levels needed to be done at the hardware level, consequently no chunk of code is sufficient by itself to achieve the higher security evaluations.

    cheers,

    catch
    at higher levels everything mathers and the hardware is of lesser importance compared to the architectural changes required for special applications for there is a difference if a system is placed in a computerbunker or in for example a sattelite... linking hardware design directly to security then is weird... the software design describes how the hardware resources are used and the rest is a mather of choice and opinion.
    Double Dutch

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •