Wind River, a world leader in embedded and mobile software, today announced availability of and security certification for Wind River Linux Secure, the first commercial embedded Linux platform to achieve Common Criteria Evaluation Assurance Level 4+ (EAL4+) certification by the National Information Assurance Partnership (NIAP) using the General Purpose Operating System Protection Profile (GP-OSPP).
Wind River Linux Secure provides organizations facing strict security and cryptography certification requirements, such as EAL4+ and FIPS 140-2, with a secure, commercial off-the-shelf (COTS) embedded Linux solution. This solution allows organizations to build secure platforms for military communications, such as software-defined radios, command/control ground stations, and combat systems, as well as Linux-based secure mobile operating systems. As security mandates and tighter regulations expand into broader market segments, there is also an increasing need for security-certified embedded Linux platforms in networking infrastructure, industrial, energy and medical systems, which Wind River Linux Secure is designed to meet.
Wind River Linux Secure is based on the stable Linux 2.6.27 kernel and GCC 4.3.2 compiler is certified to EAL4+ and its Network Security Services cryptographic library is certified to Federal Information Processing Standard (FIPS) 140-2. Other key features of Wind River Linux Secure include:
Common Criteria EAL4+ certification on ARM including hardware from Texas Instruments, Intel and Power architectures. This allows organizations to quickly jumpstart projects on a wide range of processor platforms. Organizations looking to extend this security certification to their own hardware and software environments can now efficiently create incremental certifications of Wind River Linux Secure on new COTS or custom hardware and applications, significantly decreasing the time, cost and risk of certifying new products.
Full traceability of source code for all Linux modules, enabling the exact definition of a product from its open source origins through any modifications and the addition of patches, packages, or proprietary code.
A rich set of security features, including a comprehensive security policy, identification and authentication, system auditing, access control mechanisms, cryptographic services and memory protection. Additionally, organizations can take advantage of multilevel and multi-category security through National Security Agency (NSA)-developed Security Enhanced Linux (SELinux) and several Linux system recovery tools.
Backed by Wind River’s global support and services organizations.
Wind River partnered with atsec information security as the Common Criteria Test Lab (CCTL) to conduct the independent evaluation of Wind River Linux Secure.