Secure Linux and Wind River

1 of Enlarge image

Common Criteria EAL Certification

Common security problems

Wind River's Linux Secure is based on SELinux, a secure, policy-based system. I talked with Wind River’s Senior Director for Linux, Nithya Ruff, about this new product and the implications of a secure operating system for embedded applications.

Wong: Wind River Secure Linux is based on SELinux. How has Wind River enhanced this platform?

Ruff: SELinux is only one of the features of Wind River Linux Secure. Wind River Linux Secure brings the best of open source security technologies together to offer a full spectrum of security features and provides the necessary robustness and assurance with common criteria and FIPS certifications. Wind River Linux Secure utilizes a multi-layered detection, prevention and containment model to protect against the security threats. The scope of its comprehensive security includes access control mechanisms, runtime and stack protection, and system recovery and manageability tools.

Access Control

• The common criteria has defined a base set of requirements for a general purpose OS in its protection profile (GP-OSPP), effective since 2010. Wind River Linux Secure meets all these requirements, which provides the common framework for a secure OS. The functional requirements in GP-OSPP includes Identification & Authentication, Discretionary Access Control (DAC), Cryptographic and Audit Services. WRLS provides required security services and assurances to process administrative, private and sensitive/proprietary information.
• Security Enhanced Linux (SELinux) provides firewall down at the process level in the OS. It provides confidentiality protection through Multilevel Security (MLS) and Multi-Category Security (MCS) based on Bell-LaPadula model. In addition, it enables containing (sandboxing) untrusted programs through its type enforcement feature. SELinux has a rich and flexible security policy that is scalable to include broad application ecosystem.

Runtime Protection

• Wind River Linux Secure also includes Grsecurity, which is another well-regarded technology in the Linux community that has achieved significant adoption, just like SELinux. It’s a suite of patches bring a great set of security improvements and the ease-of-use with its configuration-free operation. Its comprehensive memory protection includes both compile-time and runtime stack protection against buffer overflows and address-space modifications. Also provides a complete hardened solution with Access Control Lists (ACL), file system and network protection.

System Recovery

• The system recovery and manageability tools in Wind River Linux Secure come into play when a system is compromised. It helps to figure out how to clean up the hacked system, prevent attacks from happening again, track what system resources were compromised and what portions of the system are no longer trustworthy.
• As a trusted OS, Wind River Linux Secure provides demonstrated security assurance and simultaneously ensures a well-rounded protection at different levels with focus on security, reliability and high availability.

Wong: Will existing Linux applications designed for Wind River Linux run on this new product?

Ruff: Yes, the existing user applications are compatible with this product. Since this is a hardened, locked-down secure OS, the applications that directly access kernel or system resources must be configured in the security policy to allow access.

Wong: Will those familiar with SELinux be comfortable with Wind River Secure Linux?

Ruff: Yes, Wind River Linux Secure includes the standard open source SELinux along with the reference policy so it is relatively seamless to transition to Wind River Linux Secure for someone who is familiar with SELinux in general.