PRODUCT DESCRIPTION

Wind River Linux Secure is a commercial-grade embedded Linux operating system that provides a flexible and pervasive development and runtime platform. Based on Linux kernel 2.6.27 and GCC 4.3.2, Wind River Linux Secure includes Carrier Grade Linux (CGL) compliant Linux Kernel, supports multi-architecture based hardware platforms and is optimized for embedded architecture based devices.

Wind River Linux Secure comes with integrated Eclipse-based Wind River Workbench development suite along with a broad and rich set of command line tools.

EVALUATED CONFIGURATION

Wind River Linux Secure is certified on well-defined boards based on the Intel Architecture, Power Architecture, and ARM. For details about the certified boards, please see the Security Target.

The location of the evaluated configuration guide can be found in the Validation Report for this product.

SECURITY EVALUATION SUMMARY

Wind River Linux Secure is a commercial-grade embedded Linux development and run-time platform suitable for use where assured security and robustness are key project requirements. Wind River Linux Secure is built on Wind River’s embedded Linux platform and is based on fully traceable sources from kernel.org, which enables companies to develop, test quickly and cost-effectively and enjoy the benefits of open source. The evaluation was performed by Atsec Information Security Corporation. The results of the evaluation can be found in the CCEVS Validation Report for Wind River Linux Secure 1.0.

ENVIRONMENTAL STRENGTHS

The functionality of Wind River Linux Secure is consistent with the requirements set forth by the GPOSPP profile it complies with, on the platforms specified in the Security Target. In particular, the TOE implements a number of important security mechanisms:

• Security Audit: The TOE is able to audit security-relevant actions based on the Linux Audit Framework. This framework maintains a central audit log which is inaccessible to regular users and provides search tools to find the audit trail entry of interest. Moreover, a fine-grained configuration of the audit framework allows to only audit those operations you are interested in, limiting the performance impact on the overall system.

• Identification and Authentication: Password-based authentication is required for any access to the console of the TOE. The identification and authentication mechanism is based on the Linux Pluggable Authentication Module mechanism which is configured to enforce a defined password quality and ensures a locking of accounts in case of failed login attempts.

• Security Management: The TOE provides management interfaces for each security functionality, allowing the TOE to be self-contained without requiring support from other, non-TOE applications.

• FIPS 140-2 validated cryptography: FIPS 140-2 validated cryptography is offered to users for general-purpose use via the Wind River Cryptographic Framework. Any user can access this framework to gain access to cipher mechanisms which are always initialized and operated compliant with the FIPS 140-2 requirements.

• Discretionary Access Control: Unix permission bits together with fine-grained ACLs allow users and administrators to control access to file system data. ACLs can be specified on a per-user or per-group level for every individual file system object. In addition, Unix permission bits on System V IPC mechanisms, as well as POSIX message queues, are provided.

• Mandatory Access Control: The TOE enforces a multi-level security setup based on the Bell-LaPadula model. Every object and every subject is assigned with an MLS label to prevent illicit information flow. To allow a proper integration of the TOE into an overall MLS system, the TOE provides labeled networking to securely communicate the label along with network data.

Vendor Information

Wind River
Milind Kukanur
510-749-2494
milind.kukanur@windriver.com

http://www.windriver.com