A security-hardened version of the Sun Microsystems Solaris 8 operating system has achieved the international 'Common Criteria' certification after successfully passing a year of vigorous lab tests at Logica PLC, a U.K. lab.
Trusted Solaris 8 differs from the garden-variety version of Solaris 8 in that it makes use of software compartments, role-based access protection and controlled access to meet high-security requirements for running multiple applications or network access from a single machine.
The Common Criteria security-assurance evaluation program is backed by the U.S. and Canada, as well as several European and Asian nations that have been working together for several years to coordinate lab testing of a wide variety of software and, less often, hardware. The intent is to have mutual recognition of security evaluations on an international basis.
In the U.S., Common Criteria-approved products will soon become mandatory for security devices such as firewalls, biometrics and even operating systems that will be used in national security systems, said Ron Ross, director of the National Information Assurance Partnership.
NIAP is the joint effort between the National Institute of Standards and Technology (NIST) and the U.S. National Security Agency (NSA) to oversee U.S. involvement in the Common Criteria program. The NSA and the U.S. Department of Defense are strong proponents of the program, which replaced the older U.S.-centric "Orange Book" software evaluation program.
Strictly speaking, national security systems are those used by either defense or civilian agencies to process or transmit sensitive and otherwise restricted information. Commercial contractors supporting defense efforts may be asked to use Common Criteria-evaluated products too.
Ross, a NIST employee, said waivers to avoid using Common Criteria products could be granted through the NSA, but it's not expected to be easy to get one.
The government's push to Common Criteria is a big incentive to get vendors to dedicate time and money to be able to market to the federal agencies.
According to Mark Thacker, product line manager for Solaris security at Sun, it cost hundreds of thousands of dollars and took a year of work to ensure that Trusted Solaris 8 passed the testing at the Logica lab. Trusted Solaris 8 received "Evaluation Assurance Level 4" using a specific set of what's called "protection profiles."
To understand the Common Criteria test regimen, it's helpful to know that the garden-variety Solaris 8 also passed Common Criteria testing for EAL 4 last February using a different set of "protection profiles" that don't include RLE-based access control and other features predominant in Trusted Solaris 8.
Thacker said Sun's multilevel Trusted Solaris 8 uses "labels" that make it possible to delegate administration of compartments on the operating system in a way that can't be done on Sun Solaris 8.
"With a 'trusted' OS, you're creating a security cloud in the OS," Thacker says. It allows the system to run multiple applications that are completely separated from each other. Thacker notes that this kind of functionality is not only appealing for national security purposes but also for use in banking and among ISPs, which host multiple customers' Web applications on a single server.
Although Common Criteria EAL runs from a low of "1" to a high of "7," by many accounts, EAL 4 is a demanding test level to pass, based on the types of protection profiles vendors are willing to say their product can meet. In fact, out of the dozens of products on the Common Criteria evaluations list, none has achieved higher than EAL 4 to date. EAL 5 to 7 evaluations would involve reviews at the design stage that the highest security attributes have been built appropriately into the core product - and at a cost few companies could endure - say many close to the Common Criteria program.
But as hard as it is to pass the Common Criteria testing, this doesn't bequeath an aura of invulnerability on either operating system or security products. If new security problems are discovered, that may well mean patching Common Criteria-certified products as well.
Veridian Corp., a San Antonio, Texas software developer that works on sensitive Defense Department systems, said Sun has done a good job with Trusted Solaris 8 to make sure the 15,000 applications in the market will be able to run on Trusted Solaris 8. David Castillo, chief architect for trusted technologies at Veridian, noted it wouldn't be unusual to customize programs for Defense Department use.
Sun left it uncertain whether it will seek to obtain Common Criteria certification for the upcoming Solaris 9 operating system.
Microsoft Corp. may be just behind Sun. Microsoft has submitted its Windows 2000 software for EAL 4 evaluation at a lab run by SAIC, and the results from several months of testing are expected any day now, says NIAP director Ross.