Linux achieves CAPP/EAL4+! Can it achieve EAL5?

Abstract:

This presentation will focus on our experience with a number of Linux evaluations. We have completed 4 evaluations so far & currently 1 more is under way. Our experience in the use of common criteria for open source evaluation has been positive. With the increasing use of Open Source in general and Linux in particular within government and commercial environments, security of Open Source products is of increasing importance and as a result the demand for the security evaluation of Linux is evident. Security certifications are time consuming and can take years to accomplish. Using a step by step approach, we have obtained the Common Criteria certification of Linux every few months leading to the industry recognized CAPP/EAL4+. The presentation will cover our experience and the technical challenges associated with these Linux evaluations. We now continue to investigate on how Linux can achieve higher levels of assurance, especially EAL5. We will discuss our thoughts and the challenges associated with obtaining EAL5 for Linux.