Industrial Consortium to Develop CC-EAL5 Security Linux Solution

9/27/2004 - An industrial consortium gathering Bertin Technologies, SURLOG, Jaluna, Mandrakesoft and OPPIDA, all major European actors in security, operating system, and evaluation technologies announced that they have been granted a 7 million euros, 3-year contract by the French Ministry of Defense to develop a multi-level security Linux-based operating system solution that will reach the Common Criteria Evaluation Assurance Level 5 (EAL5), guaranteeing an outstanding security level for an operating system.

"Security is a major concern in today’s embedded and networked computer systems, desktops and servers alike," said Philippe Demigné, chairman, Bertin Technologies. "We are very proud to have been chosen by the French Ministry of Defense to manage this challenging project and to enrich operating systems with innovative security features. Our security architecture is the cement of the project. It binds together each partner's expertise."

Bertin Technologies will be responsible in particular for the CC-EAL5 security level.

Consortium partners envision that hardware partitioning and virtualization technology will play a key role in designing future open operating system security solutions.

Jaluna, the operating system experts that recently introduced innovative technology allowing multiple operating system instances to share the same embedded system hardware, is responsible for the system development.

"Jaluna’s vision has been validated by the choice of Jaluna/OSwareTM as the software foundation for the project," said Michel Gien, CEO, Jaluna SA. "We are very happy to contribute our well known operating system expertise towards such an ambitious goal."

Mandrakesoft will contribute and adapt its Linux distribution, and stimulate the open source community around the future results of the project, which will be released under an open-source license following project completion.

"Such a project makes the most of the Open Source development model," commented François Bancilhon, CEO, Mandrakesoft. "It will leverage the power of Open Source, first by reusing a lot of preexisting software, and second by letting the community survey and improve the code. Mandrakesoft is proud to lend its skills to such a project."

SURLOG will instrument and monitor software development processes to insure that the very high evaluation level required by the project can be achieved.

"The ambitious objective of an evaluation at CC-EAL5 level for an operating system is a true challenge that can be achieved by expanding approved techniques, methods and tools for dependability and safety with those of security," said Marie Catherine Monégier du Sorbier, CEO, SURLOG SA."Our tools and recognized expertise in building, monitoring and auditing complex software development processes in critical systems will be key to achieve such a high level of security evaluation."

Evaluation against the ISO 15408 Common Criteria standard will be performed by OPPIDA, one of the very few organizations accredited by the French National Security Agency to perform information technology security evaluation.

"Certification against a recognized international standard is essential for users to trust the operating system they rely on for their operation," said Hervé Hosy, Director, OPPIDA. "This is precisely OPPIDA’s core expertise. We will perform regular evaluations of project intermediate results until the ultimate CC-EAL5 evaluation."

The scope of the certified Linux-based multi-level security solution that will be developed by the consortium goes far beyond military utilization. It is intended to address the industrial market at large, as well as telecommunication and enterprise systems. Major industry players worldwide will be invited to join the project as associates, express their requirements, and interact with the development team.

"This will be a world first for an operating system solution of such a wide scope and we are proud to be at the heart of such a challenge," concluded Philippe Demigné, chairman, Bertin Technologies.

About Bertin Technologies
Bertin Technologies Group formed in 1999, capitalizes on the scientific and technological assets of the former company Bertin & Cie, created more than 45 years ago by the brilliant engineer, Jean Bertin. Today, the group consists of Bertin Technologies Company and its three subsidiaries, a2b technologies, Ellipse Pharmaceuticals, and SPIBIO. The main objective of our group is to combine creativity, expertise and efficiency in day-to-day activities, in order to serve the interests of our clients with an innovative added value.

Since 1993, SURLOG SA has been an independent laboratory, specializing in the evaluation of system and software dependability and safety. SURLOG SA intervenes with industrial clients and safety authorities in the railway, nuclear, space, defense and energy fields. Based on a set of competencies, methods and tools for the analysis, evaluation and control of system and software dependability, SURLOG SA offers its knowledge and its mastery of the various standards in quality and safety of system and software (CEI 61508, CENELEC 50128, CEI 880, DO 178B, GAMT 17).

In order to optimize its evaluation missions, SURLOG SA has developed its own tools: for safety software static analysis (tool APRLS®), for identification of the functional paths of a component, evaluation of the test coverage, identification of unit, integration and validation test cases (tool AGFL®: Software Analysis by Functional Graph), for the audit of the software integrity level and its development process (tool Audit_SdF®).

About Jaluna
Jaluna develops and markets value-added software components and solutions that allow multiple application environments, including the operating system to co-exist and interoperate on the same hardware. This brings legacy application migration, real-time, availability and security to Linux-based network equipment and appliances. Founded by Sun Microsystems Chorus team members, with a wealth of experience in developing and deploying real-time and high availability solutions, Jaluna paves the way for the development of current and next generation network infrastructure and connected devices.

About Mandrakesoft
Mandrakesoft is the publisher of the popular Mandrake Linux operating system, one of the most full-featured and easy to use Linux systems available. The company offers its enterprise, government and educational customers a complete range of GNU/Linux and Open Source software and related services. Mandrakesoft products are available in more than 120 countries through dedicated channels and also from, the company's online store. Number 1 in several countries, Mandrakesoft has won many awards for quality and technical innovation. "Born on the Internet" in late 1998, Mandrakesoft has offices in the United States and France. Mandrakesoft is traded on Paris Euronext Marché Libre (ISIN Code: FR0004159382/MLMAN; Reuters code: MAKE.PA) and the US OTC market (stock symbol MDKFF).

Founded in 1998, OPPIDA delivers a full range of consulting services in the field of information systems security. From advisory in organization to security audits and application of security controls, through awareness and education of users, OPPIDA is offering a full set of solutions for securing information and communication systems. OPPIDA is officially authorized as an Information Technologies Security Evaluation Facility: laboratory of evaluation for security products (firewall, cryptology tools...) accredited by the COFRAC and authorized by the Central Directorate for Information Systems Security (DCSSI, French National Security Agency) to evaluate security tools and systems.

Linux is a registered trademark of Linus Torvalds.

Previous Page | News by Category | News Search

If you found this page useful, bookmark and share it on: