Wind River Introduces First Embedded Linux Operating System to Be Accepted for EAL4+ Certification by NIAP

Posted: August 20, 2010

Wind River Linux Secure Opens New Options for Market Segments Requiring Secure Application Platforms

Wind River, a world leader in embedded and mobile software, today announced that Wind River Linux Secure, a secure embedded Linux, is in evaluation by the National Information Assurance Partnership (NIAP) to be certified to Common Criteria Evaluation Assurance Level 4+ (EAL4+), conforming to the General Purpose Operating System Protection Profile. In addition, Wind River Linux Secure is officially listed by the National Institute of Standards and Technology as a cryptographic module accepted for evaluation to the FIPS 140-2 standard. Wind River Linux Secure is expected to be available in the first half of 2011 pending certification completion.Upon certification completion to Common Criteria EAL4+, Wind River Linux Secure is expected to be the first commercial embedded Linux operating system accepted by NIAP, enabling Linux to be deployed securely on hardware from multiple vendors, including Freescale, Intel, and Texas Instruments Incorporated. The certified open standards platform, with full traceability to source code for all Linux modules, will provide greater flexibility, interoperability and transparency in developing secure software systems, resulting in faster time-to-market and lower development costs.

“Wind River is committed to delivering software designed to comply with national security criteria to meet diverse customer needs,” said Chip Downing, director for Aerospace and Defence at Wind River. “As the first and only commercial Linux vendor to produce an embedded Linux solution in evaluation to Common Criteria EAL 4+, Wind River will be providing customers with a wide choice of hardware platforms for secure applications such as military communications and software-defined radio systems. Additionally, with security mandates and tighter regulations on the rise across industries, the potential to use embedded Linux in secure solutions for networking infrastructure, energy and medical systems is tremendous.”

Wind River Linux Secure provides companies with government-mandated security certification requirements, such as Common Criteria EAL4+ and FIPS 140-2, with a secure, commercial, general-purpose embedded Linux operating system. In addition to conforming to Common Criteria requirements for EAL4+, Wind River Linux Secure also provides an additional layer of security through mandatory access controls, or MAC, along with enabling NSA-developed Security Enhanced Linux, or SELinux. With Wind River Linux Secure, companies can expect to meet their security needs as well as choose the best software for the job from a surplus of mature and widely used Linux-based open source solutions on a wide range of hardware platforms.

To reduce the risks typically associated with open source software, the tested and validated product is also backed by Wind River’s global support and services organizations. Companies requiring an EAL4+-certified Linux distribution can simply use Wind River Linux Secure instead of undertaking Common Criteria and FIPS security certification directly and avoid the high-risk, formal certification process.

The Wind River Linux Secure product is rich with security features, including identification and authentication, audit, discretionary access control, cryptographic services, security management as well as security function protection. Also, for additional security needs, customers will also be able to take advantage of multilevel security through SELinux, run-time memory protection through grsecurity and several system recovery tools.

For its Common Criteria EAL4+ evaluation, Wind River has selected atsec information security, industry-leading experts in software information assurance, as the Common Criteria Test Lab to conduct the independent evaluation of Wind River Linux Secure. Atsec information security has valuable experience in evaluating Linux operating systems for medium robustness as per the Common Criteria guidelines.

Separately, Wind River VxWorks MILS Platform is listed by NIAP as being in evaluation to EAL6+/NSA High Robustness under the Common Criteria Evaluation and Validation Scheme. Wind River VxWorks MILS Platform delivers the security foundation that aerospace and defense companies need to meet the real-time operating system requirements for multilevel secure systems and cross domain solutions.

Wind River Linux Secure will initially be available on selected platforms of Intel® architecture, Power Architecture® and ARM®. The introduction of Wind River Linux Secure is expected in the first half of 2011. Wind River offers customizations for embedded hardware platforms to support advanced security certification needs for customers and partners.

To view Wind River Linux Secure listed on NIAP’s site, visit
and on NIST’s site, visit .

To learn more about Wind River’s aerospace and defense solutions, visit