Mandrakesoft: 1-million-euro contract to help build secure Linux solution
Posted on: 09/23/2004 01:16 PM

A press release from Mandrakesoft:

Funded by French Ministry of Defense, to be CC-EAL5 Certified

Paris, France - September 23rd, 2004 - An industrial
consortium consisting of Bertin Technologies, Surlog, Jaluna, Mandrakesoft, and Oppida, all major European players in security, operating system, and certification technologies, has been awarded a 7 million euro, 3 year contract by the French Ministry of Defense. Under the contract, the consortium will develop a Linux based multi-level security operating system solution meeting Evaluation Assurance Level 5 of the Common Criteria (CC-EAL5). CC-EAL5 guarantees an outstanding security level for an operating system, and satisfies major security requirements in both commercial as well as defense and government applications.

"Security is a major concern in today's embedded and
networked computer systems, desktops and servers alike", said Philippe Demigné, chairman, Bertin Technologies. "We are very proud to have been chosen by the French Ministry of Defense to manage this challenging project and to enrich operating systems with innovative security features. Our security architecture is the cement of the project. It binds together each partner's expertise". Bertin Technologies will be responsible in particular for CC-EAL5 evaluation.

Consortium partners envision that hardware partitioning and
virtualization technology will play a key role in designing future open operating system security solutions.

Jaluna, the operating system experts that recently introduced innovative technology allowing multiple operating system instances to share the same embedded system hardware, is responsible for the system development. "Jaluna's vision has been validated by the choice of Jaluna/OSware(TM) as the software foundation for the project", said Michel Gien, CEO, Jaluna SA. "We are very happy to contribute our well known operating system expertise towards such an ambitious goal".

Mandrakesoft will contribute and adapt its Linux operating system, and manage the Open Source community around the future results of the project. The project will be released under an open-source license following completion. Mandrakesoft's share amounts to 1 million euros. "Such a project makes the most of the Open Source development model", commented François Bancilhon, CEO, Mandrakesoft.
"It will leverage the power of Open Source, first by reusing a good deal of preexisting software, and second, by letting the community survey and improve the code. Mandrakesoft is naturally proud to lend its skills to such a project - it is our most important to date and a major milestone for the company", he added.

Surlog will instrument and monitor software development processes to insure that the very high certification level required by the project can be achieved. "The ambitious objective of a certification at CC-EAL5 level for an operating system is a true challenge that can be achieved by expanding approved techniques, methods and tools for dependability and safety with those of security", said Marie Catherine Monégier du Sorbier, CEO, Surlog SA. "Our tools and recognized expertise in building, monitoring and auditing complex software development processes in critical systems will be key to achieve such a high level of security certification."

Evaluation against the ISO 15408 Common Criteria standard will be performed by Oppida, one of the very few organizations accredited by the French National Security Agency to perform information technology security evaluation. "Certification against a recognized international standard is essential for users to trust the operating system they rely on for their operation", said Hervé Hosy, CEO, Oppida SA. "This is precisely Oppida's core expertise. We will perform regular evaluations of project intermediate results until the ultimate CC-EAL5 evaluation."

The scope of the certified Linux-based multi-level security solution that will be developed by the consortium goes far beyond military utilization. It is intended to address the industrial market at large, as well as telecommunication and enterprise systems. Major industry players worldwide will be invited to join the project as associates, and express their requirements and interact with the development team.

"This will be a world first for an operating system solution of such a wide scope and we are proud to be at the heart of such a challenge", concluded Philippe Demigné, chairman, Bertin Technologies.

About Bertin Technologies

Bertin Technologies Group formed in 1999, capitalizes on the
scientific and technological assets of the former company Bertin Cie, created more than 45 years ago by the brilliant engineer, Jean Bertin. Today, the group consists of Bertin Technologies Company and its three subsidiaries, a2b technologies, Ellipse Pharmaceuticals, and SPIBIO. The main objective of our Group is to combine creativity, expertise and efficiency in day-to-day activities, in order to serve the interests of our clients with innovative added value. http://www.bertin.fr

About Surlog

Since 1993, Surlog SA has been an independent laboratory, specializing in the evaluation of system and software dependability and safety. Surlog SA intervenes with industrial clients and safety authorities in the railway, nuclear, space, defense and energy fields.

Based on a set of competencies, methods and tools for the analysis, evaluation and control of system and software dependability, Surlog SA offers its knowledge and its mastery of the various standards in quality and safety of system and software (including CEI 61508, CENELEC 50128, CEI 880, DO 178B, GAMT 17).

In order to optimize its evaluation missions, Surlog SA has developed its own tools: for safety software static analysis (tool APRLS ), for identification of the functional paths of a component, evaluation of the test coverage, identification of unit, integration and validation test cases (tool AGFL : Software Analysis by Functional Graph), for the audit of the software integrity level and its development process (tool Audit_SdF ).

www.surlog.com

About Jaluna

Jaluna develops and markets value-added software components and solutions that allow multiple application environments, including the operating system to co-exist and interoperate on the same hardware. This brings legacy application migration, real-time, availability and security to Linux-based network equipment and appliances.

Founded by Sun Microsystems Chorus team members, with a wealth of experience in developing and deploying real-time and high availability solutions, Jaluna paves the way for the development of current and next generation network infrastructure and connected devices.
www.jaluna.com

About Mandrakesoft

Mandrakesoft is the publisher of the popular MandrakeLinux operating system, one of the most full-featured and easy to use Linux systems available. The company offers its enterprise, government and educational customers a complete range of GNU/Linux and Open Source software and related services. Mandrakesoft products are available in more than 120 countries through dedicated channels and also from Mandrakestore.com, the company's online store. Number 1 in several countries, Mandrakesoft has won many awards for quality and technical innovation. "Born on the Internet" in late 1998, Mandrakesoft has offices in the United States and France. Mandrakesoft is traded on Paris Euronext Marché Libre (ISIN Code: FR0004159382/MLMAN; Reuters code: MAKE.PA) and the US OTC market (stock symbol MDKFF).
www.mandrakesoft.com

About Oppida

Founded in 1998, Oppida delivers a full range of consulting services in the field of information systems security. From advisory in organization to security audits and application of security controls, through awareness and education of users, Oppida is offering a full set of solutions for securing information and communication systems.

Oppida is officially authorized as an Information Technologies Security Evaluation Facility: laboratory of evaluation for security products (firewall, cryptology tools...) accredited by the COFRAC and authorized by the Central Directorate for Information Systems Security (DCSSI, French National Security Agency) to evaluate security tools
and systems

www.oppida.fr

Linux is a registered trademark of Linus Torvalds. All other names mentioned are trademarks, registered trademarks or service marks of their respective owners.


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/mandrakesoft_1_million_euro_contract_to_help_build_secure_linux_solution.html)