UK government tests open source security

The UK government's Central Sponsor for Information Assurance is sponsoring the testing of secure systems based on open source technologies including the Xen virtualization hypervisor and Security Enhanced Linux.

The CSIA, a Cabinet Office unit focused on coordinating the security of the UK government’s information systems, is developing proof-of-concept systems using SELinux to support remote working and web services.

It is also sponsoring work at CESG, the information assurance arm of the government’s GCHQ intelligence and security organization, into a trusted computing platform making use of the Xen virtualization technology.

Details of the projects were prompted by questions in the House of Lords from Lord Harris of Haringey about the funding of security certifications for open source software for government use.

Lord Bassam of Brighton outlined the projects underway, adding that the CSIA’s Claims Tested Mark scheme was designed to provide a quick and easy way for both open source and proprietary software vendors to test and verify the claimed security of their applications.

The CCT Mark scheme is now in pilot stage and sees EDS Corp, IBM Corp, and LogicCMG Plc providing test facilities where software vendors can prove that their products live up to their claims.

The scheme is designed to provide an alternative to the expensive and time consuming common criteria testing scheme run by the US National Information Assurance Partnership.

Lord Bassam also noted that Red Hat Inc has achieved common criteria certification to EAL3 on certain IBM and Hewlett-Packard Co hardware, and is evaluation for EAL4. Novell Inc’s SUSE Linux has also been certified to EAL3.

SELinux functionality was originally developed by the US National Security Association and is enabled in Red Hat’s Enterprise Linux 4. The Xen virtualization technology is commercially supported by Xensource Inc and began life as a project at the UK’s Cambridge University.

The news was a second boost for open source use among UK public sector organizations in a week, following the opening of a new government-backed test laboratory to support the use and development of open source technologies.

Run by the National Computing Centre, the Open Source Laboratory is part of the Open Source Academy, a national open source project that brings together numerous local authorities across the UK and has the support of the Office of the Deputy Prime Minister.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing