HOME ALL STORIES LATEST NEWS COLUMNS OPINIONS EDITORIALS GUEST VIEWS SHORT TAKES DATA WATCH SPECIAL REPORTS ZEICHICK'S TAKE SD TIMES 100 EDITORS' BLOG

RSS FEEDS

FACEBOOK

TWITTER

WHITE PAPERS SPONSORED PROFILES JOB BOARD WEBINAR CENTER FREE SOFTWARE BZ RESEARCH ALMSHAREPOINT EVENTS CALENDAR PRINT/PDF EDITION PRINT/PDF BACK ISSUES

SUBSCRIBE TODAY CUSTOMER SERVICE EDITORIAL CALENDAR EDITORIAL BEATS GUEST VIEW GUIDE SD TIMES 100 GUIDE EVENTS CALENDAR ADVERTISING ARTICLE REPRINTS REPORT A BUG SITE MAP

ABOUT US BZ MEDIA NEWS BZ RESEARCH SYSMANNEWS SPTECHCON ESDC IPHONEDEVCON PRIVACY POLICY CONTACT US

Printable version

HOME >> EMBEDDED NEWS

Most Read Latest News Blog Resources

Does Windows cost Microsoft opportunities?
Microsoft's decision to focus .NET on Windows is stifling innovation due to the specter of...

Mono brings .NET to Android
At Microsoft MIX, Mono will unveil the ability to port .NET applications to the Android op...

OSBC focus turns to best practices for open-source adoption
Businesses are no longer asking why they should adopt, but how do they use open source leg...

Maven Studio for Eclipse gets developers up to speed
Sonatype tool simplifies onboarding by giving developers a way to easily deploy fully conf...

nVidia updates CUDA tools
Latest version helps developers turn desktops and servers with high-end GPUs into more pow...

Scrum Planning Board adds automation to Axosoft OnTime
Illustrations are also included to assist Scrum-using developers a better view of what the...

Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.

Overcoming Development Challenges with Open Source Open source software can help you with your application development challenges. It doesn’t...

Accelerate Services and the Cloud Business units, functional groups, and different divisions of companies across industries...

Enterprise Mashup Platforms for Today’s Increasingly Complex and Real-Time Context Enterprise Mashups offer your company a new way to connect data from inside and outside yo...

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

Green Hills OS gets approval from National Security Agency

By David Worthington

November 19, 2008 —

The process took nearly a decade, but embedded software maker Green Hills Software has proven the mettle of its Integrity-178B operating system, obtaining a high security certification from the US National Security Agency.

On Monday, Green Hills announced that it had obtained Common Criteria Evaluation Assurance Level (EAL) 6+ from the National Information Assurance Partnership (NIAP), an initiative operated by the National Security Agency. EAL has seven assurance levels, with EAL7 being the most secure.

The certification is meaningful because it permits information with different levels of classification to reside on a single computer that runs Integrity, said Dan Mender, vice president of business development for Green Hills. He noted that the cost of federating the separation of data is high.

For instance, in Iraq, the US military maintains hundreds of computers: some are for top secret and classified data, and others connected to the Internet, he said. As a consequence, the military must handle the complexities of integration and communication between machines, as well as space, weight and power demands. “It takes more power to cool the computers than it does to run them,” he said.

“The key issue in allowing different tiers of information to reside on a single machine is the separation provided for the different tiers. We have many networks with multiple levels of classified data, but all are treated at the highest level of classification permitted on the system,” said a senior official in the Information Assurance Directorate (IAD) of the NSA who asked not to be identified.

“While some operating systems provide the mechanisms to protect multiple tiers, the remaining difficulty lies in codifying and instantiating the rules necessary to sufficiently protect the different tiers. Reliable multi-level security requires more than just the operating system,” the official added.

Green Hills sees Integrity’s role as a foundational component for secure infrastructure. It provides secure virtualization for guest operating systems, including Linux, Solaris and Windows. Integrity can also run as the host operating system, with secure Linux or Windows partitions, without fear of cascading events, Mender explained in a previous interview.

Much of the United States' critical infrastructure is running on software that is less secure, he said, alluding to the NIAP’s certifications of Linux, Solaris and Windows as EAL4. EAL4 certifies that an operating system has been methodically designed, tested and reviewed, whereas EAL6-rated operating systems offer higher assurance with a design that is almost totally verified as being secure.

Designs are verified by mathematical proofs of security policies, formal specifications and how closely implementation follows design, Mender said.

“National Infrastructure relies heavily on the operating system. The OS controls the functioning, and it is a key link in the overall security, which includes confidentiality, integrity, authentication and availability. Having an evaluated OS, whether the evaluation is NIAP or some other appropriate approved method, is important to the assurance of the infrastructure, but the OS is only a part, albeit a key part, of that protection,” the IAD official said.

Integrity had over three years of NSA penetration testing, said Mender. “It was not breached.” He credits its design: Integrity was developed for an EAL7 assurance rating and is approximately 4,000 lines of code long, he noted.

While the security of an individual operating system is important, a network is only as good as the sum of its parts, the IAD official noted. “There are several operating systems that have successfully undergone evaluation. Each must be considered as a part of a network solution when one determines what assurance the overall solution provides; none can be considered in isolation.”

Related Search Term(s): embedded development, networking, security, Green Hills

Share this link: http://www.sdtimes.com/link/33064

Short Takes: Lack-of-oil-driven software development Our editors go over the ways you can shorten your commute through technology, reactions to Yahoo's rebuffing of Microsoft and Snow Leopard's appearance at the Apple WWDC, and the winner of SAP's Project Green contest.

News Briefs: February 1, 2009 TopCoder launches its annual TopCoder Open, Adobe creates the full version of its LiveCycle ES Developer Express, and former Red Hat COO Tim Buckley is named the executive chairman of the board of directors of rPath.

Short Takes: October 15, 2008 Our editors take a look at how Oracle's OpenWorld is becoming more eco-conscious, why the iPhone is better than the BlackBerry, the convenience of watching TV shows online and tips from Secure Computing on securing your infrastructure.

Add comment

Name*
Email*
Country

Comment
Preview

News on Monday
more>>
SharePoint Tech Report
more>>

Download Current Issue
ISSUE 3/15/2010 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?

Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.
03/17/2010 11:16 AM EST

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.
03/17/2010 11:08 AM EST

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.
03/16/2010 01:10 PM EST