Working Toward Objective Security Specifications
MILS spec gets buy-in from government, aerospace, military; RTOS vendors also on board
By Edward J. Correia
February 15, 2005 —
Embedded middleware vendor Objective Interface Systems is developing a new security solution that uses the partitioning capabilities that some RTOSes employ for fault tolerance and is applying it to deliver the type of security required by government agencies, including the Air Force Research Laboratory and National Security Agency.
The Partitioning Communications System (PCS) was developed along with those agencies and military contractors Lockheed Martin and Rockwell Collins, and is expected to reach prototype stage before the end of March.
According to Objective CEO Bill Beckwith, the new middleware conforms to security requirements set forth in the Multiple Independent Levels of Security (MILS) specification, which defines systems in terms of information flow, data isolation, periods processing and damage limitation. He described MILS as the overlap between safety-critical and security-critical systems. “It’s a combination of real-time embedded and high-separation. The idea is to take the kinds of technologies that are useful for separating failures and use them for security separation,” Beckwith said. Green Hills, LynuxWorks and Wind River all have begun working on compatible versions of their RTOSes, he said, adding that the technology has applications in desktop and server environments as well.
Beckwith illustrated the risk: “If I were to write a virus that took over a Windows box, it would not actually be able to send data out through a VPN, but it could control the flow of packets. Something watching on the other side could see the [change in] timing and could leak out gobs of information. The existing communications infrastructure is totally incapable of handling these kinds of threats.”
The Objective middleware solves that problem, Beckwith said, by adding a layer on top of MILS-compliant operating systems. “PCS takes the separation properties of the separation kernel and allows secure communication between various layers, and does all the encryption and timing separation to make sure no one can take over the timing channels.” The result, he said, is self-contained application security that doesn’t depend on any particular infrastructure. “You don’t have to trust your switches, routers or protocol stacks; all the information is erased before it gets there.”
Regardless of how infected one application might become, Beckwith continued, it cannot affect the operations or data of another. “That makes MILS wonderful for [military] systems, where you have secret, top-secret and unclassified data all on one computer, because you can prove that you can keep them separate.” PCS is being developed according to the EAL 7, the highest security under the Common Criteria for security requirements, he said.
General availability of the Partitioning Communications System middleware is expected before year’s end, Beckwith said; pricing has not been determined. The company also is developing a MILS-aware version of ORBexpress, its flagship embedded and real-time CORBA ORB, but gave no release timetable.
Share this link: http://sdt.bz/28428
Most Read Latest News Blog Resources
Virtualization: Not just for machines anymore
Network virtualization allows multi-tiered applications to behave as though they were in a physical network
|
|
Magic announces the release of its revolutionary mobile offering for the development of business applications, with new native clients for iOS and Android platforms
Magic announced today the availability of native iOS and Android clients for its mobile enterprise application platform
|
|
Achievements and learning: Gamification comes to businesses and schools
Startup takes page from gamers by offering achievement marks to get developers more engaged in their projects
|
|
Zeichick’s Take: The handheld and the tablet, circa 1976
Texas Instruments' and Hewlett-Packard's calculators were doing things decades ago we take for granted today
|
Virtualization: Not just for machines anymore
Network virtualization allows multi-tiered applications to behave as though they were in a physical network
|
|
Achievements and learning: Gamification comes to businesses and schools
Startup takes page from gamers by offering achievement marks to get developers more engaged in their projects
|
|
Google talks tools at AnDevCon III
New 3D debugging tool and recent ADK changes are detailed by Google developers at the third Android Developer Conference
|
|
SmartBear rolls out new quality solution: API Complete
Software gives organizations ability to write test scripts and monitor APIs by bridging the DevOps divide
|
Creation
To write better software, cultivate your ability to be creative.
|
|
Slick...but who needs it?
compilr.com is a well-designed site and the folks behind it seem to have their heart in the right place. But...who needs it?
|
|
How to be a better software developer
Want to be a better developer? You won't get there by mastering an interesting language or learning a new set of APIs.
|
|
Wooing Galatea
Do yourself a favor and check out Galatea 2.2, a wonderful book by novelist Richard Powers.
|
Five SCM Best Practices
Two-thirds of all software projects fail, according to the Standish Group’s CHAOS study. Improper usage of software configuration management...
|
|
|
Best Practices for Branching and Merging Patterns
Development teams often create a branching pattern, usually drawn out on a white board or in a Visio document, that is used as a model to...
|
|
Automated Error Reporting
We invite you to read a short e-zine that tells you all about automated error reporting for .NET applications. This 8-page e-zine is packed...
|
|
The End of Application Redeploys
Imagine that every time you wanted to write, send or receive an email, you needed to restart your computer. How much time would this take, a...
|