News & Press
Green Hills Software Announces World’s
First EAL6+ Operating System Security Certification
INTEGRITY Is the Only Operating System Technology Certified to Protect
Classified Information Against Sophisticated Attackers
SANTA BARBARA, CA - November 17, 2008 — Green Hills Software,
Inc., the world leader in secure operating systems, today announced that
the INTEGRITY-178B operating system has been certified by the National
Information Assurance Partnership (NIAP), a U.S. government initiative
operated by the National Security Agency (NSA), to Common Criteria Evaluation
Assurance Level (EAL) 6+, High Robustness.
INTEGRITY: The Only Secure Operating System
This certification is the first of its kind, the highest Common Criteria
security level ever achieved for an operating system. Only an EAL6+
High Robustness operating system is certified to protect classified
information and other high value resources at risk of attack from hostile
and well-funded attackers. This is secure by anyone’s definition.
The highest security standard to which any other operating system is
certified only protects against "inadvertent or casual attempts
to breach the system security". That is not even close to secure
by anyone’s definition.
No other operating system has even begun the stringent EAL6+ NIAP/NSA
certification process (http://www.niap-ccevs.org/cc-scheme/in_evaluation lists
products that have begun a certification process). Furthermore, Common
Criteria states that "EAL4 is the highest level at which it is likely
to be economically feasible to retrofit to an existing product line." INTEGRITY
was designed for EAL7 – the highest level of security – and
thus was able to meet the NSA’s High Robustness requirements.
"The certification is a landmark in the security world," commented
Dan O’Dowd, founder and chief executive officer, Green Hills Software. "INTEGRITY
is the only solution to the long-unsolved problems of protecting the
world’s critical infrastructure, keeping private information private,
and thwarting even the most determined cyber attackers."
"For years, information security has been myopically protecting
the organization from the outside in with technologies like firewalls
and antivirus and largely overlooked the need to protect it from the
inside out. In Gartner’s vision of Adaptive Security Infrastructure,
protecting workloads and information from the inside out will require
more intelligent security sensors throughout the infrastructure – at
endpoints, virtual servers and within the applications and data themselves," said
Neil MacDonald, vice president and Gartner fellow. "However, security
software running on the same physical machine as the workloads and information
it is protecting can’t be unequivocally trusted without strong
isolation, high assurance and resiliency of the software, and trust attestation
which will become the foundation for next-generation Adaptive Security
Infrastructure."
U.S. Government Protection Profile for Separation Kernels in Environments
Requiring High Robustness (SKPP)
INTEGRITY-178B was certified against the Common Criteria’s
SKPP, whose High Robustness designation represents the gold standard
for operating system security certification, requiring "security
services and mechanisms that provide the most stringent protection and
rigorous security countermeasures." The security gap between EAL4+-certified
products and SKPP-certified products is immense: while EAL4+ does not
even require examination of the product source code, SKPP requirements
include the use of formal methods to mathematically prove the security
policies, formal specifications, formal correspondence between design
and implementation, complete test coverage of all functional requirements,
and penetration testing by the NSA, which has complete access to the
source code.
Efforts to meet the U.S. Government’s most rigorous functional
and assurance objectives for security certainly did not start with the
SKPP requirements. Recognizing High Assurance software processes and
standards as a mandatory requirement for embedded and enterprise computing
systems around the world, a large team of internal Green Hills Software
experts began work in 1999 on compliance with some of the world’s
most demanding software assurance standards. As a result, INTEGRITY’s
ongoing certification accomplishments started with its first RTCA/DO-178B
Level A certification in 2002.
INTEGRITY: Certified to the Highest Software Assurance Standards
INTEGRITY’s pedigree also includes certification and compliance
with other demanding government and industry software reliability standards:
- RTCA/DO-178B Level A, the highest level of avionics safety certification
granted by the Federal Aviation Administration and the European Aviation
Safety Agency
- FDA Class III, the most life critical medical devices approved by
the Food and Drug Administration
- IEC 61508 SIL 3, the highest level industrial safety certification
granted to an operating system by TÜV
INTEGRITY is the only operating system to have achieved more than one
of these certifications.
INTEGRITY: Proven, Deployed Technology
INTEGRITY’s pedigree includes a service history dating back
to 1997, when it was first adopted by critical U.S. defense systems that
required absolute security and total reliability. :
- Flying the Boeing B1-B intercontinental nuclear bomber; the Boeing
787 Dreamliner flight controls; Lockheed Martin’s F-16, F-22,
F-35, C-130J, Orion Crew Exploration Vehicle; and dozens of other aircraft
- Securing military and intelligence computers, network routers, mobile
devices, and radios
- Widespread adoption in medical, industrial control, automotive, and
telecommunications
The Ultimate Open Platform
With its open standards, POSIX-conformant interface and ability to
host arbitrary general purpose operating systems, such as Windows and
Linux, in virtual machines, INTEGRITY can run more application software
than any other operating platform, while maintaining the absolute highest
level of security for critical components, algorithms, applications,
and subsystems. INTEGRITY enables solutions to many of the world’s
long-standing computer security problems, including safe Internet browsing
on corporate PCs; protection of critical enterprise servers; unhackable
digital rights management (DRM); and multi-level security for government
laptops, desktops, PDAs, and servers.
The Critical Infrastructure Crisis
As President-elect Barack Obama recently stated, "Every American
depends – directly or indirectly – on our system of information
networks. They are increasingly the backbone of our economy and our infrastructure;
our national security and our personal well-being. But it's no secret
that terrorists could use our computer networks to deal us a crippling
blow." EAL6+ certification represents the level of security required
to protect the nation’s critical cyber infrastructure. Critical
infrastructure devices and operator computers are increasingly networked,
performing critical functions requiring in-field maintenance and software
upgrades. INTEGRITY enables computing control and management solutions
that cannot be hacked.
Please also refer to Green Hills Software’s press release from
today: Green
Hills Software Announces Launch of INTEGRITY Global Security, LLC
Delivering the World’s Most Secure Technology
Solutions
About Green Hills Software
Founded in 1982, Green Hills Software, Inc. is the technology leader
in device software optimization (DSO) and real-time
operating systems (RTOS) for 32- and 64-bit embedded systems. Our
royalty-free INTEGRITY® and velOSity™ real-time
operating systems, µ-velOSity™ microkernel, compilers, IPv6-ready
TCP/IP networking stacks, GateD® Layer2 switching
and Layer 3 routing, MULTI® and AdaMULTI™ integrated
development environments, DoubleCheck™ integrated
static analyzer and TimeMachine™ tool
suite offer a complete development solution that addresses both deeply
embedded and high-reliability applications. Green Hills Software is
headquartered in Santa Barbara, CA, with European headquarters in the
United Kingdom. Visit Green Hills Software on the web at www.ghs.com.
|
RSS
