News & Press

Green Hills Software Announces World’s First EAL6+ Operating System Security Certification

INTEGRITY Is the Only Operating System Technology Certified to Protect Classified Information Against Sophisticated Attackers

SANTA BARBARA, CA - November 17, 2008 — Green Hills Software, Inc., the world leader in secure operating systems, today announced that the INTEGRITY-178B operating system has been certified by the National Information Assurance Partnership (NIAP), a U.S. government initiative operated by the National Security Agency (NSA), to Common Criteria Evaluation Assurance Level (EAL) 6+, High Robustness.

INTEGRITY: The Only Secure Operating System
This certification is the first of its kind, the highest Common Criteria security level ever achieved for an operating system. Only an EAL6+ High Robustness operating system is certified to protect classified information and other high value resources at risk of attack from hostile and well-funded attackers. This is secure by anyone’s definition.

The highest security standard to which any other operating system is certified only protects against "inadvertent or casual attempts to breach the system security". That is not even close to secure by anyone’s definition.

No other operating system has even begun the stringent EAL6+ NIAP/NSA certification process ( lists products that have begun a certification process). Furthermore, Common Criteria states that "EAL4 is the highest level at which it is likely to be economically feasible to retrofit to an existing product line." INTEGRITY was designed for EAL7 – the highest level of security – and thus was able to meet the NSA’s High Robustness requirements.

"The certification is a landmark in the security world," commented Dan O’Dowd, founder and chief executive officer, Green Hills Software. "INTEGRITY is the only solution to the long-unsolved problems of protecting the world’s critical infrastructure, keeping private information private, and thwarting even the most determined cyber attackers."

"For years, information security has been myopically protecting the organization from the outside in with technologies like firewalls and antivirus and largely overlooked the need to protect it from the inside out. In Gartner’s vision of Adaptive Security Infrastructure, protecting workloads and information from the inside out will require more intelligent security sensors throughout the infrastructure – at endpoints, virtual servers and within the applications and data themselves," said Neil MacDonald, vice president and Gartner fellow. "However, security software running on the same physical machine as the workloads and information it is protecting can’t be unequivocally trusted without strong isolation, high assurance and resiliency of the software, and trust attestation which will become the foundation for next-generation Adaptive Security Infrastructure."

U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness (SKPP)
INTEGRITY-178B was certified against the Common Criteria’s SKPP, whose High Robustness designation represents the gold standard for operating system security certification, requiring "security services and mechanisms that provide the most stringent protection and rigorous security countermeasures." The security gap between EAL4+-certified products and SKPP-certified products is immense: while EAL4+ does not even require examination of the product source code, SKPP requirements include the use of formal methods to mathematically prove the security policies, formal specifications, formal correspondence between design and implementation, complete test coverage of all functional requirements, and penetration testing by the NSA, which has complete access to the source code.

Efforts to meet the U.S. Government’s most rigorous functional and assurance objectives for security certainly did not start with the SKPP requirements. Recognizing High Assurance software processes and standards as a mandatory requirement for embedded and enterprise computing systems around the world, a large team of internal Green Hills Software experts began work in 1999 on compliance with some of the world’s most demanding software assurance standards. As a result, INTEGRITY’s ongoing certification accomplishments started with its first RTCA/DO-178B Level A certification in 2002.

INTEGRITY: Certified to the Highest Software Assurance Standards

INTEGRITY’s pedigree also includes certification and compliance with other demanding government and industry software reliability standards:

  • RTCA/DO-178B Level A, the highest level of avionics safety certification granted by the Federal Aviation Administration and the European Aviation Safety Agency
  • FDA Class III, the most life critical medical devices approved by the Food and Drug Administration
  • IEC 61508 SIL 3, the highest level industrial safety certification granted to an operating system by TÜV

INTEGRITY is the only operating system to have achieved more than one of these certifications.

INTEGRITY: Proven, Deployed Technology
INTEGRITY’s pedigree includes a service history dating back to 1997, when it was first adopted by critical U.S. defense systems that required absolute security and total reliability. :

  • Flying the Boeing B1-B intercontinental nuclear bomber; the Boeing 787 Dreamliner flight controls; Lockheed Martin’s F-16, F-22, F-35, C-130J, Orion Crew Exploration Vehicle; and dozens of other aircraft
  • Securing military and intelligence computers, network routers, mobile devices, and radios
  • Widespread adoption in medical, industrial control, automotive, and telecommunications

The Ultimate Open Platform
With its open standards, POSIX-conformant interface and ability to host arbitrary general purpose operating systems, such as Windows and Linux, in virtual machines, INTEGRITY can run more application software than any other operating platform, while maintaining the absolute highest level of security for critical components, algorithms, applications, and subsystems. INTEGRITY enables solutions to many of the world’s long-standing computer security problems, including safe Internet browsing on corporate PCs; protection of critical enterprise servers; unhackable digital rights management (DRM); and multi-level security for government laptops, desktops, PDAs, and servers.

The Critical Infrastructure Crisis
As President-elect Barack Obama recently stated, "Every American depends – directly or indirectly – on our system of information networks. They are increasingly the backbone of our economy and our infrastructure; our national security and our personal well-being. But it's no secret that terrorists could use our computer networks to deal us a crippling blow." EAL6+ certification represents the level of security required to protect the nation’s critical cyber infrastructure. Critical infrastructure devices and operator computers are increasingly networked, performing critical functions requiring in-field maintenance and software upgrades. INTEGRITY enables computing control and management solutions that cannot be hacked.

Please also refer to Green Hills Software’s press release from today: Green Hills Software Announces Launch of INTEGRITY Global Security, LLC
Delivering the World’s Most Secure Technology Solutions

About Green Hills Software
Founded in 1982, Green Hills Software, Inc. is the technology leader in device software optimization (DSO) and real-time operating systems (RTOS) for 32- and 64-bit embedded systems. Our royalty-free INTEGRITY® and velOSity™ real-time operating systems, µ-velOSity™ microkernel, compilers, IPv6-ready TCP/IP networking stacks, GateD® Layer2 switching and Layer 3 routing, MULTI® and AdaMULTI™ integrated development environments, DoubleCheck™ integrated static analyzer and TimeMachine™ tool suite offer a complete development solution that addresses both deeply embedded and high-reliability applications. Green Hills Software is headquartered in Santa Barbara, CA, with European headquarters in the United Kingdom. Visit Green Hills Software on the web at

Green Hills, the Green Hills logo, MULTI, INTEGRITY, velOSity, µ-velOSity, AdaMULTI, DoubleCheck and TimeMachine, are trademarks or registered trademarks of Green Hills Software, Inc. in the U.S. and/or internationally. All other trademarks are the property of their respective owners.

North American Sales Contact:
Green Hills Software, Inc.
30 West Sola Street,
Santa Barbara, CA 93101,
Tel: 805-965-6044
Fax: 805-965-6343

Media Contacts:
Green Hills Software, Inc.
Barbel French
Tel: 805-965-6044

International Sales Contact:
Green Hills Software Ltd
Fleming Business Centre
Leigh Road
Hampshire SO50 9PD
Tel: +44 (0)2380 649660
Fax: +44 (0)2380 649661

© 1996-2024 Green Hills Software Privacy Policy Cookies Policy Copyright & Patent Notices