Forgot your password?
typodupeerror
Operating Systems Software Security

Secure OS Gets Highest NSA Rating, Goes Commercial 352

Posted by kdawson
from the compartmentalized-with-a-vengeance dept.
ancientribe writes "A hardened operating system used in the B1B bomber and other military aircraft has now been released commercially, after receiving the highest security rating by a National Security Agency-run certification program. Green Hills Software's Integrity-178B operating system was certified as EAL6+, which means that it can defend against well-funded and sophisticated attackers." The company is not saying how much the OS would cost a potential customer: "The system and its associated integration and consulting services are custom solutions." Both Windows and Linux are EAL 4+ certified, which means they can defend against "inadvertent and casual" security breach attempts.
This discussion has been archived. No new comments can be posted.

Secure OS Gets Highest NSA Rating, Goes Commercial

Comments Filter:
  • by sbenson (153852) on Tuesday November 18, 2008 @04:15PM (#25808257)

    Now let people who don't have financial ties test it.

    • by Verdatum (1257828) on Tuesday November 18, 2008 @05:44PM (#25809629)
      The financial ties involved in EAL evalution are pretty loose at best. I'm more familiar with FIPS and Orange Book evaluation, but assuming the processes are similar, evaluation is done a an independent third party organization; usually as a result of a requirement stated in a government contract. There is not much in the way of monetary incentive for the evaluation group to rate a product any higher than it deserves to be.

      That being said, I don't believe EAL6+ requires any additional vulnerability testing beyond that of than EAL5+; it is mostly just a stricter evaluation/review of the soundness of the OS design.
    • by Isao (153092) on Tuesday November 18, 2008 @08:25PM (#25811293)
      Ok, here are some real facts about how this works.

      Under the Common Criteria (CC) [wikipedia.org], people with financial ties create the product. They (or another sponsor who wants the product evaluated) pay an independent lab (CCTL) [niap-ccevs.org] to evaluate it. Labs are certified by NIAP [niap-ccevs.org], a partnership of NIST [nist.gov] and the NSA [nsa.gov] Information Assurance directorate. (The NSA has two main parts, the other is Signals Intelligence.) The independent lab evaluation is overseen by a Validation team [niap-ccevs.org] employed by the government, who reviews the process and results of every evaluation, including all vendor evidence, before it is certified. The Validators also oversee the labs for proper execution of the CC. Once it passes all these reviews successfully it is certified.

      Certifications are tiered by Evaluation Assurance Levels (EALs), from 1 to 7. Generally, the higher the EAL, the greater confidence there is in the vendor claims. This is NOT the same as being more secure!

      The way to use these certified products is to select a product family [niap-ccevs.org] (say firewalls), and review at a minimum two documents: The Security Target (ST) and Validation Report (VR). The ST is written by the vendor or sponsor, and basically contains the security claims they're making for the product, and how they expect the product to be used. The Validation Report describes how those claims were evaluated, and what notable things the Validation team observed during the evaluation. After reading both of these documents (usually not more than 100 pages - pretty short for 1-2 years of work) you can determine if the product can be used in its certified configuration in your environment.

      Check out some interesting operating systems, like Windows XP [niap-ccevs.org], Mac OS X [niap-ccevs.org], or one of the Linux [niap-ccevs.org]'s.

      It's certainly not perfect, but it's better than what we had.

  • n/t (Score:5, Insightful)

    by KasperMeerts (1305097) on Tuesday November 18, 2008 @04:15PM (#25808259)
    I'm sorry if I take a test that gives Windows and Linux the same security rating not very seriously.
    Also, how can they test this? The only way to properly test something like this is to let it out in the wild for a decade or two. That's not something you can imitate in a testing room.
    • Re:n/t (Score:5, Informative)

      by characterZer0 (138196) on Tuesday November 18, 2008 @04:19PM (#25808313)

      EAL does not mean what you think it does.

      http://en.wikipedia.org/wiki/Evaluation_Assurance_Level [wikipedia.org]

      • Re:n/t (Score:5, Insightful)

        by CaptainPatent (1087643) on Tuesday November 18, 2008 @04:37PM (#25808631) Journal
        Indeed, I was looking at that too and some interesting points from the wiki article:

        To achieve a particular EAL, the computer system must meet specific assurance requirements. Most of these requirements involve design documentation, design analysis, functional testing, or penetration testing. The higher EALs involve more detailed documentation, analysis, and testing than the lower ones. Achieving a higher EAL certification generally costs more money and takes more time than achieving a lower one. The EAL number assigned to a certified system indicates that the system completed all requirements for that level.
        [...]
        Technically speaking, a higher EAL means nothing more, or less, than that the evaluation completed a more stringent set of quality assurance requirements. It is often assumed that a system that achieves a higher EAL will provide its security features more reliably (and the required third-party analysis and testing performed by security experts is reasonable evidence in this direction), but there is little or no published evidence to support that assumption.

        So basically it costs money to get EAL verified, and the farther up the scale you go, the more money it costs to run the testing. So even if a Linux distro wanted to be verified at a higher level - who's going to fork over the dough?

        Additionally this seems to be a hired method of testing and bug report/fixing. Just because they fix the bugs found at one "level" of testing does not mean there aren't missed holes. Additionally it doesn't mean that a well written piece of software isn't capable of a higher rating with little or no fixes (like the Linux kernel probably is.) It is impressive that Integrity-178B achieved the EAL-6+ rating because it has definitely been put through its paces... and due to the way it was designed it probably has very few holes in it, but EAL should definitely not be the end-all be-all judge of OS quality.

        • Re:n/t (Score:5, Funny)

          by the_other_chewey (1119125) on Tuesday November 18, 2008 @04:46PM (#25808781)

          So basically it costs money to get EAL verified, and the farther up the scale you go, the more money it costs to run the testing.

          Is Scientology somehow involved in this?

          • Re: (Score:3, Insightful)

            by v1 (525388)

            what it means is that if you have a higher EAL number, it means you definitely have more money, and possibly are more secure.

        • Re:n/t (Score:5, Informative)

          by Anonymous Coward on Tuesday November 18, 2008 @05:07PM (#25809121)

          You apparently did not read the wikipedia article through. The reason that Windows and Linux (distributions) achieve EAL-4 rating is because "EAL4 is the highest level at which it is likely to be economically feasible to retrofit to an existing product line."

          Furthermore, "Commercial operating systems that provide conventional, user-based security features are typically evaluated at EAL4."

          Higher levels require some sort of formal methods use in the design and testing. This is very unlikely to ever happen for Linux (it is virtually impossible to create a formal design retroactively; either it does not correspond to the system or it is just as complex as the system).

          For this reason, Linux will probably never get any higher. Windows may just get higher, because it has a completely new security model and kernel, which are likely able to get EAL-6 grading in time.

          • Re:n/t (Score:4, Funny)

            by Atario (673917) on Wednesday November 19, 2008 @02:49AM (#25814471) Homepage

            Higher levels require some sort of formal methods use in the design and testing. This is very unlikely to ever happen for Linux (it is virtually impossible to create a formal design retroactively; either it does not correspond to the system or it is just as complex as the system).

            No problem.

            1. Create black-box-style formal spec of Linux
            2. Rebuild Linux from scratch using only the specs

            Easy!

        • Re:n/t (Score:4, Interesting)

          by drsmithy (35869) <drsmithy@nOSPam.gmail.com> on Tuesday November 18, 2008 @05:11PM (#25809173)

          So basically it costs money to get EAL verified, and the farther up the scale you go, the more money it costs to run the testing. So even if a Linux distro wanted to be verified at a higher level - who's going to fork over the dough?

          Commercial Linux vendors like Red Hat, SuSe and IBM.

          Certifications like EAL tell you about the technical capabilities of an OS. They don't tell you anything about how competently said OS will be used.

        • Re:n/t (Score:5, Insightful)

          by Kjella (173770) on Tuesday November 18, 2008 @05:26PM (#25809367) Homepage

          So basically it costs money to get EAL verified, and the farther up the scale you go, the more money it costs to run the testing.

          Uh, yes? The more specific the documentation, the more work has to be done to verify it. I'm not sure how many million LOCs are in the Linux kernel but if I had to go through EAL6+ semi-formal proofs for all of them I'd charge a bundle too. Are you really trying to imply that NSA issue this sham certification because they're short on funding? Stop trying to pretend that all the "experimental support" that goes into Linux could or should pass certification, because it damn well shouldn't. Certainly not on based on a casual "it's probably capable" that's quite frankly pulled out of your nethers with no documentation to back it up. Here for example are THREE security exploits in the kernel in the last two months:

          1 Linux Kernel VDSO Unspecified Privilege Escalation Vulnerability (Vulnerabilities) Rank: 820
          Last modified on: 2008-11-04 00:00:00 MST
          URL: http://www.securityfocus.com/bid/32099 [securityfocus.com]
          2 Linux Kernel LDT Selector Local Privilege Escalation and Denial of Service Vulnerability (Vulnerabilities) Rank: 820
          Last modified on: 2008-10-03 00:00:00 MDT
          URL: http://www.securityfocus.com/bid/31565 [securityfocus.com]
          3 Linux Kernel 'generic_file_splice_write()' Local Privilege Escalation Vulnerability (Vulnerabilities) Rank: 820
          Last modified on: 2008-10-03 00:00:00 MDT
          URL: http://www.securityfocus.com/bid/31567 [securityfocus.com]

          Don't get me wrong, Linux is a great system and all but I wouldn't want to nuclear launch control on it, sorry.

        • Ubuntu! (Score:3, Insightful)

          by jd (1658)

          It is headed by the only Linux nerd who could afford to chase a rating of 6 or above. (7 is the highest the EAL will go.) Another thing to consider is that EAL ratings are only valid for a combination of OS and hardware. So, running Windows on any box (even if functionally identical) to the configuration tested on makes the tests invalid. The true is arguably the same for Linux, except that you can download LTP and gain some measure of assurance (even if not blessed on that platform) that you've not broken

          • Re:Ubuntu! (Score:4, Informative)

            by bzipitidoo (647217) <bzipitidoo@yahoo.com> on Wednesday November 19, 2008 @01:03AM (#25813771) Journal

            Reading the comments in here, I think most of the posters don't understand what EAL 5+ is all about. Neither Linux nor Windows will ever achieve more than EAL 4. No, SELinux won't cut it. Neither will OpenBSD. 5+ requires formal verification. Do you understand what that means? You aren't testing everything you can think of, knowing that there will always be more problems because you can't think of everything and even if you could, you can't test everything. Instead, you have restricted the operations to such a small set that it actually is possible to prove every single possible permutation of all the operations will traverse and end only in known, secure states. For formal verification to be possible requires a small enough kernel, and Windows, Linux, and the BSDs are all far too large. They will never make EAL 5+. Hence the interest in microkernels.

            Now, there are some idiots who think they can get a system rubberstamped if only they bribe, pressure, wear down, or befuddle enough labs. (They're also idiots for thinking that the labs can be befuddled.) I should know, I was once stuck having to work with such. Considering the depths of chicanery to which those former acquaintances were willing to go, I am not 100% confident that a system that is given a high EAL rating actually deserves the rating.

            Green Hills has been hammering away at this for years, and now they've finally gotten their rating. It would greatly help with users' trust of the system if their code was open source. And it'd also help if there weren't more idiots trotting out the tired, old, and very wrong "security through obscurity" line that opening the source would compromise security. That sort of claim can only detract from any confidence that their product really is deserving of EAL 6, and that the people responsible for the evaluation know what they're doing.

            Another big problem, and maybe why they didn't make EAL 7, is the hardware. I have heard that in the past systems have been considered all of a piece-- can't put the software on any old hardware, has to be only on the exact hardware it was evaluated for. But it takes so many years to get there that the hardware becomes obsolete and useless long before they're done. That's one of the things that happened with GEMSOS (could you mean GEMSOS, not Genesis?)-- it's only certified on a 286 or some such.

    • Re:n/t (Score:5, Interesting)

      by moderatorrater (1095745) on Tuesday November 18, 2008 @04:20PM (#25808331)
      Source code audits with automated scripts that attack every port and every program checking for buffer overflows or other avenues of attack. It would require a lot of work, but it makes sense that the NSA would put in a lot of work to explore these operating systems, both to know how to secure against attack and to know how to pull off an attack against another country. The real question is, how much do you trust this OS not to have an NSA back door?
      • by Drawkcab (550036)
        This OS comes with source code that you compile yourself. High security developers can't just take another companies word for what their OS is doing. So you would be able to inspect the source code for a potential backdoor.
    • Re:n/t (Score:5, Insightful)

      by blhack (921171) on Tuesday November 18, 2008 @04:20PM (#25808333)

      Also, how can they test this? The only way to properly test something like this is to let it out in the wild for a decade or two. That's not something you can imitate in a testing room.

      You forget the the NSA pretty much recruits the best and brightest hackers that the world has to offer. Their policy of "we don't have a budget" and the oppurtunity to work on the absolute cutting edge (and actually see it put to use) is pretty much the most kickass thing that you can offer somebody who has a passion for knowledge.

    • I'm sorry if I take a test that gives Windows and Linux the same security rating not very seriously.

      Don't be a pussy this guy [wikipedia.org] sounds legit [nist.gov].

    • by mcgrew (92797) *

      I also noticed that TFA didn't say what EAL stood for or who did the certification, or how. In fact, it was incredibly short on details. About the only thing TFA said that wasn't in the summary was that this OS runs in hardware, and you can run Linux, Windows, or Mac on top of it.

    • Most likely they aren't 'testing' security to determine a rating. They are probably looking at architecture, design, rigorousness of developement process, and source code (if available). I imagine they see having the source code available as a negative for Linux simply because it gives would be attackers much more information about the system than is otherwise available. Combine that with the fact that the Open Source process isn't as complete as it could be and it's not at all suprising it recieved the

      • Re:n/t (Score:5, Insightful)

        by thermian (1267986) on Tuesday November 18, 2008 @04:30PM (#25808519)

        I imagine they see having the source code available as a negative for Linux simply because it gives would be attackers much more information about the system than is otherwise available.

        That theory is one touted by commercial OS vendors, and its been thoroughly disproved. Availability or otherwise of source code has no effect on the hardness of your OS. If anything having it available is even safer, because its a heck of a lot easier for people to point at a problem bit of code and say 'fix that bit now'.

        What causes the problem is non rigorous OS design. Hiding the source won't help you protect your clients from a design flaw which allows them to be attacked.

        The OS in question here however is most likely quite rigorously designed, and won't have a lot of the bloat that causes desktop OSs so many problems.

        • Here is an example where the source code has led to a "hack" [slashdot.org]

          If I remember the details correctly, they looked at the TCP stack for the linux kernel and found a section that was essentially labeled "This code is to catch errors. This code should never run", or something like that. They figured out how to make that code run (along with some other magic), and the rest is history.

          The source code allowed the attacker to identify the issue, as well as find out how to execute it. When you are writing a progra
      • by Drawkcab (550036)
        The source code in this case is available both to the NSA testers trying to hack it as well as to customers. "Security through obscurity" isn't good enough to get that level of EAL certification. It requires going through each line of code and proving that its secure, even to someone who knows exactly how it works. It would be theoretically possible to do it with open source, but it would require an extreme degree of organization and discipline compared to normal open source projects.
      • Re:n/t (Score:5, Interesting)

        by betterunixthanunix (980855) on Tuesday November 18, 2008 @04:45PM (#25808769)
        Actually, the security of a system should not depend on hiding the operating details of the system. The EAL levels are based on things like audit logs, privilege separation, the ability to kick a user off the system and kill all their processes, etc. The availability of the source is neither a positive nor a negative on EAL ratings.
    • by madsenj37 (612413)
      It most likely has to do with defaults and not abilities. But that is just a conjecture on my part.
    • by zappepcs (820751)

      Perhaps what you might consider is: WTF? They can test that? So the NSA has been keeping a botnet going for testing of things like this?

      Tinfoil hat types will be wondering how much the NSA has had to do with maliciousness on the Internet in general now.

      Little Freudian slips like that will lead people to think that electronic/network spying and warfare is not something new to the US government nor is it something they know nothing about. Can you say 'underwater cable cuts' without getting cynical?

      Yeah yeah,

    • I'm sorry if I take a test that gives Windows and Linux the same security rating not very seriously.

      Linus himself has said that security related bugs take no precedence over any other bug. Besides, no one expects a linux fanboy to objectively rate the security of their OS, as would say, someone interested in national security.

      Linux is just as buggy and full of holes as Windows, get over it.

  • by moderatorrater (1095745) on Tuesday November 18, 2008 @04:16PM (#25808277)
    EAL7+ means that it can defend against well-funded and sophisticated attacks and doesn't have an NSA backdoor built into it. EAL8 is exactly like EAL7+, only it can do it while getting slashdotted.
    • by jbeaupre (752124) on Tuesday November 18, 2008 @04:20PM (#25808339)

      EAL9+ means it autonomously retaliates against the attacker's system.
      EAL10+ means it autonomously retaliates against the attacker.

    • by tonywong (96839)

      Heh, glad to see slashdot readers marking this as insightful.

      FTFA:
      "[EAL6+] is the highest [rating] in the world. This means that the OS was designed and certified to defend against well-funded and sophisticated attackers," says David Chandler, CEO of Integrity Global Security, the new Green Hills subsidiary.

      Parent should be marked as funny, even if they didn't see the humour carefully woven into the OP.

      • by caluml (551744)
        You have to wonder why an OS that runs on bombers and other military aircraft has to be so secure. I assume it doesn't have any kind of networking enabled, so that would mean that the only way you could tamper with it would be to get past lots of suspicious people with guns, and barbed wire, and get close enough to do it. Now, if it was reliability, or something else it was certified for, sure. But security?
    • by Sponge Bath (413667) on Tuesday November 18, 2008 @04:25PM (#25808435)

      My computer goes to EAL11!

      The power of God blazes out of the box to melt the faces and explode the heads of intruders,
      just like in Raiders of the Lost Mainframe.

    • by ceoyoyo (59147)

      EAL4+ is Windows - defends against inadvertent attacks. EAL3+ gives you a cookie to encourage you to break in. EAL2+ contains a virus that actively spreads your data around the net. We're not sure what EAL1+ is yet.

  • or Duke Nukem 3D?
  • lols (Score:5, Informative)

    by negRo_slim (636783) <mils_oRgen@hotmail.com> on Tuesday November 18, 2008 @04:18PM (#25808305)

    A hardened operating system used in the B1B bomber and other military aircraft has now been released commercially

    B1 Accidents [wikipedia.org], OS Homepage [ghs.com], More Wikipedia! [wikipedia.org]

    • I doubt that the same company that wrote the OS also wrote the operations software for the B1. Not sure where you get a LOL from.

    • Re:lols (Score:5, Insightful)

      by db32 (862117) on Tuesday November 18, 2008 @05:04PM (#25809067) Journal
      I blame all of my hardware problems on software too...

      Seriously, going through that list I see. Fire, lots of fires. Two instances of computer failure due to faulty hardware. A few landing gear hardware problems. A dash of pilot error or otherwise bad luck. And a rather unfortunate bird strike on a weak section of a wing (that was later redesigned because of this event IIRC).

      I am curious as to what you are trying to insinuate by linking to crashes due to these issues next to the software....
  • What's preventing Microsoft and open source world from understanding these "sophisticated" attacks and hardening their respective operating systems against them?
    • Re: (Score:2, Insightful)

      by eddy (18759)

      The fact that both a windows installation and most linux dists need to be useful for the common folk, you know, with security no-nos such ethernet and maybe even USB support. And no, hotgluing ports doesn't cut it.

      Look, it'd be perfectly feasible to push Windows or GNU/Linux through a higher certification, but someone has got to pay for it and the market is infinitesimal.

    • by thermian (1267986)

      What's preventing Microsoft and open source world from understanding these "sophisticated" attacks and hardening their respective operating systems against them?

      This isn't a desktop OS, so there isn't really much ground for comparison.

    • Re: (Score:2, Insightful)

      by Legion_SB (1300215)

      In the big picture, there's a distinct trade-off between security and usability.

      That doesn't mean that, in the small picture, every security improvement comes at the cost of usability. But when you're talking big picture, to get the kind of security you're talking about, you have to rethink what it means to use a computer/OS/etc. Things you currently take for granted (like, as someone else said, plugging a USB device in) become "holes" that have to be closed.

    • by Tumbleweed (3706) *

      What's preventing Microsoft and open source world from understanding these "sophisticated" attacks and hardening their respective operating systems against them?

      Mmm...the will at Microsoft to actually improve their products on anything other than the most superficial level?

    • by Kjella (173770)

      What's preventing Microsoft and open source world from understanding these "sophisticated" attacks and hardening their respective operating systems against them?

      Long story short, a lot of semi-formal proofs that most of the time will have zero benefit, but it's the difference between believing it and proving it. Plus checks that have very little relevance in the rest of the world, for example EAL5 and up must include checks for covert communications channels. How many places in Linux can you pass data around for future extension that can be used for that? I guess a lot if you're not explicitly designing for not allowing any.

    • GreenHills make RTOS solutions for embedded use etc. The emphasis is on robustness and security over features. It is a painstaking process of testing and verification to add features.

      Sure, in theory, Windows and Linux could attain these levels of security but in practice Windows and Linux favor adding features and capabilities. Compromises have to be made to get stuff out in an acceptable timeframe.

    • It's been some time since I researched hardened OSs but these methodologies slow down the operating system by a noticable amount.

  • by Anonymous Coward on Tuesday November 18, 2008 @04:19PM (#25808327)

    When you order a B1B, you pay for the Integrity-178B license even if you later install a copy of Linux For Strategic Bombers.

    • Nah, just click "I Don't Agree" and back out of the license agreement. Then ask for a refund
    • Re: (Score:2, Funny)

      by Anonymous Coward

      When you order a B1B, you pay for the Integrity-178B license even if you later install a copy of Linux For Strategic Bombers.

      Please don't run Linux For Strategic Bombers. The head maintainer is a well-known a**hole, for years he's refused to accept patches for longstanding bugs, and he's changed the license to prevent 3rd parties from distributing modified versions.

      The bombing community has created a new fork of the project starting from the last Free version, called "Bombastic". It's already capable of handling 80% of mission requirements, and version 1.0 should be released in the near future. Please encourage all of your squadr

    • Even worse, if you do that and then try to resell your copy of Integrity-178B on eBay, they kick you off.
    • by rrohbeck (944847) on Tuesday November 18, 2008 @06:07PM (#25809905)

      When you order a B1B, you pay for the Integrity-178B license even if you later install a copy of Linux For Strategic Bombers.

      Aah, I always wondered what LSB stands for.

  • by internerdj (1319281) on Tuesday November 18, 2008 @04:21PM (#25808363)
    Inadvertant and Casual attempts?
    Oops. I tripped over my computer and hacked your system. Sorry.
    • Ho ho ho, your humor is irrepressantly fascinatingly killian like. No, I'm not referring to the likeliness of someone slipping on a banana peel, but more of someone who cannot determine the existence of such a peel even in their midst because of the vagaries of density in matter. When one sips of the Tranya, they can see the world anew. Never again with the hijinks of virtual likeness of chief executives who concern themselves with indiscretions by script kiddies. More likely they imbibe on the nectar o
  • by 93 Escort Wagon (326346) on Tuesday November 18, 2008 @04:21PM (#25808383)

    It seems like in the OS battle between security and convenience, convenience wins every time. I see Windows everywhere - at the bank, on hospital equipment and at doctors' offices, on ATMs... not to rant specifically against Windows; but it shows up a lot of places where I think we'd be much better served if the company had gone to the time and expense of developing a custom solution. Really, why should Windows be running on an X-Ray machine or an electrical power plant console?

    • Really, why should Windows be running on an X-Ray machine or an electrical power plant console?

      Why not? Since we're not railing specifically against Windows, why shouldn't we start with general operating systems and build the functionality we need on top? That's what they're for.

  • Isn't releasing this OS a little careless? Part of the reason it's so secure is because only the military has its hands on it. If you go around selling it, I'm sure someone will buy it just to poke around and find each and every hole in its security.
  • by crush (19364) on Tuesday November 18, 2008 @04:22PM (#25808395)
    A couple of specific distros on specific hardware have received EAL4+ certification: RHEL5 (on 12 or so different platforms) and SLES9 on IBM eServer spring to mind. I'm fairly sure that no other GNU/Linux distributions have received such certification and it makes absolutely no sense to talk about "Linux" being certified for anything.
    This is not just nit-picking about GNU/Linux vs Linux as the name: it's a case where it's actually very important to be aware that specific versions of specific programs with specific configuration files have been tested and found not to fail in particular ways.
  • It's not like the military really needs to replace all of its important infrastructure since it already has SIPRNet [wikipedia.org] and JWICS [wikipedia.org] which shield its sensitive systems from most hackers because they're not even on the public Internet anymore.
  • by jea6 (117959) on Tuesday November 18, 2008 @04:25PM (#25808441)

    The Protection Profile and Validation Report can be downloaded at http://www.niap-ccevs.org/cc-scheme/pp/id/pp_skpp_hr_v1.03 [niap-ccevs.org].

    The Security Target and Validation Report can be downloaded at http://www.niap-ccevs.org/cc-scheme/st/vid10119/ [niap-ccevs.org].

  • by whoever57 (658626) on Tuesday November 18, 2008 @04:28PM (#25808493) Journal

    Is this really a true statement? According to Wikipedia, only Windows 2000, SP3 is EAL4 certified. Since this is an obsolete and unsupported release (Win2k SP4 is still supported), is it correct to say that "Windows..[is] EAL 4+ certified"?

    It would be more accurate to say either: "Windows 2000, SP3 is EAL4 certified" or "Windows used to be EAL4 certified".

  • by epdp14 (1318641) on Tuesday November 18, 2008 @04:30PM (#25808525) Homepage
    EAL6 is NOT the highest rating given by the NSA. EAL7 is. EAL7 has been awarded to one product (The Tenix Interactive Link Data Diode Device). Source: http://en.wikipedia.org/wiki/Evaluation_Assurance_Level [wikipedia.org]
    • TFA says 'highest rating given to an OS'

      Check your facts.

    • Re: (Score:3, Funny)

      by oGMo (379)

      Actually it's EAL8. But you can't know about it, because it's insecure. Products that qualify for EAL8 can be neither confirmed nor denied, because if you knew about them, they wouldn't qualify. Those developers that make it are EAL8-ed.

      ;-)

  • by wintermute42 (710554) on Tuesday November 18, 2008 @04:31PM (#25808541) Homepage

    The nature of computer system penetration (hacking) is that it takes a great deal of time and patience. The attacker will put a lot of effort into learning everything they can about the system and then more time in probing possible vulnerabilities.

    Linux and Unix systems in general have a better underlying security model than Windows (e.g., the way root/administrator vs. user is handled). Unix architectures also had years of students attacking them (back before this was a serious crime). However, if those of us who are Linux fans are honest we know that the reason we don't have to worry as much about Linux attacks is that hackers target Windows because it is more pervasive.

    The Greenhills operating system has never been exposed to a large group of people who are willing to spend a lot of time penetrating it. The idea that you can just label a system as secure seems questionable. You always get attacked via means that you didn't expect. What they're really saying is that the system implements a security model that they believe to be secure. But B1 bombers are not placed on the Internet protecting large amounts of money, so they are unlikely to attract hackers.

    • by Ynot_82 (1023749)

      "if those of us who are Linux fans are honest we know that the reason we don't have to worry as much about Linux attacks is that hackers target Windows because it is more pervasive."

      More pervasive on the desktop, sure
      but if I was going to attack a computer system, why do I care about desktop OSs
      I don't really want to break into some guys windows machine (and what? steal his bookmarks and mp3 collection), I want to break into a commercial company's database and steal financial details

      That means Unix / Unix-l

  • OpenBSD? (Score:2, Insightful)

    by 1053r (903458)
    Does anybody know if OpenBSD (or any *BSD for that matter) has ever received a rating? Or at least, what it would probably rate if it were to receive a rating? I would suspect that it would rate at least with Linux or perhaps one higher, seeing as their slogan is "only two remote holes in the default install in over a decade."
  • The source code is leaked and it is :
    Boot:
    cli
    cmp al,al
    Here:
    jz Here
    I think it is unbreakable myself, but it seems that it doesn't do a whole lot.
  • From the TFA: "Chandler maintains that locking down the OS saves money for security in the long run. 'There's an opportunity that this [solution] could be a cost savings for enterprises, with all that is spent on intrusion prevention' and other security tools and efforts, he says."

    I'm not so sure I'd trust ANY OS without also having other security checks and intrusion detection in place. Sounds like bad advice wrapped around marketingspeak to me.

  • I am really sick of ignorant people misstating what Common Critera is. All a high EAL means is that your system has been tested and it does what you claim it does in your Security Target, which describes your system, and which vendors can write HOWEVER they want. Sometimes there are standard "templates" called Protection Profiles for certain classes of security assets, which restrict how vendors can draft their targets, but still, all the EAL is is an assurance level that those requirements are met by the
  • example use (Score:5, Funny)

    by hey (83763) on Tuesday November 18, 2008 @05:23PM (#25809337) Journal

    ssh my-b1b
    login: root
    password: hellosss
    last login Tue Nov 18 17:22:14 EST 2008 from nsa
    # drop -4 bombs
    # exit

  • All I see are Ada 95, Embedded C, and C++ support, not much third party driver support, and hardly any third party applications at all.

    Might as well use AROS [sourceforge.net] as it has more of that than the OS in TFA.

  • by dltaylor (7510) on Tuesday November 18, 2008 @05:33PM (#25809483)

    besides /vertising for Green Hills:

    Modern warplanes are connected in a battlefield 'net that allows data, command and control to be passed between the planes (and satellite and ground). This is (obviously) a wireless network. Having a network stack and other interfaces hardened against intrusion makes it less likely that a battlefield adversary could either generate false data (the "magic" display in an F-22 paints the local AWACS as a "bandit", for example, and the pilot launches a missile), snoop data (the "stealthy" F-22s are here, here, here and here, so launch missiles at them), or perform some sort of DOS, degrading the systems capabilities. There are "well-funded and sophisticated attackers" who are likely to have those goals.

    If there was a business case, and so many of the developers didn't have, uh, reservations, about using their code in military equipment, the OpenBSD and, maybe, Linux kernel and glibc could be certified (stripped of a few components, probably, and with a few tweaks). With a "trusted" kernel, libraries, and tool chain, you build the rest of system from scratch, anyway. It's not like you're supposed to be browsing the public internet with IE or FF on a B-1's navigation system.

    There's no way for M$-Windows to be certified at EAL6+, because its design philosophy (the back doors are built in, not added on) is completely against any sort of security, and I don't think Vista is even EAL4+.

  • by WindBourne (631190) on Tuesday November 18, 2008 @05:50PM (#25809727) Journal
    Lynx OS is EAL 7, and has been for a while. [lynuxworks.com] It will be quite some time before Greenhill makes it to EAL7. In the mean time, Lynuxworks uses Linux API, so that you have your choice of a real linux solution, or if needed, you can switch up to LynuxOS.

I am not now, nor have I ever been, a member of the demigodic party. -- Dennis Ritchie

Working...