Secure OS Gets Highest NSA Rating, Goes Commercial 352
ancientribe writes "A hardened operating system used in the B1B bomber and other military aircraft has now been released commercially, after receiving the highest security rating by a National Security Agency-run certification program. Green Hills Software's Integrity-178B operating system was certified as EAL6+, which means that it can defend against well-funded and sophisticated attackers." The company is not saying how much the OS would cost a potential customer: "The system and its associated integration and consulting services are custom solutions." Both Windows and Linux are EAL 4+ certified, which means they can defend against "inadvertent and casual" security breach attempts.
So why can't Windows and Linux do this? (Score:3, Interesting)
Re:n/t (Score:5, Interesting)
Cost? (Score:1, Interesting)
OpenBSD is free, and I guarantee "that it can defend against well-funded and sophisticated attackers."
Re:n/t (Score:5, Interesting)
Re:n/t (Score:4, Interesting)
Re:n/t (Score:4, Interesting)
So basically it costs money to get EAL verified, and the farther up the scale you go, the more money it costs to run the testing. So even if a Linux distro wanted to be verified at a higher level - who's going to fork over the dough?
Commercial Linux vendors like Red Hat, SuSe and IBM.
Certifications like EAL tell you about the technical capabilities of an OS. They don't tell you anything about how competently said OS will be used.
There is a point to this (Score:3, Interesting)
besides /vertising for Green Hills:
Modern warplanes are connected in a battlefield 'net that allows data, command and control to be passed between the planes (and satellite and ground). This is (obviously) a wireless network. Having a network stack and other interfaces hardened against intrusion makes it less likely that a battlefield adversary could either generate false data (the "magic" display in an F-22 paints the local AWACS as a "bandit", for example, and the pilot launches a missile), snoop data (the "stealthy" F-22s are here, here, here and here, so launch missiles at them), or perform some sort of DOS, degrading the systems capabilities. There are "well-funded and sophisticated attackers" who are likely to have those goals.
If there was a business case, and so many of the developers didn't have, uh, reservations, about using their code in military equipment, the OpenBSD and, maybe, Linux kernel and glibc could be certified (stripped of a few components, probably, and with a few tweaks). With a "trusted" kernel, libraries, and tool chain, you build the rest of system from scratch, anyway. It's not like you're supposed to be browsing the public internet with IE or FF on a B-1's navigation system.
There's no way for M$-Windows to be certified at EAL6+, because its design philosophy (the back doors are built in, not added on) is completely against any sort of security, and I don't think Vista is even EAL4+.
Re:n/t (Score:3, Interesting)
Nokia IPSO, which is certified for Check Point FW-1 and VPN-1 and is based on BSD, is also EAL4.
EAL = ToE(DUT) + ST(environment) (Score:4, Interesting)
The EAL is only half of the equation. The Target of Evaluation (device under test) is subjected to EAL appropriate documentation and verification against a design document called the Security Target. This ST specifies the threat environment. For example the windows ST specifies that all authorized system users are benign and thus not a threat.