GHS has EAL6+ operating system security certification; launches Integrity Global Security

An operating system from Green Hills Software (GHS) was certified by the U.S. government to Common Criteria Evaluation Assurance Level (EAL) 6+, High Robustness. GHS formed a related security subsidiary.

11/26/2008



Integrity-178B operating system from Green Hills Software (GHS) has been certified by the National Information Assurance Partnership (NIAP), a U.S. government initiative operated by the National Security Agency (NSA), to Common Criteria Evaluation Assurance Level (EAL) 6+, High Robustness.

Santa Barbara, CA – Integrity-178B operating system from Green Hills Software (GHS) has been certified by the National Information Assurance Partnership (NIAP), a U.S. government initiative operated by the National Security Agency (NSA), to Common Criteria Evaluation Assurance Level (EAL) 6+, High Robustness. In related news, GHS formed Integrity Global Security LLC , a wholly owned subsidiary.
For more about security, read the Control Engineering blog:

Industrial Cyber Security

.
The certification, first of its kind, is the highest Common Criteria security level achieved for an operating system. Only an EAL6+ High Robustness operating system is certified to protect classified information and high-value resources at risk from hostile, well-funded attackers. The company claims that the highest security standard to which other operating systems are certified only protects against “inadvertent or casual attempts to breach the system security.”
Green Hill Software says the stringent EAL6+ NIAP/NSA certification process lists products that have begun a certification process. Common Criteria states “EAL4 is the highest level at which it is likely to be economically feasible to retrofit to an existing product line.” Integrity was designed for EAL7, the highest level of security, and thus was able to meet NSA high robustness requirements. Dan O’Dowd, GHS founder and CEO, called the certification a landmark in the security world.
Neil MacDonald, vice president and Gartner fellow, said, “For years, information security has been myopically protecting the organization from the outside in with technologies like firewalls and antivirus and largely overlooked the need to protect it from the inside out. In Gartner’s vision of Adaptive Security Infrastructure, protecting workloads and information from the inside out will require more intelligent security sensors throughout the infrastructure– at endpoints, virtual servers and within the applications and data themselves. However, security software running on the same physical machine as the workloads and information it is protecting can’t be unequivocally trusted without strong isolation, high assurance, and resiliency of the software, and trust attestation which will become the foundation for next-generation Adaptive Security Infrastructure.”
Integrity-178B was certified against the Common Criteria’s SKPP, whose high robustness designation represents the standard for operating system security certification, requiring “security services and mechanisms that provide the most stringent protection and rigorous security countermeasures.” The security gap between EAL4+-certified products and SKPP-certified products is described as immense: while EAL4+ does not require examination of the product source code, SKPP requirements include the use of formal methods to mathematically prove the security policies, formal specifications, formal correspondence between design and implementation, complete test coverage of all functional requirements, and penetration testing by the NSA, which has complete access to the source code.
Efforts to meet government functional and assurance objectives for security did not start with SKPP requirements. Recognizing high assurance software processes and standards as mandatory for embedded and enterprise computing systems around the world, a team of internal GHS experts began work in 1999 on compliance with demanding software assurance standards.
The operating system’s pedigree also includes certification and compliance with other demanding government and industry software reliability standards such as RTCA/DO-178B Level A, the highest level of avionics safety certification granted by the Federal Aviation Administration and the European Aviation Safety Agency; FDA Class III, the most life critical medical devices approved by the Food and Drug Administration; and IEC 61508 SIL 3, the highest level industrial safety certification granted to an operating system by TÜV
With its open standards, POSIX-conformant interface, and ability to host arbitrary general purpose operating systems, such as Windows and Linux, in virtual machines, Integrity can run more application software than any other operating platform, while maintaining the highest level of security for critical components, algorithms, applications, and subsystems. It enables solutions to many long-standing computer security problems, including safe Internet browsing on corporate PCs; protection of critical enterprise servers; unhackable digital rights management (DRM); and multi-level security for government laptops, desktops, PDAs, and servers.
In other news, GHS has formed Integrity Global Security LLC , a wholly owned subsidiary. The new company will market Integrity secure separation solutions. The company, whose charter is to use Integrity as the foundation to protect government and corporate cyber assets, was formed to help solve long-standing enterprise security problems, including safe Internet browsing for corporate PCs; protection of databases, and critical data center servers; securing Internet commerce transactions; and protecting critical infrastructure networks, operator stations, and SCADA systems from hackers.
Called a proven methodology, Secure Separation Architecture creates absolutely secure and totally reliable software, including the Integrity operating system, secure call centers, secure PCs, secure Web portals, secure financial transactions, and secure PDAs. O’Dowd said that there was a need for a new organization to solve long-standing enterprise security problems. The company will be led by CEO David Chandler, a GHS veteran who was most recently its senior vice president of sales. Integrity has been deployed over the last decade in systems for the B-1B bomber, the F-35 Joint Strike Fighter, and the Boeing 787 Dreamliner.
Also read:

Controlling big machines: Large Collider, NASA Orion, strongest robot.

–  Control Engineering News Desk
Register here .





No comments
The Top Plant program honors outstanding manufacturing facilities in North America. View the 2013 Top Plant.
The Product of the Year program recognizes products newly released in the manufacturing industries.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
The true cost of lubrication: Three keys to consider when evaluating oils; Plant Engineering Lubrication Guide; 11 ways to protect bearing assets; Is lubrication part of your KPIs?
Contract maintenance: 5 ways to keep things humming while keeping an eye on costs; Pneumatic systems; Energy monitoring; The sixth 'S' is safety
Transport your data: Supply chain information critical to operational excellence; High-voltage faults; Portable cooling; Safety automation isn't automatic
Case Study Database

Case Study Database

Get more exposure for your case study by uploading it to the Plant Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.

These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.

Click here to visit the Case Study Database and upload your case study.

Maintaining low data center PUE; Using eco mode in UPS systems; Commissioning electrical and power systems; Exploring dc power distribution alternatives
Synchronizing industrial Ethernet networks; Selecting protocol conversion gateways; Integrating HMIs with PLCs and PACs
Why manufacturers need to see energy in a different light: Current approaches to energy management yield quick savings, but leave plant managers searching for ways of improving on those early gains.

Annual Salary Survey

Participate in the 2013 Salary Survey

In a year when manufacturing continued to lead the economic rebound, it makes sense that plant manager bonuses rebounded. Plant Engineering’s annual Salary Survey shows both wages and bonuses rose in 2012 after a retreat the year before.

Average salary across all job titles for plant floor management rose 3.5% to $95,446, and bonus compensation jumped to $15,162, a 4.2% increase from the 2010 level and double the 2011 total, which showed a sharp drop in bonus.

2012 Salary Survey Analysis

2012 Salary Survey Results

Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Society for Maintenance and Reliability Professionals an organization devoted...
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.