Integrity-178B is now EAL6+

Posted by Ken Y-N on December 1st, 2008 at 01:34pm

Wow, I’m seriously impressed, having attended a few lectures on what exactly all the various EALs (Evaluation Assurance Levels) mean, to see that Green Hills Sofware have announced that their operating system Integrity-178B has been rated by a National Security Agency-run certification process as EAL6+. To market this, the highest-rated OS in the world, they have formed a subsiduary, Integrity Global Security, targeting both the private and public sectors.

As a comparison, Windows and Linux are rated as EAL 4+ (I think this is only when not networked and for Windows at least, with no floppy drive), which basically means they can only survive a casual hacker. On the other hand, with Integrity it has been proved that malicious (or just buggy) code cannot affect any other application within the system.

As the operating system provides a hypervisor, standard operating systems such as Windows, Linux and MacOS can run on top of it, but even if one gets comprimised, this cannot be used as a springboard to attach the hypervisor or other guest operating systems. It will also run under Solaris on workstations, and Palm and Symbian on PDAs.

The trusted computing link is obviously that this operating system can provide a trusted computing base, and is perhaps even a competitor for Open Kernel Labs’ OKL4.

Read the full story on DarkReading here.

Tags: , ,

Under General Tags: , ,

1 Comment for Integrity-178B is now EAL6+

  • 1. Nick P  |  March 21st, 2011 at 4:15 am

    It’s a subset of Integrity, meaning it predates OKL4. Additionally, OKL4 hasn’t been subjected to the kind of penetration testing and development assurance processes Integrity and Integrity-178B have. Finally, although OKL4 Verified is a big accomplishment, they actually didn’t even meet requirements for EAL7 (as opposed to their occasional claims). They are just starting a covert channel analysis as part of the Trustworthy Embedded Systems project and incorporating other functionality that would be required in a SKPP certified kernel from the start. So, if anything, OKL4 is only a competitor in commercial sense: their assurance evidence can’t compete in terms of which is more secure.

    It’s also worth noting that Integrity still has a little competition from the last two remaining high assurance Orange Book era OS’s: BAE Systems STOP (B2/EAL5+), which includes pretty much a whole UNIX-style system in its certified TCB; Aesec’s GEMSOS, certified to A1/EAL7 with MLS security features. Both use x86 hardware. I think Green Hills middleware, partners, support and marketing will mean they’ll beat out the other EAL5-7 vendors.

    VxWorks, LynuxWorks, and PikeOS are providing big competition though by eating up contracts and OKL4 dominates mobile space. Various MAC technologies on Linux are also becoming popular, with several products that use SELinux under the hood with “good enough” results. I’ve recently discovered a few more that are well-designed, like SMACK. Then there’s more open initiatives like Turaya Security Kernel, TUD:OS Nizza Architecture, Xstraatum hypervisor, QubesOS, Xenon, and Nova microhypervisor that provide more alternatives to MILS kernels, especially in flexibility sense. INTEGRITY-178B’s future is yet to be made clear. although I personally would love a SOHO router with Green Hill’s Platform for Secure Networking and a TPM. Just a personal wish… ;)

Leave a Comment for Integrity-178B is now EAL6+

Required

Required, hidden

RSS Comments Feed RSS Comments Feed  |  Trackback this post

Recent Articles
Adverts

Tags
Blogroll
Categories