Green Hills Software Integrity: A Secure OS At Last - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Information Management
Commentary
11/18/2008
07:30 AM
Mike Fratto
Mike Fratto
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Green Hills Software Integrity: A Secure OS At Last

Green Hills Software Integrity 178B operating system is the first, and only, certified Common Criteria Evaluation Assurance Level (EAL) 6+ operating system on the market. Green Hills Software uses Integrity as the basis for a secure PC operating system called Integrity PC and includes Padded Cell Virtualization, a secure hypervisor running within Integrity PC. Integrity Global Security LLC has been formed as a subsidiary of Green Hills Software to market Integrity PC. Integrity PC is provably se

Green Hills Software Integrity 178B operating system is the first, and only, certified Common Criteria Evaluation Assurance Level (EAL) 6+ operating system on the market. Green Hills Software uses Integrity as the basis for a secure PC operating system called Integrity PC and includes Padded Cell Virtualization, a secure hypervisor running within Integrity PC. Integrity Global Security LLC has been formed as a subsidiary of Green Hills Software to market Integrity PC. Integrity PC is provably secure.Integrity PC is the secure, micro-kernel OS which uses the Integrity 178B technology as the base OS, runs on common computers, and provides a secure, segregated environment for device drivers, native programs, and can host virtual machines. Integrity PC's Padded Virtual Cell allows other operating systems such as Windows or Solaris to run on Integrity PC and there is no way for one program or guest OS to subvert the microkernel. Integrity also leverages advanced features in Intel's vPro chipset and the Trusted Computing Group's TPM for a trusted boot process. Integrity LLC engineers even claim to thwart hypervisor root kit.

Common Criteria is an internationally agreed upon set of product security standards and requirements. There are seven levels. The lowest level, EAL 1, simply states the product works as advertised, while the highest level, EAL 7, where the product functions and called the Target of Evaluation in Common Criteria parlance, has undergone penetration testing and the design has been fully documented and formally reviewed. Integrity PC's EAL 6+ testing is less rigorous than an EAL 7 product. There are no EAL 7-certified products to date.

The testing of Integrity 178B was split among SAIC that performed the formal analysis and some of the functional testing and the NSA, which performed some functional and all of the penetration testing, including more esoteric security problems like covert channels. The result is an operating system that is provably secure and resistant to both internal and external attacks. The plus in EAL 6+ means the product also was tested with some features from EAL 7, namely the kernel separation, which means programs, drivers, and the kernel are segregated from each other. Nearly all Common Criteria certified products are only EAL 4-certified since that is the highest evaluation level that doesn't require developers have special skills to create formal design models and proofs and is the highest EAL which an existing product can achieve.

Integrity PC runs device drivers, typically running in the kernel in other OSes, in user space, and brokers all requests for hardware access through the Integrity kernel. That maintains separation between processes, drivers, and applications. In addition, Integrity PC can natively run applications that are compiled using Integrity's SDK's, as well as POSIX-compliant programs. Each application runs in its own space, securely and independent of all other applications.

Padded Cell Virtualization in Integrity PC lets users run multiple operating systems simultaneously, allowing the user to switch back and forth. For example, a laptop could be provisioned with a work virtual machine that is tightly controlled by IT and doesn't allow the user to make any modifications, and a personal virtual machine that is more lax that the user would use for surfing the Internet, private e-mails, etc. No data sharing between virtual computers is allowed, so the user can't cut and paste between operating systems.

The use cases are interesting. For example, VPN software can run on Integrity PC to form a secure tunnel back to a corporate gateway. System policies can be implemented in Integrity PC where the work virtual machine network traffic is only sent over a VPN and is transparent to the user while the personal virtual machine can access the Internet but not the corporate network. The defined policies are implemented in Integrity PC and the user can't disable or modify the policies. That is a powerful tool for ensuring that corporate assets are protected while allowing users, especially traveling users, the freedom to use the Web for personal use. Other hypervisors from Citrix, Microsoft, and VMWare can't boast the same level of separation of virtual machines and provable security methods.

Integrity PC is the first OS that is provably secure and can run securely run other OSes. The missing components, however, are the management tools that enterprises need to manage both the base OS and the hypervisor. Basic start, stop, and provisioning is available today, but enterprises demand more robust and scalable tools. The management tools could come from third-party developers, but Integrity Global Security should probably focus some energy on a management framework to augment Integrity PC.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
How to Convince Wary Customers to Share Personal Information
John Edwards, Technology Journalist & Author,  6/17/2019
Commentary
The Art and Science of Robot Wrangling in the AI Era
Guest Commentary, Guest Commentary,  6/11/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
Slideshows
Flash Poll