Secure OS Gets Highest NSA Rating, Goes Commercial

ancientribe writes "A hardened operating system used in the B1B bomber and other military aircraft has now been released commercially, after receiving the highest security rating by a National Security Agency-run certification program. Green Hills Software's Integrity-178B operating system was certified as EAL6+, which means that it can defend against well-funded and sophisticated attackers." The company is not saying how much the OS would cost a potential customer: "The system and its associated integration and consulting services are custom solutions." Both Windows and Linux are EAL 4+ certified, which means they can defend against "inadvertent and casual" security breach attempts.

Re:n/t

[moderatorrater]

Source code audits with automated scripts that attack every port and every program checking for buffer overflows or other avenues of attack. It would require a lot of work, but it makes sense that the NSA would put in a lot of work to explore these operating systems, both to know how to secure against attack and to know how to pull off an attack against another country. The real question is, how much do you trust this OS not to have an NSA back door?

Re:n/t

[betterunixthanunix]

Actually, the security of a system should not depend on hiding the operating details of the system. The EAL levels are based on things like audit logs, privilege separation, the ability to kick a user off the system and kill all their processes, etc. The availability of the source is neither a positive nor a negative on EAL ratings.

Re:n/t

[lanterndog]

Yeah... I majored in pure math (e.g. abstract, theoretical stuff) in college. I was good. The NSA was all over me. I didn't accept, obviously (I wouldn't be able to admit this if I had. :) They recruit lots and lots of math people. Very few CS people (I double-majored in math and CS. Google and MS tried to recruit me through CS). However, I will get flamed to the end of the earth for this, but it's my experience: Mathematicians are insanely more intelligent than CSers. That, and cryptography (which is why the NSA exists) has much more to do with mathematics (Algebra and Number Theory especially) than it does with programming or OS design.

Re:n/t

[drsmithy]

So basically it costs money to get EAL verified, and the farther up the scale you go, the more money it costs to run the testing. So even if a Linux distro wanted to be verified at a higher level - who's going to fork over the dough?

Commercial Linux vendors like Red Hat, SuSe and IBM.

Certifications like EAL tell you about the technical capabilities of an OS. They don't tell you anything about how competently said OS will be used.

EAL = ToE(DUT) + ST(environment)

[conspirator57]

The EAL is only half of the equation. The Target of Evaluation (device under test) is subjected to EAL appropriate documentation and verification against a design document called the Security Target. This ST specifies the threat environment. For example the windows ST specifies that all authorized system users are benign and thus not a threat.