Integrity-178B operating system from Green Hills Software (GHS) has been certified by the U.S. government to Common Criteria Evaluation Assurance Level (EAL) 6+, High Robustness; GHS also formed subsidiary Integrity Global Security LLC.

Integrity-178B operating system from Green Hills Software (GHS) has been certified by the National Information Assurance Partnership (NIAP), a U.S. government initiative operated by the National Security Agency (NSA), to Common Criteria Evaluation Assurance Level (EAL) 6+, High Robustness. In related news, GHS formed Integrity Global Security LLC, a wholly owned subsidiary.

For more about security, read the Control Engineering blog: Industrial Cyber Security.

The certification, first of its kind, is the highest Common Criteria security level achieved for an operating system. Only an EAL6+ High Robustness operating system is certified to protect classified information and high-value resources at risk from hostile, well-funded attackers. The company claims that the highest security standard to which other operating systems are certified only protects against “inadvertent or casual attempts to breach the system security.”

Green Hill Software says the stringent EAL6+ NIAP/NSA certification process lists products that have begun a certification process. Common Criteria states “EAL4 is the highest level at which it is likely to be economically feasible to retrofit to an existing product line.” Integrity was designed for EAL7, the highest level of security, and thus was able to meet NSA high robustness requirements. Dan O’Dowd, GHS founder and CEO, called the certification a landmark in the security world.

Neil MacDonald, vice president and Gartner fellow, said, “For years, information security has been myopically protecting the organization from the outside in with technologies like firewalls and antivirus and largely overlooked the need to protect it from the inside out. In Gartner’s vision of Adaptive Security Infrastructure, protecting workloads and information from the inside out will require more intelligent security sensors throughout the infrastructure – at endpoints, virtual servers and within the applications and data themselves. However, security software running on the same physical machine as the workloads and information it is protecting can’t be unequivocally trusted without strong isolation, high assurance, and resiliency of the software, and trust attestation which will become the foundation for next-generation Adaptive Security Infrastructure.”

Integrity-178B was certified against the Common Criteria’s SKPP, whose high robustness designation represents the standard for operating system security certification, requiring “security services and mechanisms that provide the most stringent protection and rigorous security countermeasures.” The security gap between EAL4+-certified products and SKPP-certified products is described as immense: while EAL4+ does not require examination of the product source code, SKPP requirements include the use of formal methods to mathematically prove the security policies, formal specifications, formal correspondence between design and implementation, complete test coverage of all functional requirements, and penetration testing by the NSA, which has complete access to the source code.

Efforts to meet government functional and assurance objectives for security did not start with SKPP requirements. Recognizing high assurance software processes and standards as mandatory for embedded and enterprise computing systems around the world, a team of internal GHS experts began work in 1999 on compliance with demanding software assurance standards.

The operating system’s pedigree also includes certification and compliance with other demanding government and industry software reliability standards such as RTCA/DO-178B Level A, the highest level of avionics safety certification granted by the Federal Aviation Administration and the European Aviation Safety Agency; FDA Class III, the most life critical medical devices approved by the Food and Drug Administration; and IEC 61508 SIL 3, the highest level industrial safety certification granted to an operating system by TÜV.