By John McHale
SAN DIEGO–Officials from Green Hills Software in Santa Barbara, Calif., say their Integrity real-time operating system (RTOS) achieved the U.S. National Security Agency’s highest level for software security. Green Hills officials made the announcement in November during the MILCOM conference and exhibition in San Diego.
The Green Hills RTOS was certified by the National Information Assurance Partnership (NIAP), a U.S. government initiative operated by the National Security Agency (NSA), to common criteria evaluation assurance level (EAL) 6+, high robustness.
“The EAL 7 is a measurement of the assurance, or confidence, in the software,” says David Kleidermacher, chief technology officer at Green Hills Software. “The confidence of EAL 6+ is so high that the U.S. government would use it to protect the most sensitive information on a computer that can be attacked by the most sophisticated adversaries.”
Windows and Linux are EAL 4+ and other RTOS vendors are not certified to any level. The certification was performed against the U.S. government Separation Kernel Protection Profile (SKPP), a U.S. government protection profile.
“EAL 6+ requires that the customer be able to detect if the operating system has been modified,” Kleidermacher says. SKPP requirements include the use of formal methods to mathematically prove the security policies, formal specifications, formal correspondence between design and implementation, complete test coverage of all functional requirements, and penetration testing by the NSA, which has complete access to the source code.
The Integrity operating system is also certified under RTCA/DO-178B Level A, the highest level of avionics safety certification granted by the Federal Aviation Administration and the European Aviation Safety Agency. The Integrity RTOS flies on the F-35 Joint Strike Fighter and was selected for NASA’s Orion Crew Exploration Vehicle.