At the up-and-coming RSA Conference in February (www.rsaconference.com), IT professionals will gather to address security in the Internet age. Topics to be discussed range from smart cards, RFID, cyber threats, and crypto, all the way up to Intel’s Virtualization Technology and Microsoft’s new Vista operating system. This particular conference is focusing on business interests, but increasingly, the business market is overlapping the military and mission-critical markets as the Internet seeks to connect to anything with an IP address1. And that certainly includes our nation’s critical defense systems.
As the United States lumbers ahead with the Global Information Grid (GIG), network-centric warfare, and interconnected “systems of systems,” the military is becoming increasingly reliant on consumer-based civilian infrastructure such as cellular telephones and the Internet. Even though our military relies on red/black radio, satellite, and terrestrial COMSEC equipment that adheres to stringent NSA guidelines, the increasing use of COTS gear on the battlefield that was only designed for civilian use may make military systems inherently insecure.
In the embedded space, many mission-critical systems rely on an RTOS such as INTEGRITY, VxWorks, QNX, ThreadX, or LynxOS for deterministic response with a small, embedded footprint. In the recent past, Green Hills – the developer of INTEGRITY – has redoubled its efforts at incremental software improvements while reemphasizing security as the core tenet of all the company’s RTOS products. As the world becomes increasingly insecure, I applaud the company for its efforts.
For years, Green Hills has been taking the embedded, real-time market by storm with their INTEGRITY RTOS, which has offered determinism and ultra-fast context switch times. Originally a partner with Wind River Systems providing MULTI and other development tools to the VxWorks environment, Green Hills broke ranks with Wind River and went out on their own in 2000 to try and build a “better” mousetrap. Since then, INTEGRITY has won accolades in the military and mission-critical markets for its performance and reliability.
Using a corporal-punishment-sounding term called “padded cell,” INTEGRITY is the epitome of a partitioned RTOS that isolates processes from one another (and the core kernel) so that errant code in one partition doesn’t spill over into the rest of the system. The result is a fast RTOS that is inherently secure from malware and plain old poorly written application code. I have long been a fan of the partitioned operating system concept since I first saw the OnCore OS demonstrated by the now-defunct software supplier OnCore Systems Corporation.
At the 2006 Embedded Software Summit held in early December 2006, Green Hills’ president Dan O’Dowd announced that the company’s new position is “net security.” In a convincing keynote briefing, O’Dowd did a chilling job of making the audience feel, well, insecure. O’Dowd provided numerous empirical examples of how adversaries can “crack” our interconnected and increasingly complex equipment. And the bad guys – he pointed out – increasingly look like “asymmetric” (nontraditional) threats.
He cited examples of a hacker who changed networked traffic lights in Colorado to shorten his commute (Associated Press, 4/19/06); hackers who broke into online brokerage accounts to steal money that could conceivably be routed to support terrorists (Washington Post, 10/24/06); a hacker who broke into Paris Hilton’s Sidekick and posted her contact list online; and finally, the case of Hezbollah guerillas who cracked the Israeli military’s “secure” radio communications to monitor troop movement, casualty reports, and supply routes. O’Dowd presented more than 13 examples of recent network security breaches that highlight the fragile nature of our interconnected systems – both civilian and military.
With the introduction of INTEGRITY 10th Anniversary Edition, the company is adding security-oriented features such as improved device driver models that more accurately depict hardware interaction, an enhanced partition scheduler, and a more secure approach to shared memory. In addition, Green Hills’ Platform for Secure Networking bundles together IPv6 support, IPSec, and a MILS architecture that’s very nearly certified to the Common Criteria EAL6+ level. The company claims that full NIAP certification should be achieved for INTEGRITY-178 some time in 2007. (Feel free to track the progress yourself at http://niap.bahialab.com/ and click on the left-hand link entitled “Products in Evaluation.”)
Of course, Green Hills isn’t alone among software or RTOS vendors that are creating more secure software. LynuxWorks comes immediately to mind. But for the mission-critical and military markets, Green Hills is certainly inspiring a lot of confidence with so much focus on network security. I know it makes me feel a little more secure.