headers
majorsoul | 2 Jul 2006 08:50
Picon

Secure OS


Hi,

Many microkernel OSes advertise themselves as secure RTOS using kernel
separation for applications partitioning (e.g lynuxworks, Green Hills etc),
most of them pass DO-178B Level A ceritification or CC EAL 6 or 7. 

I suspect that 178B Level A certification is more concern about separation
of applications in the mind set of application crashes while keeping the
system intact and not secure in the mind set of 'hacking'.

Does anyone knows which are the creteria for security of RTOS in the mindset
of hacking? Is there a certificatation for that?
--

-- 
View this message in context: http://www.nabble.com/Secure-OS-tf1879473.html#a5137983
Sent from the Capability System forum at Nabble.com.
Permalink | Reply | 0 comments |
headers
David Wagner | 2 Jul 2006 09:01
Picon
Favicon

Secure OS

In article <5137983.post@...> you write:
>Many microkernel OSes advertise themselves as secure RTOS using kernel
>separation for applications partitioning (e.g lynuxworks, Green Hills etc),
>most of them pass DO-178B Level A ceritification or CC EAL 6 or 7. 

I'm not very familiar with DO-178B certification.

FYI--  My understanding is that none of them been certified at
EAL 6 or 7.  If you read their marketing literature carefully, they
will say things like "designed to be certifiable to EAL 6+", meaning
"we like to think that maybe we could get EAL 6 if we tried, but we
haven't tried".  There's a huge difference between the vendor claiming
that their OS was "designed to be certifiable to EAL 6" and an
independent testing lab actually certifying them at EAL 6.

If you look at the list of certified operating systems, you'll see
that none of them are listed as certified at that level.  My recollection
is that only one of the vendors has even begun the process of trying to
get their stuff certified at EAL 6.  (I can't remember which one, but
if you go look at the official web site for Common Criteria certification,
you can find both the list of awarded certifications as well as the
systems currently under evaluation for potential certification.)

I believe the Common Criteria folks have a draft security profile for
a MILS separation kernel.  That should answer your question of what the
criteria are for security of a MILS-style RTOS (or, at least, what criteria
they are being evaluated to for their EAL 6 certification).  As I recall,
a little Googling will turn up a pointer to the draft profile.

If others know more about DO-178B, I'd be interested to hear.
(Continue reading)

Permalink | Reply | 501 comments |
headers
majorsoul | 2 Jul 2006 09:24
Picon

Re: Secure OS


Can you please link the security profile for MILS separation kernel?
Is there a CC PP for OS for level 6 or 7?

--

-- 
View this message in context: http://www.nabble.com/Secure-OS-tf1879498.html#a5138079
Sent from the Capability System forum at Nabble.com.
Permalink | Reply | 502 comments |
headers
majorsoul | 2 Jul 2006 10:28
Picon

Partitioning operating systems Vs. VMM


Is there a difference in Partitioning operating systems and VMM or is just
different terminology for the same thing?

--

-- 
View this message in context: http://www.nabble.com/Partitioning-operating-systems-Vs.-VMM-tf1879624.html#a5138332
Sent from the Capability System forum at Nabble.com.
Permalink | Reply | 2 comments |
headers
David Chizmadia (JHU | 2 Jul 2006 21:17

Re: Secure OS

The PP has not been released to the general public.

FYI, and based on briefings by the organizations sponsoring
its development at the OMG, it is for a Separation Kernel
(as described by Rushby) and therefore doesn't really address
the rest of the components that most people consider part of
an OS (e.g., file system, network stack, etc). It is also
oriented towards embedded, statically configured, systems.

Out of curiosity, what is motivating your interest?

-DMC

majorsoul wrote:
> Can you please link the security profile for MILS separation kernel?
> Is there a CC PP for OS for level 6 or 7?
>
Permalink | Reply | 1 comment |
headers
David Chizmadia (JHU | 2 Jul 2006 21:21

Re: Partitioning operating systems Vs. VMM

The unit of practical accountability and access control
resolution in a partitioning OS would be something
resembling a (posix) process, while the equivalent unit
in the VMM would be the guest OS.

-DMC

majorsoul wrote:
> Is there a difference in Partitioning operating systems 
> and VMM or is just different terminology for the same thing?
>
Permalink | Reply | 1 comment |
headers
majorsoul | 3 Jul 2006 08:53
Picon

Re: Partitioning operating systems Vs. VMM


I noticed that. However, if you look at the LynxOs at:
http://www.lynuxworks.com/rtos/rtos-partition-178.php
it present itself as supoprting multiple VMs, isnt that what VMM all about?
--

-- 
View this message in context: http://www.nabble.com/Kernel-Partitioning-Vs.-VMM-tf1879624.html#a5147290
Sent from the Capability System forum at Nabble.com.
Permalink | Reply | 0 comments |
headers
majorsoul | 3 Jul 2006 09:13
Picon

Re: Secure OS


I am starting to build an embedded system, I am now looking at the security
considerations.

Do you know if there is a VMM which pass CC/FIPS? what is the PP for it?

A more general question, suppose I want to pass my system (which is composed
from HW and SW) CC EAL 5, does it mean that the OS must pass the same level
of EAL?
Since there is no OS passed CC EAL5 is there a way for a SW to pass that EAL
level?

What do you mean statically configured systems? Is the use of a VMM enable a
more dynamic system?

-majorsoul

--

-- 
View this message in context: http://www.nabble.com/Secure-OS-tf1879498.html#a5147467
Sent from the Capability System forum at Nabble.com.
Permalink | Reply | 0 comments |
headers
Norman Hardy | 9 Jul 2006 02:06

Virtualizability vs. Synergy

I wrote some short notes on Virtualizability vs. Synergy at <http:// 
cap-lore.com/CapTheory/Patterns/CapParam.html>.
My description of virtualizability in Keykos is still scanty.

It is part of the issue of whether platforms should provide "Eq?".
Dean Tribble has stories about how to solve without  synergy, some of  
the problems that Keykos solves with synergy,
I cannot recall the details.
Permalink | Reply | 9 comments |
headers
Nigel Williams | 9 Jul 2006 03:27
Picon

Google TechTalk lecture series

Found this, firstly featuring Alan Karp:
 
 
over the next three weeks Mark Miller, Tyler Close, and Mark Stiegler.
 
cheers,
nigel.
 
_______________________________________________
cap-talk mailing list
cap-talk@...
http://www.eros-os.org/mailman/listinfo/cap-talk
Permalink | Reply | 13 comments |

Gmane