| LynuxWorks blasts GHS 'FUD' |
Apr. 13, 2004
RTOS and embedded Linux vendor LynuxWorks has responded to last week's statement from Green Hills Software that lambasted embedded Linux as inappropriate for use in high security defense and military applications. The LynuxWorks response refutes GHS claims that open systems such as Linux are inherently ineligible for EAL-7 certification.
LynuxWorks was among the companies criticized in the GHS statement for working with foreign developers in China, Russia, and elsewhere.
According to LynuxWorks, open standards and standards-based OSes such as Linux are enjoying growing popularity in government, to the detriment of systems such as those from GHS that are not based on open standards. LynuxWorks Vice President Bob Morris said, "Non open standards-based software is continuing to be overlooked in favor of Linux and POSIX, which is why you are seeing vendors employ scare tactics meant to fuel the FUD [fear, uncertainty, and doubt] regarding the security of open standards-based software."
Importance of open standards
The LynuxWorks statements explains that open standards such as POSIX are gaining momentum in government applications because they facilitate application portability, software reuse, and system interoperability. The POSIX standard was designed to ensure source code portability between operating systems. POSIX "conformance" means software has been approved by an accredited, independent standards authority as certified to all levels of the POSIX standard.
Despite widespread government support for open standards testing, few agencies actually require it, according to LynuxWorks, other than the Allied Standard Avionics Architecture Council (ASAAC) and the Navy Open Architecture Computing Environment (OACE).
Because open standards support is encouraged, but rarely required, some vendors label their software as POSIX "compliant," a meaningless claim that simply lists which levels of POSIX are and are not supported, according to LynuxWorks.
LynuxWorks claims that all its products, including its Linux-based operating systems, are POSIX conformant. Such conformance, it says, will enable them to work with a "separation kernel" LynuxWorks is designing to meet EAL-7 certification.
EAL-7
EAL-7 represents the highest level of the Common Critera, a system of ranking system security. Certification to EAL-7 dictates that a software product has been formally verified, designed, and tested. Today, no commercial off-the-shelf (COTS) operating system is certified to EAL-7, although it remains theoretically and mathematically achievable.
The earlier GHS statement alluded to an operating system GHS is developing that is "designed" to meet EAL-7 criteria (but hasn't yet), while implying that open source software is inherently ineligible for such certification.
LynuxWorks says it is currently developing a Common Criteria level EAL-7 secure separation kernel in concert with the NSA (National Security Agency) and others. The kernel aims to eliminate the timely and costly system evaluation process the government and military are currently performing on each operating system it deploys.
LynuxWorks says its separation kernel will enable any POSIX conformant operating system, including Linux, Solaris, HP-RT, HPUX, and UNIX, to run in a secure partition on an EAL-7 system.
Dr. Singh's zingers
"The old paradigm of 'security through obscurity' is out the window," said Dr. Inder Singh, CEO of LynuxWorks. "Perception is that you can not trust software that you did not create yourself. Reality is that with the advent of an EAL-7 separation kernel, you can. We're on the cusp of reaching a monumental milestone never before achieved in the embedded software industry."
Dr. Singh added, "Sweeping generalizations that Linux poses a national security threat are shortsighted and self-serving. Implying that the government is not assuring the highest levels of security for software that they deploy is baseless and inaccurate. All major military systems undergo extensive review and vulnerability analysis. This is quite contrary to the current commercial industry practice of 'penetrate and patch' for security, as evidenced by recent virus attacks against Windows-based systems."
Furthermore, according to Dr. Singh, "The government and military [employ] prevention and 'defense in depth' to ensure the highest level of security. In other words, exploitable flaws are eliminated at each stage of the system design process. A significant amount of time and money is devoted to make sure this occurs at each step of the software development lifecycle."
"Open standards architectures will be vital to decrease the time and costs in ensuring security in the military design process," concludes Dr. Singh.
Talk Back!
If you have questions or comments about this story, Talkback!
Related Stories:
(Click here for further information)
|
|
|
FUEL Database on MontaVista Linux
Whether building a mobile handset, a car navigation system, a package tracking device, or a home entertainment console, developers need capable software systems, including an operating system, development tools, and supporting libraries, to gain maximum benefit from their hardware platform and to meet aggressive time-to-market goals.
Breaking New Ground: The Evolution of Linux Clustering
With a platform comprising a complete Linux distribution, enhanced for clustering, and tailored for HPC, Penguin Computing¿s Scyld Software provides the building blocks for organizations from enterprises to workgroups to deploy, manage, and maintain Linux clusters, regardless of their size.
Data Monitoring with NightStar LX
Unlike ordinary debuggers, NightStar LX doesn¿t leave you stranded in the dark. It¿s more than just a debugger, it¿s a whole suite of integrated diagnostic tools designed for time-critical Linux applications to reduce test time, increase productivity and lower costs. You can debug, monitor, analyze and tune with minimal intrusion, so you see real execution behavior. And that¿s positively illuminating.
Virtualizing Service Provider Networks with Vyatta
This paper highlights Vyatta's unique ability to virtualize networking functions using Vyatta's secure routing software in service provider environments.
High Availability Messaging Solution Using AXIGEN, Heartbeat and DRBD
This white paper discusses a high-availability messaging solution relying on the AXIGEN Mail Server, Heartbeat and DRBD. Solution architecture and implementation, as well as benefits of using AXIGEN for this setup are all presented in detail.
Understanding the Financial Benefits of Open Source
Will open source pay off? Open source is becoming standard within enterprises, often because of cost savings. Find out how much of a financial impact it can have on your organization. Get this methodology and calculator now, compliments of JBoss.
Embedded Hardware and OS Technology Empower PC-Based Platforms
The modern embedded computer is the jack of all trades appearing in many forms.
Data Management for Real-Time Distributed Systems
This paper provides an overview of the network-centric computing model, data distribution services, and distributed data management. It then describes how the SkyBoard integration and synchronization service, coupled with an implementation of the OMG¿s Data Distribution Service (DDS) standard, can be used to create an efficient data distribution, storage, and retrieval system.
7 Advantages of D2D Backup
For decades, tape has been the backup medium of choice. But, now, disk-to-disk (D2D) backup is gaining in favor. Learn why you should make the move in this whitepaper.
|
|
|
|
|
news feed