AOH :: ISNQ3290.HTM

OS key to network security, speakers say

OS key to network security, speakers say
OS key to network security, speakers say


http://www.eetimes.com/news/latest/showArticle.jhtml?articleID=196601764 

By Richard Goering  	
EE Times
12/05/2006

SANTA BARBARA, Calif. -- The computer networks that control business 
transactions, transportation, electric power, defense, and confidential 
personal data are increasingly vulnerable to attack, according to 
speakers at the Green Hills Software Inc. Technology Conference here 
Dec. 4 and 5. Networks can only be secure, company representatives said, 
when the devices at the "endpoints" use secure operating systems.

Green Hills used the event to roll out its new Platform for Secure 
Networking, as well as Integrity 10, the next release of its Integrity 
real-time operating system (RTOS). Green Hills also claimed that its 
existing Integrity-178B, aimed at safety-critical applications such as 
avionics, is the first RTOS to undergo National Security Agency (NSA) 
testing for an ISO/IEC 15408 Common Criteria Evaluation Assurance Level 
(EAL) beyond EAL6.

"We can't live without our networks. That's our vulnerability," said Dan 
O'Dowd, Green Hills CEO. "The biggest vulnerability is the security of 
the operating systems at the endpoints."

O'Dowd noted that networks handle all business and financial 
transactions, hold personal data including medical and financial 
records, run the entire transportation system, maintain the electric 
power grid, and are responsible for much of the U.S. defense capability. 
"If an adversary can disrupt our networks, our entire system falls 
apart, we're so dependent on them," he said.

Potential adversaries, O'Dowd said, are not so dependent on networks. 
They use cash for business transactions, typically live in countries 
without reliable power or transportation, and their militaries use more 
primitive electronics. And this may give them an advantage. "In combat, 
a blind man will turn out the lights," O'Dowd noted.

O'Dowd presented various disaster scenarios, such as terrorists 
programming large numbers of traffic lights to turn green at the same 
time during rush hour, or hackers inserting viruses into automotive 
control systems through Bluetooth infotainment systems. He cited an 
incident in which a call center worker in India sold bank account 
details for 1,000 U.K. customers. He also pointed to a long list of 
Cisco vulnerabilities available on line.

Things aren't getting any safer. Christopher Harz, vice president of 
strategic planning at IPv6 Summit Inc., noted that IPv6 will bring about 
an orders-of-magnitude increase in the number of Internet addresses 
available. "Right now, there are a maximum of a couple of billion nodes 
in the world," he said. With IPv6, Harz said, "there may be a couple of 
billion nodes in your neighborhood."

As the number of nodes increases, he said, so do vulnerabilities. There 
will be many more network-centric operations, he said, and a much 
greater emphasis on mobile, wireless communications. Because the U.S. is 
behind on IPv6, Harz said, there will be a "massive infusion" of 
foreign-built hardware and software. And because IPv6 is new, he said, 
it will require a new generation of firewalls.

Aaron Turner, cyber security strategist for national and homeland 
security at Idaho National Laboratory (INL), started his talk by noting 
that there's much he can't say. "The list of vulnerabilities I can talk 
about is not very long, because there are no solutions today," he said.

While terrorists and unfriendly nations remain a threat, Turner said 
that the fastest-growing type of cyber-attack today comes from criminals 
out for financial gain. He said INL is investigating situations in which 
millions of dollars have been extorted from operators of SCADA 
(supervisory control and data acquisition) systems. "The adversary 
capability is growing tremendously versus our security capability," he 
said.

The INL, said Turner, has developed a very sophisticated simulation 
capability to predict the impact of possible cyber-attacks. But the 
economic impact of these attacks is very real, he said. Network 
vulnerability, Turner said, "is the next great crisis our society is 
going to confront."

Digital, personal authentication is one solution to the network security 
problem, said Gregory Youngblood, director of marketing for the security 
line of business at Broadcom Inc. He described the Broadcom Integrity 
Platform, based on Broadcom's BCM5890 "secure processor," as a system 
that can provide hardware security for any type of authentication 
system. The first application is a personal biometric device from 
Privaris Inc.

But the main focus at the Green Hills Technology Conference was 
software, and Green Hills had two new offerings to talk about. The 
company's Platform for Secure Networking includes the Integrity RTOS, 
which features a separation kernel architecture for fault isolation and 
containment, and claims to support requirements and policies of Multiple 
Independent Levels of Security (MILS).

Aside from the Integrity separation kernel, the platform includes an 
advanced file system, a GHNet dual mode IPv4/IPv6 networking stack, 
IPSec, secure web server including SSL/TLS client and server, and secure 
shell client and server (SSH). While it's largely a packaging of 
existing Green Hills technology, David Kleidermacher, Green Hills CTO, 
said that new technology includes the IPv6 support, new encryption 
algorithms, and SSL/TSL.

Green Hills' Integrity 10 release claims several new security features. 
One is a "pure virtual" device driver model that moves device driver 
code outside the kernel, easing certification costs. Another is an 
enhanced partition scheduler for defining execution windows for each 
partition. A third feature is a new memory "lending" capability that can 
recover resources and revoke access to resources from other processes.

The new release also steps up support for multicore debugging. It 
supports symmetric multiprocessing (SMP), in which the operating system 
will automatically load-balance applications across multiple cores on 
SMP-capable microprocessors. Integrity 10 also supports non-uniform 
memory architecture (NUMA) systems in which applications are allocated 
across multiple cores.

What O'Dowd seemed proudest of, however, is the pending ESL6+ 
certification for Integrity-178B. Several commercial operating systems 
have achieved ESL4, which calls for software to be "methodically 
designed, tested and reviewed." But that's not good enough, O'Dowd said, 
because it only resists inadvertent or casual attempts to breach system 
security. "A determined hacker can take control of an EAL4 system," he 
said.

EAL6 calls for software to be "semi-formally verified, designed and 
tested," while EAL7 ups the ante for formal verification, design and 
test. EAL6+, a hybrid between these two, is the level the NSA wants for 
military systems, O'Dowd said. An EAL6+ system, he maintained, cannot be 
hacked by anyone.

Integrity-178B is the only RTOS actively undergoing evaluation above 
EAL4, O'Dowd claimed. He pointed to a National Information Assurance 
Partnership (NIAP) web site listing software products currently under 
evaluation, including Integrity-178B.

O'Dowd agreed with one conference participant who noted that devices at 
both ends of a network have to be secure. But you can't get total 
security, he noted, unless the entire system is "EAL10," which means 
that you never turn it on in the first place.


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn

Site design & layout copyright © 1986- CodeGods