LynuxWorks CEO, Dr. Inder Singh, Challenges Misrepresentative Claims Regarding Security in the Military; Open Software Standards Key to Enabling Future Level EAL-7 Secure Systems.Business Editors/High-Tech Writers SAN JOSE, Calif.--(BUSINESS WIRE)--April 13, 2004 Background The rapid proliferation of open standards software continues to illicit responses from software vendors attempting to spread fear, uncertainty and doubt Fear, uncertainty, and doubt (FUD) is a tactic of rhetoric used in sales, marketing and public relations.[1][2] FUD is generally a strategic attempt to influence public perception by disseminating negative (and vague) information. (FUD) as they find their business models threatened by the global open standards movement. Vendors have attempted to thwart Linux(R) through lawsuits and legal actions and, most recently, are fueling the FUD surrounding Linux and the security threat it poses to our nation's defense systems. Open software standards and interfaces remain widely misunderstood and misrepresentative mis·rep·re·sent tr.v. mis·rep·re·sent·ed, mis·rep·re·sent·ing, mis·rep·re·sents 1. To give an incorrect or misleading representation of. 2. claims by technology companies continue to be the norm, not the exception. LynuxWorks' Point of View on Security in the Military "Sweeping generalizations that Linux poses a national security threat are shortsighted short·sight·ed adj. 1. Nearsighted; myopic. 2. Lacking foresight. short  sight and self-serving," said LynuxWorks chairman and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. , Dr. Inder Singh. "Implying that the government is not assuring the highest levels of security for software that they deploy is baseless and inaccurate. All major military systems undergo extensive review and vulnerability analysis. This is quite contrary to the current commercial industry practice of 'penetrate and patch' for security, as evidenced by recent virus attacks against Windows-based systems. The government and military, on the other hand, are employing prevention and 'defense in depth' to ensure the highest level of security. In other words Adv. 1. in other words - otherwise stated; "in other words, we are broke"put differently , exploitable flaws are eliminated at each stage of the system design process. A significant amount of time and money is devoted to make sure this occurs at each step of the software development lifecycle. Further, open standards architectures will be vital to decrease the time and costs in ensuring security in the military design process." The Benefits of Open Standards in the Military Linux and other open standards continue to gain significant momentum in the government and military because they enable ease of application portability, software reuse and interoperability between systems. For example, Navy Open Architecture Computing Environment Open Architecture Computing Environment (OACE) is a specification that aims to provide a standards based computing environment in order to decouple computing environment from software applications. This way it enables reusable software applications and components. (OACE OACE Open Architecture Computing Environment (US Navy) ) has mandated that all future software development be open standards-based, stipulating that software that does not meet this requirement will not be accepted by the Navy. By ensuring that all software is open standards-based, future hardware and software upgrades can be made seamlessly to reduce cost and development time and support future enhancements to new and unique war-fighting capabilities on ships, aircrafts, submarines and other platforms. "The military is realizing that maintaining and being locked to a closed OS that does not adhere to open standards is time and cost-prohibitive," said Bob Morris, vice president of sales and marketing of LynuxWorks. "Leveraging the ever-growing world of open standards software leads to better risk mitigation and supports costs for the long-term because military customers can protect their investment and avoid the high cost barriers and time-to-market penalties that changing operating systems normally incurs. Non open standards-based software is continuing to be overlooked in favor of Linux and POSIX (Portable Operating System Interface for UNIX) An IEEE 1003.1 standard that defines the language interface between application programs and the Unix operating system. , which is why you are seeing vendors employ scare tactics meant to fuel the FUD regarding the security of open standards-based software." Achieving the Highest Level of Security for Open Standards-based Software is Attainable According to a study by the University of Idaho The university was formed by the territorial legislature of Idaho on January 30, 1889, and opened its doors on October 3, 1892 with an initial class of 40 students. The first graduating class in 1896 contained two men and two women. , there is a high correlation between DO-178B, a safety standard for safety-critical airborne systems, and Common Criteria, an international framework for developing a set of security requirements for IT products. The study concluded that DO-178B level A certified products, the highest level of safety for airborne systems, have significant overlaps with the lower levels of Common Criteria. LynuxWorks believes that its LynxOS-178 product will be certified to EAL-4 if not EAL-5. Common Criteria define seven hierarchical assurance levels of security, of which EAL-7 is the highest. Certification to EAL-7 dictates that a software product has been formally verified, designed and tested. Today, no commercial off-the-shelf (COTS) operating system is certified to EAL-7, although it remains theoretically and mathematically achievable. A New Paradigm for Security: Keep it Open Standards-based LynuxWorks is currently developing a Common Criteria level EAL-7 secure separation kernel in concert with the NSA NSA abbr. National Security Agency Noun 1. NSA - the United States cryptologic organization that coordinates and directs highly specialized activities to protect United States information systems and to produce foreign and others for the highest level of security ever achieved. The availability of an EAL-7 separation kernel would eliminate the timely and costly system evaluation process the government and military are currently performing on each operating system it deploys. The LynuxWorks separation kernel would ensure that any operating system, including Linux and other open standards-based OSs, could run in a secure partition in an EAL-7 system environment with no vulnerabilities. Most importantly, since the LynuxWorks separation kernel will be open standards-based, embedded software tools and applications that the military and government are currently using will be easily ported to an EAL-7 secure environment. "The old paradigm of 'security through obscurity' is out the window," said Dr. Singh. "Perception is that you can not trust software that you did not create yourself. Reality is that with the advent of an EAL-7 separation kernel, you can. We're on the cusp of reaching a monumental milestone never before achieved in the embedded software industry." Only Linux / POSIX Conformance Can Unlock the Power of Level EAL-7 Security Support of the POSIX open standard in embedded systems assures code portability and is increasingly being mandated for commercial applications and government contracts. POSIX conformance means that software has been certified by an accredited accredited recognition by an appropriate authority that the performance of a particular institution has satisfied a prestated set of criteria. accredited herds cattle herds which have achieved a low level of reactors to, e.g. , independent standards authority to be certified to all levels of POSIX. Currently, testing for full POSIX conformance is not readily enforced in the government and military. As a result, some vendors label their software as POSIX "compliant," a meaningless claim that simply lists which levels of POSIX are and are not supported. Although more government and military agencies are advocating stringent testing within military programs to enforce full POSIX conformance, currently only the Allied Standard Avionics Architecture Council (ASAAC ASAAC Allied Standard Avionics Architecture Council ) and the Navy OACE test for it. As part of LynuxWorks' long-standing commitment to open standards support, its entire product line is POSIX conformant and capable of running Linux applications, including its flagship LynxOS(R) real-time operating system (operating system) Real-Time Operating System - (RTOS) Any operating system where interrupts are guaranteed to be handled within a certain specified maximum time, thereby making it suitable for control of hardware in embedded systems and other time-critical applications. (RTOS (1) (RealTime Operating System) An operating system designed for use in a real time computer system. See real time system, embedded system, process control and OS-9. ), LynxOS-178(R), and BlueCat(R) Linux 5.0, the company's enhancement of the Linux 2.6 kernel. LynuxWorks' EAL-7 separation kernel will enable POSIX conformant OSs such as Linux to run in a secure partition, ensuring that current Linux, Solaris, HP-RT, HPUX HPUX Hewlett-Packard Unix and UNIX UNIX Operating system for digital computers, developed by Ken Thompson of Bell Laboratories in 1969. It was initially designed for a single user (the name was a pun on the earlier operating system Multics). applications that the military is using can be easily migrated to an EAL-7 secure environment. About LynuxWorks LynuxWorks is a world leader in the embedded software market, providing operating systems, software development products and consulting services for the world's most successful communications, aerospace/defense, and consumer products companies. Established in 1988, the company is a technology leader in the real-time operating systems (RTOS) industry, and a founding member of the Embedded Linux Consortium (ELC ELC Early Learning Centre (UK) ELC Environmental Law Centre (Canada) ELC Environmental Learning Center (Vero Beach, FL) ELC Education Law Center ELC Early Learning Coalition ). LynuxWorks' headquarters are located in San Jose, California San Jose (IPA: /ˌsænhoʊˈzeɪ/) is the third-largest city in California, and the tenth-largest in the United States. It is the county seat of Santa Clara County. . LynuxWorks is a trademark and LynxOS and BlueCat are registered trademarks of LynuxWorks, Inc. Other brand or product names are registered trademarks or trademarks of the respective holders. Linux is a registered trademark of Linus Torvalds. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion