The New Secure Operating System

The secure operating system standard will never be the same now that a National Security Agency-certified OS has gone commercial, but few mainstream enterprises today need an airtight OS tuned to run on fighter jets. And many organizations aren't properly securing their existing commercial OSes, anyway, security experts say.

Green Hills Software last month announced that its new Integrity-178B OS was certified as EAL6+ and was being sold commercially by its new Integrity Global Security subsidiary. EAL6+ is the highest security rating by the NSA-run certification program, and means the OS was designed and certified to defend against well-funded and sophisticated attackers.

"In an ideal world, and perhaps in some high-end government projects and in the commercial sector, brand-new hardware and an OS is a great alternative," says a systems administrator named John, who declined to give his full name and organization due to the sensitivity of his environment. "Most of us are stuck with legacy systems and hardware, however."

John, like other systems administrators, says he is constantly fighting the good fight of keeping up with Windows and other patches -- and dealing with the fallout of poorly configured systems from previous systems admin regimes. "The great dilemma I think that most systems administrators face at some point is the inherited security holes created by previous administrators and engineers whose architecture decisions and OS configurations are a continuing challenge to maintain -- leaving little time and few resources to rebuild and rearchitect," he says. "That's the situation I now face."

While the arrival of the Integrity OS isn't expected to majorly shake up the commercial OS market, it likely will force OS vendors to pay more attention to the Common Criteria EAL security standards, says Dennis Moreau, CTO and founder of Configuresoft. Windows and Linux, for example, are EAL4+ certified, which means they can defend against "inadvertent and casual" security breach attempts.

But Integrity's higher rating significantly raises the bar: "Those are things you want every OS vendor to do...get that expert review of their design" and deploy built-in virtualization and key management features like Integrity does, Moreau says. "You will see increasing pressure for OS vendors to do that."

The catch, of course, is that Integrity's OS is built for hard-core, predictable, and real-time environments (think fighter planes). "It has the ability to say this app needs to finish this by this time...the ability to expect how a system is going to behave and to count on it," Moreau says. "That's not true with most non-real-time OSes today, but you'll be seeing them do more of that," he says.

Integrity is targeting the financial and healthcare industries, as well as organizations with critical infrastructure issues, says Jimmy Sorrells, vice president of enterprise products. The firm already has secured "several" new systems integrator customers that work in the federal government space, he says.

The new OS isn't meant to replace existing commercial OSes, he says, but to supplement them. "Windows and Linux and Solaris have specific user experiences that we are not trying to replace. We strive to secure those OSes," Sorrells says, in the data center and at the desktop.

Even so, all major commercial operating systems today have their own options for security lockdown, and few organizations are willing to go there, says John Pescatore, vice president and research fellow at Gartner. "You cannot let the user install any software, and if you do that, you can stay pretty safe," Pescatore says. But then you sacrifice user productivity, he adds.

Pescatore argues that it's less about OS security than application-level security. "You can't blame the operating system," he says.

Still, there are a few basic things enterprises can do to better lock down their existing OSes, security experts say (and not everyone is doing them):

"People are too busy in firefighting mode or ignorant or indifferent" when it comes to bypassing these basic steps to ratchet up OS security, says John, who had to institute many of these steps in his environment after finding security risks, such as some systems allowing "root." "A lot of these things we inherited from previous developers and sys admins, [like running] as 'root' -- that's ridiculous," he says.

Meanwhile, Ross Leo, CEO of Alliance Group Research and a former CIO and CISO, says that while the new ultra-secure Integrity OS is good news for the commercial space, it will face some big challenges.

"Business has a security problem, but one that in their minds is being addressed well enough. Beyond that, they accept the risk rather than spend more," Leo says. "I also think that other than the natively strong security Integrity 178B has to its credit, it has many other things it must prove as commercially viable -- speed, reliability, low maintenance costs, etc. -- before anyone will switch to it. Operations-related expenditures and performance factors will far outweigh the security benefits."

Another hurdle will be pricing in an increasingly tough economy. Integrity won't reveal its pricing structure because it's a custom model, but experts say it's likely to cost significantly more than other commercial OSes.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message