The New Secure Operating System

Daniel ~ · #1 (**permalink**) 3rd December, 2008, 12:38 PM

Written by Daniel
Wednesday, 03 December 2008
Commercial availability of NSA-certified OS casts spotlight on best practices for securing existing operating systems

Dec 02, 2008 | 03:19 PM
By Kelly Jackson Higgins
DarkReading

The secure operating system standard will never be the same now that a National Security Agency-certified OS has gone commercial,....[Front page...]

Aedan · #2 (**permalink**) 5th December, 2008, 09:21 AM

Green Hills Software are the only people to have an EAL-6 certified OS. However, they're not the only people who have been working on it. Lynuxworks and VxWorks are also working towards it.

However, there's still no EAL-7 certified OS - which is the highest rating.

Daniel ~ · #3 (**permalink**) 5th December, 2008, 01:33 PM

I was wondering to what extent the release of this OS will just raise the bar for hackers....I mean, now that it's going to be widely available and used "Where the money is" Aren't hacker going to concentrate their effort to bring this OS to it's knees?

Or is EAL-6 that good! ":O}

Gizmo · #4 (**permalink**) 6th December, 2008, 12:27 AM

'Security is not a destination, it is a journey'

There is no useful system that is 100% secure. It's a contradiction in terms, like 'honest politician'.

Security is essentially a risk mitigation strategy. First, you want to try to make it so difficult to obtain some benefit from hacking the system, that the reward is not worth the pain. Second, assuming the system will be cracked anyway, you want to try to ensure that you can minimize the damage that will occur to a level that is 'acceptable'. How you define that level is a complex decision that involves considering how long it will take you to repair the damage and what kind of liability the damage will open you up to, among other things.

Can this OS eventually be cracked? Almost certainly, given the right set of tools, sufficient time, and the proper motivation.

WILL it be cracked? Well, that rather depends on who wants in, and what is being protected.

I do find it interesting, however, that they are touting it more as a virtualization host on which to run other platforms (like Windows) than as the application OS in its own right. If I've got my OS running in a virtual session, and that OS gets compromised, it really doesn't matter a whole lot to me if the host is compromised as well or not; MY environment has been compromised.

In other words, while this could have some value to hosting companies and such, I'm a little lost as to see how it could be of much value in the larger world, unless the applications I am depending on are written to run in that OS natively.

Daniel ~ · #5 (**permalink**) 8th December, 2008, 02:05 PM

Thank you for opening my eyes.":O}

Thread Tools
Show Printable Version Email this Page
Rate This Thread
Rate This Thread:

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
VMS Operating System Is 30 Years Old	Gizmo	OS, Software, Firmware, and BIOS	0	6th November, 2007 12:32 AM
Operating System	calhoun	General Hardware Discussion	13	19th November, 2005 04:26 PM
prefered Operating system for gaming?	majestic	GAMES! OH YEAH!	26	13th October, 2005 06:45 AM
Lindows Operating System	Just_tweak_it	OS, Software, Firmware, and BIOS	1	20th June, 2005 03:25 AM
I am writing my own Operating System	Garfield	OS, Software, Firmware, and BIOS	16	14th May, 2002 07:10 PM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)