I’ve been talking to software engineers a lot lately, and what they’re talking a lot about is software security.
With the progression to network-centric operations underway in the U.S. military, and with it the promise of a powerful, collaborative information exchange combining systems, sensors and platforms, the security of underlying software in a multitude of networked pieces is critical.
Nowadays, pretty much everything is networked, from traffic lights to financial transactions. And every network has potential vulnerabilities that can be exploited by teenage hackers or worse, says Dan O’Dowd, CEO of Green Hills Software. At a recent conference hosted by Green Hills in picturesque Santa Barbara, Calif., O’Dowd’s words cast a chill over the otherwise temperate setting.
Software developers are addressing what could be the soft underbelly of net-centricity with partitioned operating systems designed for Multiple Independent Levels of Security (MILS). MILS architecture is founded on a separation "kernel," layered between the processor and software applications. The kernel divides the computer into separate address spaces and scheduling intervals and prevents cross-contamination of applications. One failed or corrupted partition cannot affect another, and each can be security-certified relative to its importance. The kernel itself, with less than 5,000 lines of source code as compared, say, to Windows XP at 40 million lines of code, is "provably secure," Green Hills says.
Another company focusing on the MILS architecture for embedded software is LynuxWorks of San Jose, Calif. "There’s a lot of interest from existing customers that deploy into avionics," Gurjot Singh, LynuxWorks’ president and CEO, told me over lunch at the National Press Club in Washington. "The interest in software separation is tremendous."
Naturally, Green Hills didn’t fly editors to Santa Barbara to sample the pinot noir. The occasion marked the 10th anniversary of its Integrity real-time operating system (RTOS), first applied in the B-1B bomber. The Integrity-178B RTOS, certified by FAA to DO-178B Level A, the standard for safety-critical avionics software, now is being evaluated by the National Security Agency (NSA) to the highest security rating — Evaluation Assurance Level 6+. Green Hills says Integrity is the first system to face that test, which it expects to pass this year.
"There’s a lot of noise out there from some of our competitors," about meeting the requirements for NSA evaluation, O’Dowd said. "What we have to offer people in networking is actual security — real security."
Green Hills finds support for its effort in the strategy laid out by the U.S. Department of Defense for achieving Net-Centric operations.
In his 2006 strategic plan, DoD Chief Information Officer John G. Grimes identified a secure information environment, including the use of "trusted" software, as one of nine focus areas for the Net-Centric transition.
"Information assurance — protecting the data and defending the network — is… critical to the department’s transformation," Grimes testified to Congress last year. "The importance of information assurance simply cannot be overemphasized…. [W]e must be confident the network will be there and trust the integrity of the data."
Michael Ammons, principal engineer for airborne communications systems with Sanmina-SCI Defense and Aerospace Systems in Huntsville, Ala., sees high-level software security as a similarly transformational event for industry. Sanmina-SCI selected Integrity for its FireComm next-generation airborne intercommunications system, which demands real-time, multilevel security.
In the past, security was achieved by physical isolation of radios. "In the history of security in military aircraft, that’s pretty much the way we’ve done it. We have totally isolated one radio from another radio — physical isolation that has maintained security up to this point," Ammons said.
"But as things progress and become more and more digital, we can’t depend on physical isolation anymore. We’re going to have to start leaning on software isolation. These guys [Green Hills] are trying to get certified right now with the Integrity system, to get NSA-certified for assurance. Once that happens, we’ll have a way of doing isolation in the software domain."