[cap-talk] Secure OS

[David Wagner]

In article <5137983.post at talk.nabble.com> you write:
>Many microkernel OSes advertise themselves as secure RTOS using kernel
>separation for applications partitioning (e.g lynuxworks, Green Hills etc),
>most of them pass DO-178B Level A ceritification or CC EAL 6 or 7. 

I'm not very familiar with DO-178B certification.

FYI--  My understanding is that none of them been certified at
EAL 6 or 7.  If you read their marketing literature carefully, they
will say things like "designed to be certifiable to EAL 6+", meaning
"we like to think that maybe we could get EAL 6 if we tried, but we
haven't tried".  There's a huge difference between the vendor claiming
that their OS was "designed to be certifiable to EAL 6" and an
independent testing lab actually certifying them at EAL 6.

If you look at the list of certified operating systems, you'll see
that none of them are listed as certified at that level.  My recollection
is that only one of the vendors has even begun the process of trying to
get their stuff certified at EAL 6.  (I can't remember which one, but
if you go look at the official web site for Common Criteria certification,
you can find both the list of awarded certifications as well as the
systems currently under evaluation for potential certification.)

I believe the Common Criteria folks have a draft security profile for
a MILS separation kernel.  That should answer your question of what the
criteria are for security of a MILS-style RTOS (or, at least, what criteria
they are being evaluated to for their EAL 6 certification).  As I recall,
a little Googling will turn up a pointer to the draft profile.

If others know more about DO-178B, I'd be interested to hear.