Avionics Free e-Mail Newsletter Free Aviation Job Alerts
Home Avionics Aviation Maintenance Rotor & Wing Air Safety Week Aircraft Value News Regional Aviation News Very Light Jets
View by Category:  Military | Commercial | Business & General Aviation | Rotorcraft | Air Traffic Control | Maintenance
Advanced Search


Aviation Today Market Leaders
Products and Services
Customer Support Directory
AAI Membership
Avionics Tech Reports
Issue Archives
Acronym Guide
Industry Leader Profiles
NBAA Product Showcase
Avionics Blog

Top Stories
AMC
FSEMC
AEEC
Information
Subscribe
BPA Statement
Media Kit
Monthly E-letter
Subscribe
Jobs
Podcasts
Webinars
Videos
Blogs
Databases &
   Buyer's Guides
White Papers/
   Technical Reports/
   Supplements
Research Reports
Article Archives
Press Releases
From the PR Wires
Industry Links

Top Stories
Aviation e-letter
Financial Center
Calendar
Media Kits
About Us
Contact Us

Services
Print This Page
Email This Page
Archives
Get Copyright PermissionsCopyright Permissions
Related Stories
Editor's Note: Avionics Syndrome: An EFB Inhibitor? Editor's Note: ACs of Consequence Editor's Note: Lead-Free Avionics? Editor’s Note: A Crisis Averted New Products Editor's Note: E-Commerce in Large Scale Editor's Note: Stretching The Dollar

Thursday, February 1, 2007

Editor's Note: Software Security

Bill Carey

I've been talking to software engineers a lot lately, and what they’re talking a lot about is software security.

With the progression to network-centric operations underway in the U.S. military, and with it the promise of a powerful, collaborative information exchange combining systems, sensors and platforms, the security of underlying software in a multitude of networked pieces is critical.

Nowadays, pretty much everything is networked, from traffic lights to financial transactions. And every network has potential vulnerabilities that can be exploited by teenage hackers or worse, says Dan O’Dowd, CEO of Green Hills Software. At a recent conference hosted by Green Hills in picturesque Santa Barbara, Calif., O’Dowd’s words cast a chill over the otherwise temperate setting.

Software developers are addressing what could be the soft underbelly of net-centricity with partitioned operating systems designed for Multiple Independent Levels of Security (MILS). MILS architecture is founded on a separation "kernel," layered between the processor and software applications. The kernel divides the computer into separate address spaces and scheduling intervals and prevents cross-contamination of applications. One failed or corrupted partition cannot affect another, and each can be security-certified relative to its importance. The kernel itself, with less than 5,000 lines of source code as compared, say, to Windows XP at 40 million lines of code, is "provably secure," Green Hills says.

Another company focusing on the MILS architecture for embedded software is LynuxWorks of San Jose, Calif. "There’s a lot of interest from existing customers that deploy into avionics," Gurjot Singh, LynuxWorks’ president and CEO, told me over lunch at the National Press Club in Washington. "The interest in software separation is tremendous."

Naturally, Green Hills didn’t fly editors to Santa Barbara to sample the pinot noir. The occasion marked the 10th anniversary of its Integrity real-time operating system (RTOS), first applied in the B-1B bomber. The Integrity-178B RTOS, certified by FAA to DO-178B Level A, the standard for safety-critical avionics software, now is being evaluated by the National Security Agency (NSA) to the highest security rating — Evaluation Assurance Level 6+. Green Hills says Integrity is the first system to face that test, which it expects to pass this year.

"There’s a lot of noise out there from some of our competitors," about meeting the requirements for NSA evaluation, O’Dowd said. "What we have to offer people in networking is actual security — real security."

Green Hills finds support for its effort in the strategy laid out by the U.S. Department of Defense for achieving Net-Centric operations.

In his 2006 strategic plan, DoD Chief Information Officer John G. Grimes identified a secure information environment, including the use of "trusted" software, as one of nine focus areas for the Net-Centric transition.

"Information assurance — protecting the data and defending the network — is... critical to the department’s transformation," Grimes testified to Congress last year. "The importance of information assurance simply cannot be overemphasized.... [W]e must be confident the network will be there and trust the integrity of the data."

Michael Ammons, principal engineer for airborne communications systems with Sanmina-SCI Defense and Aerospace Systems in Huntsville, Ala., sees high-level software security as a similarly transformational event for industry. Sanmina-SCI selected Integrity for its FireComm next-generation airborne intercommunications system, which demands real-time, multilevel security.

In the past, security was achieved by physical isolation of radios. "In the history of security in military aircraft, that’s pretty much the way we’ve done it. We have totally isolated one radio from another radio — physical isolation that has maintained security up to this point," Ammons said.

"But as things progress and become more and more digital, we can’t depend on physical isolation anymore. We’re going to have to start leaning on software isolation. These guys [Green Hills] are trying to get certified right now with the Integrity system, to get NSA-certified for assurance. Once that happens, we’ll have a way of doing isolation in the software domain."


Post a Comment

Name:
Email:
Comments:

Please enter the letters or numbers you see in the image.

 
Your message will be reviewed before it is posted.
Copyright © 2008 Access Intelligence, LLC. All rights reserved. Reproduction in whole or in part
in any form or medium without express written permission of Access Intelligence, LLC is prohibited.





?>