Wind River Systems, represented by Dedicated Systems Australia , has announced that its VxWorks MILS 2 is in evaluation to be certified to the Common Criteria (ISO/IEC 15408) Evaluation Assurance Level 6+/NSA high robustness.
Companies responsible for defence, networking, industrial and other infrastructure systems worldwide are demanding ever-increasing functionality and secure and safe operation with high assurance of protection from intentional or inadvertent threats or errors.
At the same time, these systems must often operate with requirements for reduced space, weight and power, known as SWaP.
To meet these competing demands, a new system architecture has emerged called multiple independent levels of security or MILS. A MILS operating system partitions a single processor among multiple software components with resource allocation, information flow and fault isolation strictly enforced to conform to rules defined by developers and system integrators.
VxWorks MILS 2 is Wind River Systems’ implementation of the MILS architecture. VxWorks MILS 2 leverages technology from a widely adopted partitioning operating system, VxWorks 653, the base for the Boeing 787 Dreamliner Common Core System, the Airbus A330 Multi-Role Tanker Transport refueling system and more than 100 other programmes.
Achieving EAL6+/NSA high robustness certification will enable Wind River defence customers to use VxWorks MILS 2 to build multi-level secure systems able to process data from three or more security domains simultaneously including systems that upgrade, downgrade or fuse information at different security classifications through top secret or from different coalition partners.
For its Common Criteria EAL6+ evaluation, Wind River Systems has partnered with experts in software information assurance: CygnaCom Solutions as its Common Criteria Test Lab and the University of Idaho for the formal methods required at EAL6+.
CygnaCom Solutions performed a Common Criteria evaluation in the United States and was Wind River Systems’ partner on a classified EAL7 evaluation in 2004.
The University of Idaho was designated by the U.S. National Security Agency in May 1999 as one of seven initial Centers of Excellence in Information Assurance and involved in the development of formal methods for software assurance.
VxWorks MILS 2 includes three main technology differentiators, compared to competitive offerings, which reduce customer product life cycle cost and risk:
A two-level scheduling architecture that yields better system performance, reducing cost of goods because a system based on VxWorks MILS 2 requires less processing power for equivalent functionality
Innovative independent build, link, load and configuration capability for complete application isolation, not just during execution but throughout the product life cycle, allowing for faster development and improved obsolescence avoidance
Modular XML configuration data and security policies that help speed certification and recertification, reducing cost of change
"Based on input from numerous defence and aerospace programs, Wind River expects VxWorks MILS 2 to be widely adopted by those building multi-level secure systems," said Rob Hoffman, Vice President and General Manager for Aerospace and Defense at Wind River Systems.
"Certification of an operating system at the highest levels of security is time-consuming and costly. With this announcement, Wind River demonstrates its commitment to ensuring that VxWorks MILS 2 will be acceptable to certification and accreditation authorities of our customers’ multi-level secure systems."
"University of Idaho began by working with Wind River and NSA to develop a set of design and coding guidelines for VxWorks MILS 2," said Dr. James Alves-Foss, director of the Center for Secure and Dependable Systems at the University of Idaho.
"Conforming to these guidelines means that formal evaluation methods can be applied to VxWorks MILS 2 quickly and without the difficulties faced by systems with code not oriented toward formal evaluation."
Customers who require the security afforded by MILS can contact Wind River Systems for advance access to VxWorks MILS 2. VxWorks MILS 2 certification timelines depend on customer-specific targets of evaluation, which are the actual targets to be evaluated in a security analysis.