The Green Hills Software INTEGRITY-178B Separation Kernel TOE is a separation kernel designed to instantiate and separate partitions that serve to host custom applications. The TOE manages access to memory, devices, communications and processor resources to ensure that partitions can be entirely separated and can interact only in well defined ways configured by System Architects.
\r\nThe TOE is an embedded real time operating system, in that it does not include operating system constructs such as a file system, shell prompt, or user logins. It does schedule partitions to execute on the actual hardware and provides granular scheduling capability to entities (i.e., tasks) operating within a given partition.
\r\nThe TOE comprises the INTEGRITY-178B real time operating system (RTOS) running on an embedded PowerPC processor on a Compact PCI card. The card plugs into its IT environment via the PCI bus, but other than drawing power from that bus it has no security dependency on the bus or other devices connected to it. Devices on the bus, or devices that can be installed on the embedded card directly, can be made available to partitions, although the TOE itself does not include any device drivers. Access to such devices can be provided to partitions by mapping their control and data registers to memory regions in a given partition and device drivers can be implemented outside the TOE in the partitions as necessary.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the Green Hills Software INTEGRITY-178B Separation Kernel TOE meets the security requirements contained in the Security Target - Green Hills Software INTEGRITY-178B Separation Kernel Security Target, Version 1.0, 30 May 2008.
\r\nThe criteria against which the TOE was judged are largely described in the Common Criteria for Information Technology Security Evaluation version 2.3. The evaluation methodology used by the evaluation team to conduct the evaluation was a combination of the Common Methodology for Information Technology Security Evaluation versions 2.3, 3.0, and 3.1 along with methodology developed specifically for this project to address explicitly defined assurance requirements.
\r\nScience Application International Corporation (SAIC) determined that the TOE doesn’t satisfy any EAL defined in the Common Criteria, but rather fulfills the High Robustness requirements as defined in the U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness, Version 1.03, 29 June 2007. The TOE, when configured as specified in the installation guides and user guides, satisfies all of the security functional requirements stated in the Security Target.
\r\nValidators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The CCTL evaluation was completed in April 2008. The NSA evaluation was completed in August 2008. Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report.
","environmental_strengths":"The Green Hills Software INTEGRITY-178B Separation Kernel TOE provides security auditing, user data protection, identification and authentication, security management, protection of the TSF, and resource utilization features as they relate to the TOE and hosting of application partitions.
\r\nSecurity Audit: The TOE is capable of auditing security events, placing them into a memory buffer that can be accessed b y an application in a partition configured for that purpose. The TOE can be configured to shut itself down when it detects a security relevant failure within itself.
\r\nUser Data Protection: The TOE instantiates partitions and allows them to interact only through specifically configured mechanisms. The separation extends even to CPU time where partitions can be given fixed blocks of guaranteed processing time or alternately can be combined into groups that can share blocks of time.
\r\nIdentification and Authentication: The TOE maintains unique identification of all partitions and available resources so that they are always unambiguously associated.
\r\nSecurity Management: The TOE is intended for use as an embedded component with no capability for direct interaction between authorized individuals and the TSF during runtime. All security management functionality is achieved by the System Architect through the configuration and deployment of the TOE before it becomes operational.
\r\nProtection of the TSF: The TOE includes self tests that can run at boot-time and as scheduled by the System Architect to ensure the underlying hardware is working correctly and the TOE binaries have not been corrupted. A System Architect deploying the TOE can use built-in hooks to perform specific functions during boot up and in the event of identified problems. Resource utilization: Both memory and processor resources are among the resources that can be assigned to partitions. Specific memory regions are assigned and partitions cannot acquire more memory without the TOE being reconfigured while non operational. Also while being configured, a given partition can be given a specific block of guaranteed CPU time or can be pooled with other partitions to share blocks of CPU time.
","features":[]}