The military has always had better security than we can get on our computers, and Green Hills Software, a provider of a real-time, secure operating system called Integrity, wants to change that. To that end, the company has spun its Integrity operating system into a wholly owned subsidiary called Integrity Global Security and …
I guess it depends
I guess it depends on what you mean by security, and the press release<<<<<<<<article doesn't really say. Yes an authentication layer can be added on top of WinNT, or a layer which claims to provide access controls, or a layer which claims to provide an audit log. And you can do these in an OS-independent way; indeed, stuff like CDSA aka Common Distributed Security Architecture has been doing much of this for some real OSes for a decade or more, but you almost certainly won't have heard of it (and it doesn't claim to be ready for niches like DO-178).
But as soon as anyone claims they put "a security layer" on top of Windows, it loses all credibility as a means of actually enforcing security in a meaningful way, because of the insecurity of the underlying OS.
>>The military has always had better security than we can get on our computers
Just ask Gary McKinnon
I thought it went UNDER windows, allowing you to control everything passing between the OS and the hadware?
there is a bit of a difference between the security systems on a fighter jet or nucler missile silo and some dodgy windows server running in a branch office managed by a ten year old.
The way I read it is that it's NOT putting a security layer on top of Windows - but putting Windows on top of a security layer. If that makes sense - for all intents and purposes, Windows just becomes a GUI playing in a sandbox and the underlying Integrity OS won't let that GUI play with the fundamentals.
Of course the weakest link, as far as commercial/home PCs are concerned will probably be the organic component sitting on a chair in front of the keyboard.
"Integrity is for environments where you expect hostile, repeated attempts to breach security"
Hmmm, like the web? Especially for orgs like Spamhaus.
I wonder if OpenBSD has been tested
under the guidelines for EAL6+. hmm...must go and find out.
Paris because inquiring minds want to know.
Re: Anon Cow
The EAL stuff seems to be for commercially available systems only.
You would need to search for a specific implementation of OpenBSD being sold on some sort of device.
(penguin because you don't have an icon for the BSD demon)
AC - to be fair tho - that was a pretty funny thing to say
I bet you're a bubble burster irl.
"The military has always had better security than we can get on our computers"
Pity they've never actually used it.