Adding TRUST to mobile platforms

Venkatraman Balasubramanian — Thu, 29 Oct 2009 14:48:24 +0000

I have been thinking after noticing the Common Criteria EAL4 certification awarded to Microsoft Mobile 6.1. This certification makes me think that Microsoft Mobile 6.1 based devices are secured better than the other Mobile OS implementations. In the market, we see more operating systems showing-up in the Mobile devices which are used for personal, enterprise and sensitive (gov) needs.

Its a given fact that some vendors have a very strong hold on what can be be deployed or even run (Apple’s ability to, preemptively, remote administer my phone and uninstall an application is a scary thought) on these devices. Most of OS vendors want our applications to be digitally signed by them, some force their own software delivery platform on us.

We have Snapdragon like hardware platforms available in the market. General purpose OS implementations for Mobile devices is a good way to progress. My wish is to have some more hardware innovation from the industry and leap to the next horizon in the mobility segment. May be we would have a choice to buy a brand new phone and have a option to install a OS of our choice (Android, Windows Mobile, Symbian, Maemo, etc.,)

Is there a need to look at how we trust the OS vendors and their implementations that run most of our mobile devices?.

Secure OS | EAL 6+

Venkatraman Balasubramanian — Thu, 27 Nov 2008 08:20:06 +0000

Green Hills Software Inc has raised the bar for the Operating System Software Vendors. It is very nice to see their Commercial Operating System certified by the National Information Assurance Partnership (NIAP), a U.S. government initiative operated by the National Security Agency (NSA), to Common Criteria Evaluation Assurance Level (EAL) 6+, High Robustness.

Green Hills Software Inc. Integrity RTOS EAL 6+ Certificate

http://www.marketwire.com/press-release/Green-Hills-Software-Inc-921108.html

The mainstream Operating System Software Vendors have been able to get only up to EAL 4+. This is pushes STOP 7 (EAL 5+) from BAE Systems as the Second Most Secured Operating System. It is interesting to note that WindRiver is also working in getting their VxWorks RTOS certified at EAL 6+.

The above Common Criteria Evaluation information is primarily for the Operating System and not for the applications running inside the Operating System. This means that a Python/PHP application deployed under this EAL6+ environment can still be vulnerable and allow a SQL Injection Attack. Everybody can be benefited with the usage of Secure environment, provided the entire development community is conscious about the intricacies involved in securing the environment and develop secure applications.

Common Criteria Evaluation and Trusted Computing help us organize the very foundation (the OS and where it runs) of creating a secure environment. Now it is still within the reach of the best minds in the Open Source world to come-up with a Open Source Implementation covering both Software and Hardware parts of a EAL 6+/7 Solution. It would help even SMEs to work in a secure environment. Wouldn’t that be worth the cause?

<em>{}</em> » Security

Adding TRUST to mobile platforms

Secure OS | EAL 6+