SYSGO's PikeOS achieved Security Certification Evaluation
SYSGO is announcing that its flagship RTOS (Real-Time Operating System) product PikeOS has been used in the definition of a Security Target and received approval from the French Network and Information Security Agency (ANSSI). This security label is a first achievement in the overall process of Common Criteria EAL certification initiated by SYSGO in 2007.
A French security test lab has officially evaluated a security product built on PikeOS. The product has been developed by a world technology leader for defense and security. The French CESTI lab is an accredited security evaluation laboratory for Common Criteria security evaluations, also commonly referred to as Information Technology Security Evaluation Facilities (ITSEF). As a result, a certificate called "Certification de Sécurité de Premier Niveau" (CSPN), also called First Level Security Certification was delivered by the French Network and Information Security Agency (ANSSI).
The CSPN certificate states that the product successfully underwent through an evaluation performed by a recognized ITSEF in a restricted time and framework but with procedures used for Common Criteria EAL certification. Preliminary evaluation work is intended to:
- check product conformance to security specifications,
- perform some theoretical measurements and go through known
vulnerabilities of other products in the same category,
- stress-test the product in an attempt to breach its security functions.
ANSSI has signed the Common Criteria Mutual Recognition Arrangement that enables the recognition, by the signatory countries of the agreement (including USA as well as major countries in Europe and Asia), of certificates issued within the scope of Common Criteria certification frameworks.
"We are pleased to have passed this official and demanding test conducted under the authority of the French national security agency," said Jacques Brygier, VP Marketing of SYSGO. "This certificate is just one of the many activities we have in the area of security. Besides on-going efforts in finalizing formal code verification of the PikeOS micro-kernel for Common Criteria EAL 7, and creating artifacts for Common Criteria EAL 5+, we are involved in various industrial projects requiring the highest level of security."
Common Criteria (CC) EAL level conformance is not the goal of this type of preliminary evaluation, but the rigor and the quality associated with the CSPN process validate the strong security capabilities of PikeOS. Through its avionics DO-178B certification, the most stringent safety standard in the industry, PikeOS already met many requirements mandatory for the highest level of security.
PikeOS enables multiple operating system interfaces, called Personalities, to work on separate sets of resources within a single machine. Examples of Personalities include Linux, POSIX, Android, RTEMS, ARINC-653 and many others. A Windows Personality is currently being developed. Because of the resource separation enforced by the PikeOS microkernel, multiple applications with different safety and security requirements and belonging to different Personalities are able to co-exist on the same hardware platform. The PikeOS microkernel architecture allows it to be used in cost sensitive, resource constrained devices as well as large, complex systems. The simplicity and compactness of the PikeOS design results in real-time performance that competes head-to-head with conventional proprietary RTOS solutions. PikeOS supports many different single- and multi-core processor architectures such as x86, PowerPC, MIPS, ARM, SPARC or SH. Support of multi-core offers a flexible approach to the user who can select an execution model ranging from a pure AMP (Asymmetric Multi Processing) to full SMP (Symmetric Multi Processing). PikeOS is certifiable to safety standards like DO-178B, IEC 61508 or EN 50128, is MILS compliant, and is currently involved in various security standard CC EAL certification projects.
SYSGO provides operating system technology, middleware, and software services for the real-time and embedded market. A differentiating capability of SYSGO is the SSV (Safe and Secure Virtualization) platform PikeOS, a paravirtualization operating system which is built upon a small, fast, and safe microkernel. It supports the co-existence of independent operating system personalities on a single platform, including ELinOS, SYSGO's embedded Linux distribution. SYSGO supports international customers with services for embedded Linux, real-time capabilities and certification for safety-critical applications. Markets include Aerospace & Defense, Industrial Automation, Automotive, Transportation and Network Infrastructure. Customers include Airbus, EADS, Thales, Daimler, Raytheon, Rheinmetall, Rockwell-Collins, Nokia Siemens Network, and Rohde & Schwarz. SYSGO has facilities in Germany, France, The Czech Republic and North America, and offers a global distribution and support network, including Europe and the Pacific Rim.
For more information please visit www.sysgo.com