Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

10/17/2012
05:11 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

The Secure Operating System Equation

Many experts like the idea of a purpose-built, secure operating system. It's just that adopting one is not so straightforward, even if it's specifically for security-strapped SCADA systems

Hardened, secure operating systems for sensitive computing environments are nothing new. Trustix, SELinux, Sidewinder SecureOS, and Green Hills Integrity are among many secure OSes, some that have survived for niche environments and others that have faded into obscurity.

In 2008 Green Hills Software announced with much fanfare that its new Integrity-178B OS was certified as EAL6+ and was being sold commercially: EAL6+ is the highest security rating by the National Security Agency's certification program, denoting that the OS was designed and certified to defend against well-funded and sophisticated attackers.

And now the concept of secure OS is back in the limelight, with Kaspersky Lab founder and CEO Eugene Kaspersky yesterday confirming reports that his security company is working on creating a secure operating system specifically for SCADA and industrial-control system environments. In a post on his own blog yesterday, Kaspersky said the ideal way to secure these critical systems would entail rewriting all ICS software and incorporating the latest and greatest security technology. But that would be a massive, costly, and unlikely undertaking that still wouldn't necessarily lock down these systems. Hence the secure OS, he said.

"But there is a fully realizable alternative: a secure operating system, one onto which ICS can be installed, and which could be built into the existing infrastructure -- controlling 'healthy' existing systems and guaranteeing the receipt of reliable data reports on the systems' operation," he wrote.

The OS would be a purpose-built platform aimed at "solving a specific narrow task, and not intended for playing Half-Life on, editing your vacation videos, or blathering on social media," Kaspersky said. His company also is working on preventing third-party code execution or hacking of the OS. "This is the important bit: the impossibility of executing third-party code, or of breaking into the system or running unauthorized applications on our OS; and this is both provable and testable," he said.

Neither Kaspersky nor other company officials would reveal technical details, but a company blog post said that the OS would be written from the ground up and not based on existing code. Its kernel will be bare-bones when it comes to code, and clear of bugs: "...the core must be 100% verified as not permitting vulnerabilities or dual-purpose code. For the same reason, the kernel needs to contain a very bare minimum of code, and that means that the maximum possible quantity of code, including drivers, needs to be controlled by the core and be executed with low-level access rights," according to a company blog post.

Most security experts say they commend the concept of a secure OS for SCADA/ICS and other sensitive environments. SCADA software is notoriously vulnerability-ridden and dated, since much of it was built at a time when plants had no Internet exposure.

But the concept of a new secure OS is fraught with challenges when it comes to real-world implementation. "I like the idea that you have a firmware model where it's custom-built just for those [SCADA] devices," says Ken Silva, senior vice president for cyberstrategy at information technology contractor ManTech International. "The reality is that there are number of challenges associated with it: Where do you find developers for a purpose-built OS? Where do you find applications or monitoring solutions? There are all sorts of things that come with supporting an OS."

The advantage of a secure OS is that it runs fewer applications and tasks, so its attack surface is smaller than a conventional OS. "It's definitely more secure, but it's absolutely not foolproof," Silva says.

HD Moore, CSO of Rapid7 and chief architect of the Metasploit Project, says he wonders whether Kaspersky Lab may be building more of a custom security platform that hardens Windows rather than an all-new OS. "My gut feel is they don't mean OS. They mean a super-AV that does endpoint protection and HIPS stuff, and bundle that into a Windows 2008/2012 build and implement policies on top to limit the damage a bad application can do," Moore says. "That's my guess."

Even so, such a platform would still face some of the same challenges that a purely new OS would, he says.

SCADA vendor Siemens, meanwhile, says creating a secure OS for the SCADA world would require the open-source community to shore up their OSes, as well. "SCADA systems are highly tailored, developed for solving a specific narrow task. Siemens is working on methods of writing software, which, by design, won't be able to carry out any behind-the-scenes, undeclared activity," says Alan Cone, HMI product marketing manager at Siemens Industry Inc. "This is the important bit: the impossibility of executing third-party code, or of breaking into the system or running unauthorized applications on an operating system."

Cone says there's no silver bullet for fixing ICS security issues: It requires a defense-in-depth strategy. Some of the security layers Siemens provides today include user administration, secure communication, security devices, MAC filtering and blocking on switches, and IP block protection within the PLC code, he says.

Next Page: Secure OS 'worth a try' Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/13/2020
Where are the 'Great Exits' in the Data Security Market?
Dave Cole, Cofounder and CEO, Open Raven,  10/13/2020
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11496
PUBLISHED: 2020-10-19
Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access to ...
CVE-2020-15822
PUBLISHED: 2020-10-19
In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.
CVE-2020-24375
PUBLISHED: 2020-10-19
A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.
CVE-2020-7193
PUBLISHED: 2020-10-19
A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7194
PUBLISHED: 2020-10-19
A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).