Green Hills, GHS, MULTI, 2000, RTOS, Integrity, PC Secure, JTAG, BDM, Debug, Probe, Embedded,DO-170B Aerospace, Fortan, GMART, GSTART, G-CoverTimeMachine, RunTime, Analyzer, ETM, Slingshot, Supertrace, Probe, ARM, ARM7, ARM9, ARM920, ARM922, ARM926, MMU, MIPS, EMMA2, PowerPC, XScale, StrongARM,. OMAP, TI, MIPS, ColdFire, 68K, CPU32, V800, BlackFin, ARC, StarCore, FR, ZSP, Tricore, ST100, i960, MCORE, Alpha, Intrinsity, Lexra, RAD6000, RH32, Renesas, Hitech, SH, SparcLite

Real-Time Operating System INTEGRITY PC Secure INTEGRITY PC Secure Virtualization Solution for Linux and Legacy Applications

An impenetrable wall
INTEGRITY PC is an extension to the INTEGRITY real-time operating system (RTOS) that enables developers of high-security and high-reliability systems to incorporate guest applications and operating systems—such as Linux—that do not otherwise satisfy a system’s security and reliability requirements. INTEGRITY PC combines the INTEGRITY operating system with Green Hills Software’s Padded Cell™ secure virtualization software. The Padded Cell software uses a separation layer to run guest operating systems as user-mode INTEGRITY applications. Multiple Padded Cell applications can run concurrently on a single physical computer, each hosting its own guest operating system. An impenetrable wall around each guest operating system ensures that errant, insecure, or malicious code can never compromise the security or reliability of the rest of the system—either inadvertently or via a hostile attack.
A growing need for secure systems
As more embedded and real-time products include networking interfaces and connect to the Internet, awareness of the threat from cyber-terrorism and espionage as well as viruses, worms, and malicious hackers grows significantly.For applications in defense, industrial control, and critical infrastructure (such as dams, wastewater treatment, power plants, and telecommunications networks) the need for more secure software systems is acute. For these industries, INTEGRITY PC is cost-effective solution to the challenge of retrofitting these systems to make them resistant to attack. Yet industries that produce general-purpose devices that only require security in parts of their systems can benefit from INTEGRITY PC as well. For example, a consumer appliance like a set-top box or home gateway may need a desktop operating system to run popular game, browser, or email applications from third-party vendors. But the core functions of these devices—video streaming, IP routing, or VoIP (Voice over IP)—as well as any personal data must be kept safe from interference from these desktop applications, Internet worms, an exploited security holes, or Trojan horses. In the past, the only way manufacturers could satisfy these dual requirements was by separating the secure system on an additional, dedicated processor. This increases not only the cost of the device, but the power consumption heat dissipation requirements, and size as well. With INTEGRITY PC virtualization software, manufacturers can now more readily and economically include desktop operating systems and applications without jeopardizing security or the performance of mission-critical tasks.
Built on the INTEGRITY RTOS
INTEGRITY PC builds on the secure partitioning capabilities of Green Hills Software’s INTEGRITY RTOS, which has been proven time and again in applications with the most rigorous security requirements. Secure partitioning provides a fixed allocation of system resources, including memory and processor bandwidth, between different partitions. Tasks running in one partition cannot exhaust the resources required by another—either inadvertently or via a hostile denial-of-service attack. Running on a virtual computer Under INTEGRITY PC, guest software runs in a virtual computer environment within an INTEGRITY partition. Multiple Padded Cell environments can run concurrently in different partitions on a single physical computer, each hosting its own guest operating system and allowing systems to be compartmentalized for increased security. INTEGRITY PC protects secure applications in several ways: Each partition has its own memory-protected virtual address space to ensure that software cannot corrupt, disrupt, or spy on another partition, even if it was contaminated by a buffer overrun exploit, hacker, virus, worm, or Trojan horse. Guest operating systems and their applications run as user mode INTEGRITY applications. They cannot alter the hardware’s configuration or circumvent in any way the protections imposed by the INTEGRITY RTOS. All I/O operations can be monitored, including network communications. As a result, aberrant activity, like that generated by spyware and hackers, can be detected and filtered. This monitoring function is performed by a native INTEGRITY applications, so it cannot be subverted or disabled by software running under a guest operating system within a padded cell environment.

Drastically reduce costs
Because INTEGRITY PC enables the use of existing insecure legacy software in a highly secure system, it can dramatically reduce the time and cost required to develop and maintain high-security systems. Not only does this benefit engineers developing new applications, an INTEGRITY PC solution can make it feasible to upgrade the security of mission-critical systems that have already been deployed. Without INTEGRITY PC, legacy software would need to be re-written before it could be used in a secure system—both to ensure that the software provides adequate security assurance and to use an underlying secure operating system. Hardware costs can also be drastically reduced for systems that would otherwise require or benefit from using multiple operating systems. With INTEGRITY PC, this can be achieved with a single computer.