IEEE developing standard to create baseline for more secure operating systems

Piscataway, NJ—Because enhancing information system and network security is limited by their underlying operating systems, the Institute of Electrical and Electronics Engineers’ Standards Association (IEEE-SA) has begun work on a standard to formulate consistent baseline security requirements for general-purpose (GP), commercial off-the-shelf (COTS) operating systems.

09/17/2003


Piscataway, NJ— Because enhancing information system and network security is limited by their underlying operating systems, the Institute of Electrical and Electronics Engineers’ Standards Association (IEEE-SA) has begun work on a standard to formulate consistent baseline security requirements for general-purpose (GP), commercial off-the-shelf (COTS) operating systems. The planned IEEE P2200 standard, entitled Base Operating System Security (BOSS), will address external threats and intrinsic flaws arising from software design and engineering practices.

P2200 will build on guidance issued by the U.S. National Institute of Standards and Technology (NIST) couched in terms of protection profiles within the International Organization for Standards (ISO) Common Criteria (CC) framework. It will address essential functions for cross-platform security, including identification and authentification, access control and key cryptographic concepts.

The new standard will also incorporate recognized limitations and caveats. For example, a single standard or set of requirements may not fit all GP, COTS operating systems. Also, use of the CC framework is optional, and the final standard may not resemble the NIST base document.

Anyone with expertise in software engineering, metrics for software, cybersecurity, operating system development and related areas is invited to participate. Plans call for the standard to be completed on an accelerated schedule by the end of 2004.

'This standard will enable mass production of a class of operating systems that meet the minimum expectations of consumers for security and general reliability by establishing a floor for these characteristics,' says Jack Cole, chair of IEEE’s P2200 working group. 'This consensus standard will encompass input from all stakeholders, including operating system developers, academics, those in government and consumers in the financial, process control and other sectors. We must have as much buy-in as possible, so the standard is widely used and supported by both producers and users. We also see this fundamental standard as part of an ongoing effort that will continue to evolve so as to make operating systems more reliable and secure.'

Gary Stoneburner, BOSS working group’s vice chair, adds that the P2200 effort will return to the roots of information assurance and the need for clear, reasonable expectations for security capability. 'The standard will identify reasonable security expectations expressed, so multiple audiences can readily understand them. It also will take advantage of the ISO Common Criteria framework as a tool, not a requirement. The project provides users and industry with the‘power of the pen’ by moving OS security standards from government edict to community consensus.'

The organizers adds that P2200 is being formed within an emerging IEEE information assurance community that aims to realize the full potential of IT to deliver the information it generates, gathers and stores. Besides P2200, this community is forming the Information Assurance Standards Committee and the start of such standards as IEEE P1618, 'Public Key Infrastructure Certificate Issuing and Management Components,' and IEEE P1619, 'Architecture for Encrypted Shared Media.'

For more information, visit ieeeia.org.

Control Engineering Daily News Desk
Jim Montague, news editor
jmontague@reedbusiness.com





No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Sensor-to-cloud interoperability; PID and digital control efficiency; Alarm management system design; Automotive industry advances
Make Big Data and Industrial Internet of Things work for you, 2017 Engineers' Choice Finalists, Avoid control design pitfalls, Managing IIoT processes
Engineering Leaders Under 40; System integration improving packaging operation; Process sensing; PID velocity; Cybersecurity and functional safety
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Flexible offshore fire protection; Big Data's impact on operations; Bridging the skills gap; Identifying security risks
The digital oilfield: Utilizing Big Data can yield big savings; Virtualization a real solution; Tracking SIS performance
click me