Network equipment manufacturers have always been
focused on producing systems with high availability—achieving five and six 9s of uptime has always been the
goal. To achieve this, quality standards and advanced tools
were developed to find and remove bugs early in the
development cycle. Redundancy strategies were also developed
to isolate faults and to enable fast recovery when
faults occured in fielded systems.
While minimizing bugs and supporting redundancy are still
key to ensuring highly available systems, attacks by hackers
have emerged as a new threat to network uptime. Time
and time again in recent years, security vulnerabilities in
network equipment have been exploited to wreak havoc
on networks or steal services. As VoIP and IPTV become
commonplace—and the threat of losing revenue grows—it becomes even more critical that network service
providers choose equipment hardened against attacks.
The Green Hills Platform for Secure Networking combats
these vulnerabilities directly by:
- Supporting security protocols for data transmission
- Securing the network device itself
|
Other Benefits |
| » |
INTEGRITY Real Time Operating System
Our INTEGRITY real time operating system is ideal for telecommunications and networking products. INTEGRITY is the most reliable real time operating system. INTEGRITY is also small, fast, and easy to use. And no matter how many units you produce the price is always the same. |
| » |
Network and Telephony Software Packages
We offer a complete array of network (TCP/IP, PPP, FTP, TELNET, DHCP, SNMP, DNS, POP3, etc.) and telephony (ATM, SS7, Frame Relay, ISDN, etc.) protocol packages. |
| » |
C & C++ Development Environment
Our MULTI development environment provides everything that you need to develop telecommunications and networking software in the C & C++ programming languages.
|
| » |
POSIX API
If your software has been written to use the POSIX API, you can use our POSIX API layer to run POSIX compliant software on our INTEGRITY Real Time Operating Systems.
|
| » |
Application Porting Service
If you are currently using another real time operating system and you believe that it is too costly, time consuming, or high risk to port your application to the higher reliability, higher performance, more productive, royalty-free INTEGRITY real time operating system, then you need our Application Porting Service. It will deliver a fixed-price fixed-schedule risk-free turnkey conversion of your entire system to our INTEGRITY real time operating system. |
| » |
Reduce Your Time To Market
The fierce competition in the telecommunications and networking industry makes being the first to market with new technology critical to success. We offer a comprehensive range of products and services that reduce your time to market. |
| » |
Reduce Your Development Cost
The escalating cost of developing complex telecommunications and networking products makes reducing your development costs essential to your success. We offer a comprehensive range of products and services that reduce your development cost. |
| » |
Maximize Your Product Reliability
Reliability is critical for telecommunications and networking products. We offer a comprehensive range of products and services that maximize the reliability of your product. |
| » |
Maximize Your Product Performance
The competition for rapidly increasing telecommunications and networking product performance is fierce. We offer a comprehensive range of products and services that maximize the performance of your product. |
| » |
Maximize Your Product Capability
The competition for rapidly increasing telecommunications and networking product capability is intense. We offer a comprehensive range of products and services that boost the capability of your product. |
| » |
Maximize Your Product's Lifetime In The Market
The high cost of developing complex telecommunications and networking products makes extending your product's lifetime in the market essential to its financial success. We offer a comprehensive range of products and services that extend your product's lifetime in the market.
|
|
|
| Securing data transmission |
 |
|
The Platform for Secure Networks includes the GHNet TCP/IP network stack. GHNet is a dual mode IPv4/IPv6 stack that supports industry standard security protocols such as SSH, SSL, IPSec, IKE, RADIUS, and a complete set of cryptographic algorithms to support these protocols. The core product is 100% US-Citizen developed and free from foreign influence (FFFI). This is an important factor for certain government and military related networked devices (e.g., Type-1 NSA-approved crypto devices). GHNet is a high performance and extremely scalable stack that can be used in applications ranging from small footprint portable devices to core infrastructure equipment.
GHNet features:
- Mature IPv6 support
- Dual-mode stack
- Extensive security protocol support
- Core product is 100% US-Citizen developed
- BSD 4.4 Socket API
- Optimized for speed and size
- Supports execution in a protected address spaces
- Validated and tested with INTEGRITY™
|
| Network device security |
|
The unique architecture of the INTEGRITY RTOS is ideally suited for enabling security and high availability. Realizing that security isn’t something that can be bolted on to an existing product, INTEGRITY was designed with security in mind from the beginning. INTEGRITY supports the requirements and security policies of Multiple Independent Levels of Security (MILS), the architecture for composing secure computing systems from high-assurance components. The key concepts of MILS include:
- Data isolation
- Information flow control
- Periods processing
- Damage limitation
These key concepts enable protected execution of applications and system services, guaranteed resource allocation, information flow control between partitions, stack and application isolation, and containment of errors and attacks. All are essential components for hardening any device against attack.
While separation kernel technology is required as the foundation for building secure systems, it also has benefits related to high availability beyond security. The same fundamental principles that apply to isolating and containing an attack on the system can protect it from inadvertent programming errors. An error in one application in the system will not damage or disrupt any other services in the system. The fault is isolated and the damage is limited. Additionally, INTEGRITY’s message passing architecture and built in error handling provides a framework for notification and automatic recovery of a partition that has encountered a problem. These are key building blocks for building highly available systems. |
|
|
| CPU consolidation |
Channel density is another driving force for
equipment manufacturers. As processor speeds
increase, manufactures want to squeeze more
channels and data throughput into a single CPU.
But this can result in sacrificing some of the hardware
level redundancy.
By using separation kernel technology with guaranteed
resource allocations, developers can create virtual processors
executing on a single device. This enables them to
retain the same redundancy architecture while consolidating
software from multiple CPUs onto a single CPU. |
| Extensive partner ecosystem |
The Platform for Secure Networking is integrated with a
comprehensive suite of networking and applications protocols
to address a wide variety of network equipment
requirements.
- Layer 3 IP routing protocols, MPLS, virtual routing, and
virtual private networking
- OSPF, BGP, IS-IS, DVMRP
- PIM-SM, PIM-SSM, PIMDM, MSDP
- MP-BGP for IPv6, IS-IS for IPv6, OSPFv3
- VPN (layer 3 MPLS-BGP virtual private networking)
- H.323, SIP, RTP/RTCP, MGCP, MEGACO/H.248, 3G-324M
- Wireless LAN
- Data Distribution Services—NDDS, CORBA
- Advanced SNMP Agents
|
| Integrated middleware |
The Platform for Secure Networking is also integrated
with the following optional middleware components.
USB
High-performance USB solutions provide both host and
device (function) support and include numerous class drivers
and example applications (source code provided for
stacks and drivers).
File systems
INTEGRITY’s file system framework model, commonly referred to as a virtual file system (VFS) framework, is provided to make it easy to add and remove support for various file systems. The VFS server provides file system support for UNIX-like file systems, DOS/FAT 12/16/32, ISO 9660,Wear Leveling Flash File Systems, and others.
Embedded Databases
Support for several embedded in-memory databases allows users to store and access complex data content using structured store and query methods. The database solutions for INTEGRITY range from those with extremely small footprints, to distributed databases with real-time updates, to full blown SQL compliant databases.
Graphics and video support
INTEGRITY offers extensive support for embedded graphics development spanning the deeply embeddable to advanced OpenGL compatible 3D graphics environments. |
| Best in class tools |
The Platform for Secure Computing is integrated with the
industry-leading MULTI® Integrated Development
Environment (IDE). MULTI provides a complete suite of
tools for eradicating bugs and producing the highest performance
software.
- Green Hills Compilers—independently certified as the
industry’s best optimizing compilers
- DoubleCheck static code analysis—finds bugs early
in the development process, even before the code is
loaded onto target hardware
- Run Time Error Checking—finds bugs in real time
without developer intervention
- Memory profiling and leak detection—quickly identify
difficult memory related bugs
- TimeMachine—enables developers to catch all
remaining bugs and debug them quickly
- Path Analyzer—provides visualization of code execution
and quickly identifies hot spots that require optimization.
Telelogic’s Rhapsody SysML/UML modeling
& code generation
Telelogic’s Rhapsody Model-driven Development
Environment based on SysML (System Modeling
Language) and UML 2.0 (Unified Modeling Language)
helps software teams move from requirements through
system architecture phase with advanced modeling tools.
Rhapsody is capable of fully modeling system architectures
across any discipline and allows the execution,
implementation and testing of those models in an easy
push button environment. Tightly integrated with MULTI
and INTEGRITY, Rhapsody can generate code for
INTEGRITY-based systems from the models created with
UML. Users can also debug Rhapsody models side-by-side
with generated source code in MULTI.
|
| Platform description |
The Green Hills Platform for Secure Networking includes a
royalty-free license for the following technologies:
- INTEGRITY separation kernel
- Advanced file system
- Wear leveling flash support
- Unix-like hierarchical file system (FFS)
- RAM Disk
- DOS/FAT12/16/32
- ISO9660
- NFS Client
- GHNet dual mode IPv4/IPv6 networking stack
- ARP, IP, UDP, TCP, ICMP, AutoIP, SLIP, DNS Client, DHCP Relay Agent, BootP Client, TFTP Client/Server, Telnet Server, FTP Client/Server, IP Multicast (IGMP), NAT Router, PPP, PPPoE, RIP Listener and MLD
- IPSec
- IKE
- Secure Web Server including SSL/TLS Client and Server
- Secure Shell Client and Server (SSH)
- Radius Client
- SNMP v1/2c/3
Optional products for this platform include:
- Partitioning Journaling File System (PJFS)
- WPA/WPA2 with Extensible Authentication Protocol (EAP) and Cisco compatible extensions
- USB
- Embedded Databases
- Graphics/video support
- Third party networking and application protocols
|
| Summary |
 The next generation of network equipment must address
security as a top priority along with high availability and
reliability. Furthermore security and reliability are now
inextricably intertwined. By its very nature, network equipment
is connected and susceptible to attack.
Hackers are
constantly finding new and inventive ways to disrupt
and/or steal network services. A system cannot be highly
available and reliable unless it is hardened against these
attacks.
Green Hills Software’s Platform for Secure Networking
provides the foundation for building the next generation
of security hardened network equipment.
|
