SourceT® micro OS
Genuinely secure micro operating system for mission-critical applications
Just look at the history of IT security. Year after year, security spending has increased substantially. But what do we have to show for our investment in security? Security vulnerabilities are up. Malware is up. Patches are up. We call this ineffective approach to security "bandaids and bodyguards" and it shows no sign of slowing down.
Some security experts say that today's systems are simply too big and complex to ever be secure. That the only way to win the security war is to start over, from scratch. We agree.
So we decided to tackle the security problem from the ground up, with a goal of developing applications that would no longer be vulnerable to the kinds of attacks we see in the news every day. And while we were at it, we wanted applications that could defend themselves against any kind of network attack--without requiring protection from network security appliances.
How did we do this? By designing what we call a Geniunely Secure system that can host and secure many different kinds of networking and server applications. This Genuinely Secure system consists of both hardware and an operating system, because only the combination of the two can deliver the necessary security properties.
We chose the Itanium 2® microprocessor as our hardware foundation. It possesses the security features we need to build truly secure systems. We knew that because our CTO led the design team that developed Itanium. So he knew that the Itanium microprocessor provides features like:
- Completely independent read/write/execute privileges per page, to prevent data from being executed, or code from being written
- Protected stack architecture, to prevent buffer overflow attacks
- Memory compartments, to safely store secret information in memory
- Four levels of privilege, to provide defense in depth
Next, we designed a micro operating system that could take advantage of these unique features - SourceT. SourceT creates an environment that fully protects itself and applications executing on it. This level of protection is achieved by:
- Completely authenticating the firmware, micro OS, and application code during the boot process
- Compartmentalizing and protecting code and data at runtime
- Eliminating paths for code injection and execution
Finally, we designed a high speed network I/O stack that has attack detection and mitigation built right into it. This means that any application running on it can remain completely operational even under heavy attack.
Skeptical? You should be. But the noted security research firm, Matasano Security
, found no architectural flaws that would allow the injection of foreign code into SourceT. And independent test laboratory, Extreme Labs
, found that SourceT provides continued to be available when under attack.
No bodyguards. No bandaids. Just security built in from the ground up.
Genuinely Secure systems reduce business costs and risks by:
Eliminating operating system hardening
Genuinely secure systems are immune to malware, so they don't need to be hardened before being put into production.
Eliminating emergency vulnerability patching
Genuinely Secure systems eliminate the possibility that a software bug can be exploited to breach the integrity of the operating platform. This means you can upgrade your software on a schedule of your choosing and eliminate disruptive patching emergencies.
Reducing the need for security appliances
Network attack detection and mitigation is built-in, so you don't have to purchase and manage protective security appliances.
The high performance characteristics of Genuinely Secure systems mean that you can consolidate servers while increasing capacity.
What Others Are Saying About SourceT
"No architectural flaws that would allow for the injection of foreign code into the SourceT system were identified."
"Traditional methods used by malware to gain system access and obtain the
privileges necessary to install themselves for continued infection do not appear viable.”
Read the full report
"The Secure64 DNS server software completely ignores two of the three (DDoS) attacks used, and behaves ‘valiantly’ when flooded in a TCP SYN flood attack.”
President, Extreme Labs
Read the full report
"The most impressive capability of the server is its ability to resist DoS and DDoS attacks with minimal loss of service."
Partner, Hurwitz Group
Read the full report
Find out more about SourceT.