Inside the World of Secure Operating Systems
But how can you know whether to believe the promises of vendors?
This question is less of a dilemma in the case of trusted OSes, because certification standards exist. To be certified as a trusted operating system is no small endeavor, according to Hurley. "The trusted versions ... go through a rather rigorous multiyear process of asserting what the security policies are, documenting them, fault insertions, code review and rather rigorous testing," he said. The most commonly used system, at least in the United States, is the Common Criteria standard.
On the other hand, Hurley noted, hardened systems are far less well defined. "There's very little formal theory behind it, less documentation and no testing by an accredited agency."