PitBull® Trusted Cyber Defense Starts with a Trusted Operating System

Overview The PitBull® Trusted Operating System (OS) provides the secure separation and role-based access control required to protect information of multiple levels at the heart of the computing platform. PitBull software enhances Red Hat Enterprise 6® by providing trusted functionality and high assurance.With heightened focus on protecting information from both internal and external threats, PitBull’s compartmentalization ensures the integrity and control of data is maintained, while data spillage is contained in the event of a breach. PitBull is a commercial solution that is currently deployed worldwide to protect information and networks. Features-at-a-Glance nnAdds a fundamental layer of security to ensure integrity for all levels of use nnIsolates applications, network interfaces, data, and users using simple security labels—does not rely on a complex rule set for isolation nnPrevents exploitation of bugs in any one application from damaging the entire system or other running applications Isolates Data, Applications, and Interfaces nnControls network resources usable by each application nnControls and limits all user and administrator Provides Foundation for accounts—eliminates superuser vulnerabilities by enforcing least privilege and separation of roles. Contains Data Loss nnAllows for the development of flexible, ironclad security architectures nnConsolidates workstations, eliminating the Prevents Data Spillage need for multiple computing platforms nnInstalls as an upgrade to an operational system Reduces Insider Threat Risk Security Features: nnIdentification and authentication nnDiscretionary access control nnMandatory access control nnMandatory integrity controls nnPrivileges nnAuthorizations nnSecurity flags nnAuditing nnIntegrity checking PitBull® Trusted Operating System nnAdvanced secure networking with MAC controls secure communication between applications or utilities in separate nn Industry Standards: Enhances and protects audit records compartments, without allowing direct access to each other’s files nnExceeds LSPP (EAL4+) Common Software Development Kit Criteria requirements nnSecure Program Launcher: Allows The Software Development Kit is included users without powerful authorizations nnProvides Bell-LaPadula-based MAC with the purchase of PitBull. The Kit includes to execute programs that operate () libraries, header files, maintenance pages, at a high level of security, but only nnSupports the MTR-10649 MITRE and software developer manuals required to in a limited predefined mannerz Label Encoding Format file write PitBull-specific applications or modify nnSupports Biba model MIC (mandatory existing applications to become PitBull aware. Training integrity control) based labels nnPitBull Introductory Training (3-day): Optional Security Features Introductory Training course covers all of Unique Features: Building on the PitBull Trusted OS, the the basic PitBull features and commands for users, administrators, software nn optional security features below allow MAC and MIC labels supported developers, and system architects. at the kernel level commercial and custom software to be easily configured into trusted, sophisticated nnPitBull Software Developer Training nnProvides clearances for all system network architecture, securing utilities, (2-day): Designed for software objects to include users, processes, tools, and scripts. Other benefits include: developers who will be writing memory segments and files software for PitBull or adding PitBull nn nnSupports roles and authorizations Streamlines architectures, improves security features to existing software. performance, and reduces costs Prerequisite: PitBull Introductory Training nnImplements poly-instantiated MLS and manpower requirements network ports and CIPSO-labeled packets nnAllows users to securely access back- nnEnforces two-man/four-eye end applications via the Internet login authentication nnEnables a modular architecture nnAllows for dual operational/configuration tailored to a customer’s specific system modes of operation environmental requirements nnSystem integrity checks and nnSecure Communications Enforcer: integrity databases Tightly integrates trusted programs nnProtects critical system files and that pass packets between different services using disambiguated security partitions and examines each security mechanisms incoming request and, if validated, directs it to the appropriate service nnSupports labeled printing nnSecurity Gate: Trusted software component that mediates limited,

Standard operating system Standard operating system after attack The result: Total loss of data

The compartmentalization of the PitBull Trusted Operating System ensures that the integrity and control of data is maintained and data spillage is contained in the PitBull Trusted Operating System event of a breach. PitBull Trusted Operating System Isolating the damage makes it possible after attack to maintain functions

gdmissionsystems.com/pitbull • [email protected] Phone: 1-877-449-0600

©2015 General Dynamics. All rights reserved. General Dynamics reserves the right to make changes in its products and specifications at anytime and without notice. All trademarks indicated as such herein are trademarks of General Dynamics. All other product and service names are the property of their respective owners. ® Reg. U.S. Pat. and Tm. Off. D-PIT-08-0616