Green Hills Platform
for Cybersecurity Resilience Act

Security By DesignSecurity From the StartSecure Boot, Run-time Protection, & Lifecycle ManagementTransparent Security Vulnerability Handling and Long-Term Support SBOM and Third-Party Components

The Green Hills Platform for CRA is a comprehensive and production-proven set of foundational software components that enables manufacturers to build more secure products with lower total cost of ownership while complying with the European Union's Cybersecurity Resilience Act (CRA).

Leveraging decades of leadership in embedded systems security, the Green Hills Platform for Cybersecurity Resilience helps manufacturers address core principles of the EU's CRA regulation across the entire product lifecycle:

• Security by Design
• Cybersecurity Risk Assessment
• Vulnerability Handling and Reporting
• Secure Updates Over the Product Lifetime
• Software Bill of Materials (SBOM) and Third-Party Components

Security By Design

At the core of the platform is the INTEGRITY real-time operating system (RTOS), architected from its inception to meet the most stringent security requirements. Its separation kernel has undergone rigorous penetration testing and is independently proven to securely isolate software components. By minimizing code that executes in kernel space, INTEGRITY reduces attack surface while providing provable separation and freedom-from-interference for applications, drivers, the INTEGRITY kernel, in addition to guest operating systems like Linux.

As a result of its secure architecture, no vulnerabilities have been reported for the INTEGRITY kernel in its 28 years of deployment – a track record that stands in contrast to operating systems with vulnerabilities that are discovered and reported in some cases on a weekly basis, necessitating a large number of security patches and costly field updates.

INTEGRITY has been deployed in millions of products across automotive, avionics, mobile, industrial, IoT, medical, and railway sectors. It has been certified at the highest levels for ISO 26262, DO-178B, ISO/SAE 21434, IEC 61508, and EN 50128/50657, and is supported by comprehensive cybersecurity and safety manuals for system developers.

Security From the Start

Green Hills offers many powerful security analysis tools for developers to use while writing their C, C++ and Rust application code. The MULTI integrated development environment (IDE) identifies security vulnerabilities and coding errors early in the development process. By enabling early detection, customers reduce downstream remediation costs and shorten compliance cycles.

• MISRA C/C++ adherence checking improves code safety, security, portability and reliability
• DoubleCheck static source code analysis identifies programming errors at the time of compilation
• Run-time stack error detection
• Additionally, the Cypherbridge CDX server offers optional automated and continuous binary vulnerability scanning on deployed binaries
• Advanced debugging capabilities to help developers find and fix every bug quickly and efficiently, allowing developers to minimize costly and embarrassing delays between fulfilling CRA reporting requirements and providing a fix

Secure Boot, Run-time Protection, and Lifecycle Management

The platform integrates secure boot and cryptographically verified image signing to protect devices from the first instruction executed. Based on the Cypherbridge® integrated suite of products for device lifecycle management, the Platform for CRA includes:

• Image signing (Cypherbridge WSLAM)
• Over-the-air updates via CDX Server and CDX Client
• Image verification and secure boot with uLoadXL

Together, these components, and optionally other partners in the Green Hills ecosystem, provide secure device lifecycle management, enabling safe updates and maintenance over the product's operational life.

Transparent Security Vulnerability Handling and Long-Term Support

Green Hills Software's internal Product Security Incident Response Team (PSIRT) efficiently handles security advisories and manages responses and customer communication.

Manufacturers benefit from the company's flexible long-term maintenance options, including:

• Feature updates and security patches for the life of the product
• Ongoing vulnerability reporting and remediation
• Detailed security change logs and patch documentation

SBOM and Third-Party Components

To address CRA regulation requirements related to INTEGRITY and third-party components, Green Hills provides an SBOM for INTEGRITY and provides a framework to isolate middleware and third-party software from security-critical components. Configuration tools for INTEGRITY-based systems provide an auditable security policy governing the capabilities of each software component in the system.