Used extensively by the Department of Defense (DoD) and Intelligence Community (IC) to protect sensitive data from sources worldwide, STOP™ – the Secure Trusted Operating Program – is a trusted 64-bit general purpose operating system (GPOS) designed from the ground up with security as its core focus. Field proven, third-party developers choose STOP™ to be certain of security and to differentiate their products in today’s competitive market.
What makes STOP the smarter choice?
Unlike other operating systems, our proprietary STOP™ operating system delivers stronger security because security is “baked in” from the beginning, not “bolted on” afterward like other operating systems. For example, Linux and Windows operating systems add security as a plugin...an afterthought. In contrast, STOP™ was designed and built around Mandatory Access Control (MAC) policies and features that cannot be turned off or uninstalled. That makes STOP™ several magnitudes more secure than other OS choices for sensitive and vitally important information. Today’s STOP™ is not only extraordinarily secure, it’s also rugged, capable of providing years of continuous uptime, even in less than ideal environments.
In addition, the attack surface of STOP™ is exponentially smaller than other operating systems, which reduces risk dramatically. Its small size also allows a one-second boot time, and permits STOP™ to run on Intel® and AMD® architectures, including single-board computers. STOP™ is also regularly superior to Real-Time Operating Systems (RTOS) for information security applications, as it is most often less costly, more secure, and significantly more flexible.
The right OS for relentless security
Operating systems cover a broad spectrum of uses, from microkernels and RTOS to more broadly-applied GPOS. That spectrum basically breaks down this way:
- Microkernels are designed to run simple, specific devices with narrowly-defined purposes, such as toasters.
- RTOS are typically used to run complex, yet still limited-purpose devices, such as ATMs, vending machines, vehicles (airplanes, tanks, and supply trucks), control panels, and weapons systems.
- GPOS – including STOP™, Linux, and Windows – are designed to operate high-end computing devices that can perform a multitude of tasks, like desktop PCs, work stations, servers, and infrastructure devices. These GPOS-based devices run networks, email, databases, and web servers, as well as general office computing applications and specialized applications.
Compared to Linux and Windows, which focus on desktop, server, and infrastructure environments, STOP™ is specially designed from the ground up, focused on high security environments, with lightweight secure development requirements. That commitment to unrelenting security has made STOP™ a leading choice throughout the DoD and IC in CDS, multi-level file servers (MLS), and boundary devices that could be used anywhere that multi-level security may be relevant (e.g. critical infrastructure, SCADA).
Key STOP features and benefits include:
- Support for many Linux APIs, allowing third-party developers to port their applications to a higher security platform.
- Flexible licensing and versions for individual workstations, enterprise, and development environments, helping customers minimize total cost of ownership.
- Granular access controls and robust security features that give users who are moving data between enclaves assurance that classified data has been labeled correctly.
- At under a tenth the size of the Linux kernel, STOP’s smaller attack surface reduces the risk of compromise and minimizes the cost of security certifications.
- Many threats, like stack smashing, are mitigated using all available compiler security options, no execute, and address space layout randomization. Runtime integrity monitoring is used to protect executables, security policies, configuration files, and other assets.
- Portable, flexible, and mobile deployment options – on a wide variety of platforms – that don’t compromise security certifications.
- STOP™ provides system administrators with flexible security policy options, like mandatory access control (MAC), role based access control (RBAC) and discretionary access control (DAC).
- Customizable configuration of auditable events ensures accountability. Fine-grained selection criteria allow the collection of all necessary and relevant records.
- STOP™ encrypts each block of the file system, including a pre-boot environment that ensures encryption at rest and at initial startup.
- When a security policy is changed, STOP™ responds immediately by applying real-time security configuration updates without requiring a reboot. This feature, unique to STOP™, provides greater assurance and convenience for your mission.
- The kernel utilizes a variety of features to guard itself against unauthorized modifications ensuring extensive system integrity checks.
- STOP’s Linux-like API simplifies training for Linux-proficient developers and security professionals.
Our cyber security support and services
BAE Systems provides world-class technical support and professional services to assist with deploying, administering, and troubleshooting our entire cyber security portfolio. Our technical support and professional services team consists of high-level engineers with years of experience working with our cyber security product lineup. Our support and training services include:
- 24x7 Technical Support provided on all BAE Systems cyber security products via phone and email and is available through purchase of maintenance plans.
- Training including instructor-led formal and informal courses, available both at your site and at BAE Systems’ acclaimed Reston, VA training facility.
- Installation and configuration services such as conducting site surveys, delivery to user sites, and oversight of hardware installation, testing, and acceptance at a user site.
- Rapid prototyping, custom development, ruggedized hardware analysis, and testing to help you meet your mission, even if you need a custom capability quickly or special filters for rare file types.
Market ready: STOP™ is integral to BAE Systems XTS Guard 7 and XTS Diode cross-domain solutions, and is available as a stand-alone OEM product to government and commercial customers, and third-party application developers.
Pricing: Trials are free. Both perpetual and leased licenses available. Flexible options exist for OEM partners: license model includes SDK license and runtime licenses.
Learn more. Download the STOP™ data sheet or contact our Electronic Systems business representative to arrange a meeting.
-
Keeping F-22 Raptor electronic warfare mission systems ready and relevant
Sustaining complex, high-performance EW systems to maintain U.S. air dominance -
BAE Systems introduces enhanced features for TWV640 thermal camera core
Enhanced capabilities for BAE Systems’ TWV640 thermal camera core -
BAE Systems and L3Harris deliver first EC-37B Compass Call aircraft to the U.S. Air Force
Delivering critical EW capability to keep the U.S. at the vanguard for defense and deterrence -
BAE Systems successfully flight tests next-generation vehicle management computer for the F-35 Lightning II
Flight control technology upgrade maximizes processing power for added mission capabilities and safety enhancements -
BAE Systems to develop technology for next-generation sensing, imaging, and communications systems
DARPA has awarded BAE Systems a $14 million contract for the Massive Cross Correlation (MAX) program. -
Providing electric drive systems for Toronto’s newest battery-electric buses
Gen3 power management technology will deliver clean, efficient, and reliable operation for zero-emission fleet -
Delivering next-generation digital Identification Friend or Foe interrogator for the U.S. Navy
Modernized design provides advanced capabilities to support mission success -
BAE Systems unveils NavGuide™ GPS receiver
Drop-in Defense Advanced GPS Receiver replacement features M-Code protection and full-color graphical user interface -
BAE Systems to power North America’s largest battery-electric bus order with zero-emission propulsion systems
Power management technology enables clean, efficient operation for zero-emission buses
-
Overview
Used extensively by the Department of Defense (DoD) and Intelligence Community (IC) to protect sensitive data from sources worldwide, STOP™ – the Secure Trusted Operating Program – is a trusted 64-bit general purpose operating system (GPOS) designed from the ground up with security as its core focus. Field proven, third-party developers choose STOP™ to be certain of security and to differentiate their products in today’s competitive market.
What makes STOP the smarter choice?
Unlike other operating systems, our proprietary STOP™ operating system delivers stronger security because security is “baked in” from the beginning, not “bolted on” afterward like other operating systems. For example, Linux and Windows operating systems add security as a plugin...an afterthought. In contrast, STOP™ was designed and built around Mandatory Access Control (MAC) policies and features that cannot be turned off or uninstalled. That makes STOP™ several magnitudes more secure than other OS choices for sensitive and vitally important information. Today’s STOP™ is not only extraordinarily secure, it’s also rugged, capable of providing years of continuous uptime, even in less than ideal environments.In addition, the attack surface of STOP™ is exponentially smaller than other operating systems, which reduces risk dramatically. Its small size also allows a one-second boot time, and permits STOP™ to run on Intel® and AMD® architectures, including single-board computers. STOP™ is also regularly superior to Real-Time Operating Systems (RTOS) for information security applications, as it is most often less costly, more secure, and significantly more flexible.The right OS for relentless security
Operating systems cover a broad spectrum of uses, from microkernels and RTOS to more broadly-applied GPOS. That spectrum basically breaks down this way:- Microkernels are designed to run simple, specific devices with narrowly-defined purposes, such as toasters.
- RTOS are typically used to run complex, yet still limited-purpose devices, such as ATMs, vending machines, vehicles (airplanes, tanks, and supply trucks), control panels, and weapons systems.
- GPOS – including STOP™, Linux, and Windows – are designed to operate high-end computing devices that can perform a multitude of tasks, like desktop PCs, work stations, servers, and infrastructure devices. These GPOS-based devices run networks, email, databases, and web servers, as well as general office computing applications and specialized applications.
Compared to Linux and Windows, which focus on desktop, server, and infrastructure environments, STOP™ is specially designed from the ground up, focused on high security environments, with lightweight secure development requirements. That commitment to unrelenting security has made STOP™ a leading choice throughout the DoD and IC in CDS, multi-level file servers (MLS), and boundary devices that could be used anywhere that multi-level security may be relevant (e.g. critical infrastructure, SCADA).Key STOP features and benefits include:
- Support for many Linux APIs, allowing third-party developers to port their applications to a higher security platform.
- Flexible licensing and versions for individual workstations, enterprise, and development environments, helping customers minimize total cost of ownership.
- Granular access controls and robust security features that give users who are moving data between enclaves assurance that classified data has been labeled correctly.
- At under a tenth the size of the Linux kernel, STOP’s smaller attack surface reduces the risk of compromise and minimizes the cost of security certifications.
- Many threats, like stack smashing, are mitigated using all available compiler security options, no execute, and address space layout randomization. Runtime integrity monitoring is used to protect executables, security policies, configuration files, and other assets.
- Portable, flexible, and mobile deployment options – on a wide variety of platforms – that don’t compromise security certifications.
- STOP™ provides system administrators with flexible security policy options, like mandatory access control (MAC), role based access control (RBAC) and discretionary access control (DAC).
- Customizable configuration of auditable events ensures accountability. Fine-grained selection criteria allow the collection of all necessary and relevant records.
- STOP™ encrypts each block of the file system, including a pre-boot environment that ensures encryption at rest and at initial startup.
- When a security policy is changed, STOP™ responds immediately by applying real-time security configuration updates without requiring a reboot. This feature, unique to STOP™, provides greater assurance and convenience for your mission.
- The kernel utilizes a variety of features to guard itself against unauthorized modifications ensuring extensive system integrity checks.
- STOP’s Linux-like API simplifies training for Linux-proficient developers and security professionals.
Our cyber security support and services
BAE Systems provides world-class technical support and professional services to assist with deploying, administering, and troubleshooting our entire cyber security portfolio. Our technical support and professional services team consists of high-level engineers with years of experience working with our cyber security product lineup. Our support and training services include:- 24x7 Technical Support provided on all BAE Systems cyber security products via phone and email and is available through purchase of maintenance plans.
- Training including instructor-led formal and informal courses, available both at your site and at BAE Systems’ acclaimed Reston, VA training facility.
- Installation and configuration services such as conducting site surveys, delivery to user sites, and oversight of hardware installation, testing, and acceptance at a user site.
- Rapid prototyping, custom development, ruggedized hardware analysis, and testing to help you meet your mission, even if you need a custom capability quickly or special filters for rare file types.
Market ready: STOP™ is integral to BAE Systems XTS Guard 7 and XTS Diode cross-domain solutions, and is available as a stand-alone OEM product to government and commercial customers, and third-party application developers.Pricing: Trials are free. Both perpetual and leased licenses available. Flexible options exist for OEM partners: license model includes SDK license and runtime licenses.
Learn more. Download the STOP™ data sheet or contact our Electronic Systems business representative to arrange a meeting.
-
Downloads
-
News
-
Keeping F-22 Raptor electronic warfare mission systems ready and relevant
Sustaining complex, high-performance EW systems to maintain U.S. air dominance -
BAE Systems introduces enhanced features for TWV640 thermal camera core
Enhanced capabilities for BAE Systems’ TWV640 thermal camera core -
BAE Systems and L3Harris deliver first EC-37B Compass Call aircraft to the U.S. Air Force
Delivering critical EW capability to keep the U.S. at the vanguard for defense and deterrence -
BAE Systems successfully flight tests next-generation vehicle management computer for the F-35 Lightning II
Flight control technology upgrade maximizes processing power for added mission capabilities and safety enhancements -
BAE Systems to develop technology for next-generation sensing, imaging, and communications systems
DARPA has awarded BAE Systems a $14 million contract for the Massive Cross Correlation (MAX) program. -
Providing electric drive systems for Toronto’s newest battery-electric buses
Gen3 power management technology will deliver clean, efficient, and reliable operation for zero-emission fleet -
Delivering next-generation digital Identification Friend or Foe interrogator for the U.S. Navy
Modernized design provides advanced capabilities to support mission success -
BAE Systems unveils NavGuide™ GPS receiver
Drop-in Defense Advanced GPS Receiver replacement features M-Code protection and full-color graphical user interface -
BAE Systems to power North America’s largest battery-electric bus order with zero-emission propulsion systems
Power management technology enables clean, efficient operation for zero-emission buses
-
-
Data Diode Solution™Maximum assurance. Maximum unidirectional throughput.
-
World-Class Cybersecurity Support and ServicesBAE Systems provides our cybersecurity customers with technical support, professional services, and accreditation support to help with deployment of our cybersecurity products, troubleshoot issues, and assure peace of mind.
-
XTS® Diode One-Way TransferXTS® Diode is a next-generation One-Way Transfer (OWT) device and the first named Raise-The-Bar (RTB)-compliant by the National Cross Domain Strategy Management Office (NCDSMO) and the National Security Agency (NSA).
-
XTS® Guard 7XTS® Guard 7 is a high assurance cross-domain solution (CDS) that enables secure sharing between networks of various security classifications and enclaves. With hundreds of deployments, XTS Guard has a long track record securing sensitive data for the DoD, IC, Coalition Partners, and foreign military worldwide.
-
STOP™ High Assurance GPOSBuilt with security as its top priority, the STOP™ high assurance operating system from BAE Systems protects the world’s most valuable information, providing greater security and ruggedness with lower deployment cost.
