Re: Trusted Unices Aren't?

[Rick Smith <rick_smith () securecomputing com>]

At 09:38 AM 10/30/98 -0700, dreamwvr wrote:
> hi, 
>   actually there are products that have been pumped out for 
> "secure web server" market that really are... Ever heard of 
> virtual vault. Looks real good to me. Uses a Plan 9 approach to 
> access control which if you read the info on this product is 
> very impressive. 

Virtual Vault is a CMW based implementation of what we call an "assured
pipeline" in the type enforcement world. Dick OBrien and Clyde Rogers
presented a paper on the LOCK implementation of assured pipelines at the
NCSC in the early '90s. Barry Miracle was HP's technical POC on Virtual
Vault: he's an old LOCK hand that moved to SecureWare (and thus HP) from SCC.

The thing that makes assured pipelines and Virtual Vault work is that the
underlying OS doesn't allow anything to bypass a rigidly enforced data
flow. Stuff comes in on one side and it *must* flow to a particular
process. The only path for that particular type of data to reach the other
side leads from that particular process. The underlying OS blocks all other
data flows from the input process, the admins can't turn this behavior off,
and subverted users can't construct world writable files that allow a sneak
path to work.

For academic computer security types, this is an implementation of
Clark-Wilson integrity concepts.

I haven't looked at Plan 9 docs in many years, but I din't remember getting
a sense of this sort of "mandatory protection" built into it.

Rick.
smith () securecomputing com