Re: Trusted Unices Aren't?

[Rick Smith <rick_smith () securecomputing com>]

At 10:56 AM 10/19/98 -0400, Jeremy Epstein wrote:

> I've never heard that VMS was designed as MLS, and given the pain they went
> through to get it evaluated, I doubt it was.

VMS started its life in the mid '70s, well before the Orange Book, so it's
unlikely the role of MLS was well understood by VMS developers. They put a
heap of effort into trying to do an A1 VMS about 10 years later, but the
effort died from escalating costs and evaluation requirements, combined
with anticipated problems with export approval (there's a lesson here).

It's my impression, from both experience and observation, that it's a pain
to get something evaluated no matter how carefully you engineer the system
for evaluation.

> > P.S. what happened to Trusted Xenix, is it officially dead now? 
>
> Don't know for sure, but I suspect we'd find a way to sell it to anyone who
> wanted it.  We aren't actively marketing or developing it, though.

I'd anticipate a very serious case of software rot, brought on by changes
in available hardware and I/O devices. It's a real pain to keep a custom OS
up to date and compatible with evolving combinations of off the shelf
hardware. I remember Trusted Xenix was reputed to be "slow" several years
ago, but given modern processor speeds and the state of competing
bloatware, it would probably run fast in comparison, if it can be gotten to
run at all.

I was mildly surprised that TIS never used it to field some sort of
firewall in the mid '90s. (cue to Marcus for Orange Book flame :-> ).

Rick.
smith () securecomputing com