Re: Trusted Unices Aren't?

[Gordon Greene <Gordon.Greene () netsec net>]

> > Actually, there is a B1 VMS system:
> ...
> Interesting note.  However ...
>
> Digital's ... oops, Compaq's assertion of SEVMS meeting B1 does not
> constitute verification that it is B1, eh?
The URL:

   http://www.dsd.gov.au/epl/os.html

shows SEVMS releases 6.0 and 6.1 for the VAX to have actually been
evaluated by B1 by NCSC according to TCSEC.  I don't know what's become of
them since that, or whether there was ever and Alpha port.  


> I note that it is "SEVMS for OpenVMS VAX".  Meaning it runs on a VAX,
> not an Alpha ... old stuff, right?  [However old that makes me feel.
> ;-)]  AND ... it runs over OpenVMS, per that phrase.  If OpenVMS is not
> B1, then this does not give one a warm'n'fuzzy that something stuck
> over it will make it so.  Eh?
Well, as I mentioned in another message, Argus makes a B1 add-on to Solaris
(called Pitbull).  It is designed to be F-B1/E3, but is being put in for a
higher level.  I'm not sure what the current status is.  Also, DG/UX is
available with a B2 option.  I don't know if this is so much an add-on or
just a different set of install media.  

Perhaps it doesn't provide warm fuzzies to put MLS on top of something
which isn't.  The process does seem to make some subsbitutions in the
kernel and applications, though.  The real test is how well they stand up
to attack and what the performance and convenience cost is.

What you never see is any sort of MLS OS that's free.  There's been a
minute buzz about an MLS OpenBSD, or something similar.  I don't know what
sort of trial it would be to get it evaluated, but I do think it would be
best done as part of the common code base, just conditionally compiled.
Because there are quite a few people working on free OSes, it would be
important to design everything right the first time.  It is intriguing,
though.