Firewall Wizards mailing list archives
Re: Re: Trusted OS...
From: Pere Camps <pere () pere net>
Date: Thu, 30 Mar 2000 17:47:54 +0200 (CET)
Hello,
There's the old-school definition (which I confess to favouring myself, just because I think it makes me sound like a grizzled old security stud:-) that a trusted OS is one that has passed the TPEP or one of its bastard children. This means not only posessing some cool features for expressing controls and restrictions, but also (particularly at higher levels) posessing design documentation that reflects a concern for security that tracks back to the start of implementation, and some amount of documentation and perhaps code review to help ensure that the product meets the claims. Then there's a newer school, that likes to use the term Trusted OS to describe an OS posessing the features --- mandatory or discretionary access control, domain type enforcement, whatever --- that allow more fine-grained control over processes and the resources they're permitted to access than the traditional OS permissions system. These speakers disregard the certification part, and just use the "Trusted OS" tag to refer to the presense of the OS features.
It looks like the old school likes the "assurance" and the new school likes the "capabilities". For example, the Orange Book doesn't specify many more capabilities after the B1 level. It just adds more "assurance" that the capabilities are implemented correctly. Personally, I'd like to have all the "features", but I'd rather stick with less "assured" features if my work can get done that way, even if it is harder to do. Just my 1/50 $ about my little knowledge about TOS. -- p.
Current thread:
- Re: Re: Trusted OS... Paul D. Robertson (Apr 04)
- <Possible follow-ups>
- Re: Re: Trusted OS... Civ David R. Sears (Apr 04)
- Re: Re: Trusted OS... Pere Camps (Apr 10)
- RE: Re: Trusted OS... Michael . Owen (Apr 10)
- Re: Re: Trusted OS... Iván Arce (Apr 10)
- RE: Re: Trusted OS... Starkey, Kyle (Apr 10)
- Re: Re: Trusted OS... Bennett Todd (Apr 10)
- Re: Re: Trusted OS... Rick Smith (Apr 10)
- RE: Re: Trusted OS... Rick Smith (Apr 13)
- RE: Re: Trusted OS... Matthew . Hannigan (Apr 17)