Firewall Wizards mailing list archives

Re: Trusted Unices Aren't?

From: Gordon Greene <Gordon.Greene () netsec net>
Date: Fri, 23 Oct 1998 15:54:18 -0400

Jeremy Epstein <jepstein () tis com> said :

I've never heard that VMS was designed as MLS, and given the pain they went
through to get it evaluated, I doubt it was.  Having said that, it
certainly has fewer "gimme-all-privileges" applications (as you correctly
note), for two reasons: it was correctly designed to have granularity of
privileges and there are fewer applications altogether :-)


The first reason is good enough to ease securing the system much (comapring
to unices..)


Actually, there is a B1 VMS system:

http://www.digital.com/security/sevms.htm
----------------------------------------------------------------------------
------------------------

Security has been a key strength of the OpenVMS operating system since the
first version. Today with client/server computing and Internet
connectivity, security is more important than ever before. SEVMS, a
security-enhanced version of OpenVMS, satisfies the need of government
agencies, national defense organizations, prime contractors, and other
commercial environments to label and protect classified information.

SEVMS provides mandatory access controls (MAC) and enhanced security
auditing for secure standalone or clustered OpenVMS systems. SEVMS provides
the system security manager with software to enforce a system wide security
policy that helps protect users, data, software, and hardware from security
compromise.

Designed to meet recognized security standards

SEVMS for OpenVMS VAX meets the B1 level of security as defined by the
United States National Computer Security Center (NCSC).

Some features

SEVMS allows security managers to:

     Define and control access between subjects (users) and objects (files,
programs, and devices). 
     Designate sensitivity labels, consisting of hierarchical levels and
non-hierarchical categories for any user, file, program, or device.
----------------------------------------------------------------------------
------------------------------

Looks pretty MLS to me!

Current thread:

Re: Trusted Unices Aren't?, (continued)
- Re: Trusted Unices Aren't? ark (Oct 23)
  - Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
    - Re: Trusted Unices Aren't? Rick Smith (Oct 28)
    - Re: Trusted Unices Aren't? Paul D. Robertson (Oct 29)
    - Re: Trusted Unices Aren't? dreamwvr (Oct 29)
    - Re: Trusted Unices Aren't? Gordon Greene (Oct 29)
  - Re: Trusted Unices Aren't? Joseph S. D. Yao (Oct 27)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
  - RE: Trusted Unices Aren't? Gregory Perry (Oct 28)
- Re: Trusted Unices Aren't? ark (Oct 23)
  - Re: Trusted Unices Aren't? Gordon Greene (Oct 27)
    - Message not available
    - Re: Trusted Unices Aren't? Gordon Greene (Oct 29)
- RE: Trusted Unices Aren't? ICMan (Oct 28)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 29)
  - Re: Trusted Unices Aren't? Gordon Greene (Oct 29)