Firewall Wizards mailing list archives
Re: Trusted Unices Aren't?
From: Gordon Greene <Gordon.Greene () netsec net>
Date: Thu, 29 Oct 1998 10:42:23 -0500
VMS started its life in the mid '70s, well before the Orange Book, so it's unlikely the role of MLS was well understood by VMS developers. They put a heap of effort into trying to do an A1 VMS about 10 years later, but the effort died from escalating costs and evaluation requirements, combined with anticipated problems with export approval (there's a lesson here).
MLS doesn't seem to be well understood by many developers even now. Just because VMS didn't start out as an MLS system doesn't mean it couldn't be adjusted. Look at Argus. They make an add-on to Solaris (called Pitbull) which make it MLS. Admittedly, A1 is a big job, and the only A1 box I've heard of was from Wang, called the SCOMP. Actually, Wang Federal was called Honeywell at that point. Or something like that.
It's my impression, from both experience and observation, that it's a pain to get something evaluated no matter how carefully you engineer the system for evaluation.
It seems like as tough as it is to get the OS evaluated, you have to go through at least as much to get a system that incorporates it through accreditation.
I'd anticipate a very serious case of software rot, brought on by changes in available hardware and I/O devices. It's a real pain to keep a custom OS up to date and compatible with evolving combinations of off the shelf hardware. I remember Trusted Xenix was reputed to be "slow" several years ago, but given modern processor speeds and the state of competing bloatware, it would probably run fast in comparison, if it can be gotten to run at all.
This is the perennial problem of MLS systems, though. There is always a cost in performance and convenience. And it gets worse, the higher up the evaluation scale you go. Up around B3 it gets hard to accomplish anything. Sure, no one can cause any mischief, but no one can do anything useful either. Imagine having to do formal proofs of such a thing. Just sitting down in front of the box should give a good feel of how restricted a user is.
I was mildly surprised that TIS never used it to field some sort of firewall in the mid '90s. (cue to Marcus for Orange Book flame :-> ).
Actually, having done some firewall stuff on MLS systems, I was kind of surprised, too. At the time I noticed that it existed, I was informed (by a not very reliable source) that it was extinct. Don't believe everything you hear!
Current thread:
- Trusted Unices Aren't? ark (Oct 16)
- Re: Trusted Unices Aren't? Randy Taylor (Oct 16)
- <Possible follow-ups>
- Re: Trusted Unices Aren't? steve . gailey (Oct 19)
- Re: Trusted Unices Aren't? ark (Oct 23)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- Re: Trusted Unices Aren't? Rick Smith (Oct 28)
- Re: Trusted Unices Aren't? Paul D. Robertson (Oct 29)
- Re: Trusted Unices Aren't? dreamwvr (Oct 29)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 29)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- Re: Trusted Unices Aren't? Joseph S. D. Yao (Oct 27)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- RE: Trusted Unices Aren't? Gregory Perry (Oct 28)
- Re: Trusted Unices Aren't? ark (Oct 23)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 27)
- Message not available
- Re: Trusted Unices Aren't? Gordon Greene (Oct 29)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 27)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 29)