Re: [firewall-wizards] Re: Trusted OS...

[Magosanyi Arpad <mag () bunuel tii matav hu>]

> To add a smigeon to the comments that have before, I think much of
> the discussion here has stemmed from two different definitions of
> "Trusted OS".
>
> There's the old-school definition (which I confess to favouring
> myself, just because I think it makes me sound like a grizzled old
> security stud:-) that a trusted OS is one that has passed the TPEP

I myself call a TOS anything which is conforms to CC's LSPP.
And I believe in it if it has passed some evaluation. (TPEP class
B or the bastards:)

[]
> But when you shed the different use of terminology, what I'm seeing
> is that nearly everyone participating in this thread thinks that
> these sorts of OS features are dead sexy, we want 'em in all our
> OSes yesterday for crissakes, but we aren't in general nearly as
> enthusiastic about the formal certification processes.

I think that they are so really dead cool sexy that we need those
features in firewall software as well.

> Though personally, I must admit from what I've seen recently on
> the firewalls list in the thread "Common Criteria", it sounds like
> the certification thing is moving in a healthy direction. The way
> they've decomposed the process into building a Security Target,
> using a menu of options from the common criteria, getting that
> security target sanity-checked against a consistency rulebase, then
> getting your product evaluated against that target, that sounds like
> some sound engineering.


The problem is with the security target. The manager will understand
only that "it passed the CC". It makes the life of os builder and
marketing people easier, the life of the security officer harder,
and the life of the manager miserable.

> I'm still not completely convinced that the certification will be
> as valuable as some are trying to claim, but I'm getting less
> skeptical the more I read.

We need certification, because you cannot normally ensure the
conformance of a product to your needs. The key point is that
certification normally won't ensure that the product is
even nominally bug-free. If you want that, you have to have
open source and public audit (and even then)...

-- 
GNU GPL: csak tiszta forrásból