Firewall Wizards mailing list archives

Re: Re: Trusted OS...

From: "Paul D. Robertson" <proberts () clark net>
Date: Thu, 30 Mar 2000 00:43:31 -0500 (EST)

On Wed, 29 Mar 2000, Ryan Russell wrote:

Are you sure about that? Secure computing makes a trusted operating
system (called LOCK, if I recall correctly) but Sidewinder was based
on BSDI with some orange book fairy dust blown on it - I don't think
it was a _real_ trusted operating system, just good old BSDI (which is
probably better) with some hacks in it to include the domain/type
enforcement stuff.


Isn't that the central problem?  Do C level and below Orange Book
requirements actually help anything?  If I can take an OS, and add some
typing features, and have the money for the testing, is C2 useful at all?


Sure, it's useful in the same way that putting NT on laptops that had 98
on them is useful- you must be able to log in to the system to use it.

Beyond that, C isn't that much above D, but historically we've needed to
specify the named user requirement.

I think what you're speaking to is the fact that the denotative definition
of "trusted OS" in the US is just meeting the rainbow requirements.  While
most of us as security people would like to think that "trusted OS" means
that it has some actual security and has been carefully audited.


I've always considered B2 to be the bar, and B1 to be acceptable for
limited environments.

Certainly that doesn't mean an OS that has been succesfully been evaluated
can't also be secure... I think it just means that a rating alone doesn't
give assurance that the OS is secure (or even any more secure than
another.)  I don't think that will be a big surprise to anyone here.


Yawning through some Final Evaluation Reports doesn't help either.  I've
always felt it necessary to go to someone who was involved in the eval to
get questions answered.  Even then it's no fun trying to get someone to
tell you where they've documented around issues and what failure modes
they're worried about.

I prefer Red Book fairy dust though, it makes the Ethernet cables sparkle.
MAC/role by source address, authentication method and transport key and/or
encryption algorithm is where I'd like to see Linux-based solutions go.
If only I had more time...

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () clark net      which may have no basis whatsoever in fact."
                                                                     PSB#9280

Current thread:

Re: Re: Trusted OS... Paul D. Robertson (Apr 04)
- <Possible follow-ups>
- Re: Re: Trusted OS... Civ David R. Sears (Apr 04)
- Re: Re: Trusted OS... Pere Camps (Apr 10)
- RE: Re: Trusted OS... Michael . Owen (Apr 10)
- Re: Re: Trusted OS... Iván Arce (Apr 10)
- RE: Re: Trusted OS... Starkey, Kyle (Apr 10)
  - Re: Re: Trusted OS... Bennett Todd (Apr 10)
- Re: Re: Trusted OS... Rick Smith (Apr 10)
- RE: Re: Trusted OS... Rick Smith (Apr 13)
- RE: Re: Trusted OS... Matthew . Hannigan (Apr 17)