Firewall Wizards mailing list archives
Re: Trusted OS...
From: Bennett Todd <bet () rahul net>
Date: Wed, 29 Mar 2000 11:51:01 -0500
To add a smigeon to the comments that have before, I think much of the discussion here has stemmed from two different definitions of "Trusted OS". There's the old-school definition (which I confess to favouring myself, just because I think it makes me sound like a grizzled old security stud:-) that a trusted OS is one that has passed the TPEP or one of its bastard children. This means not only posessing some cool features for expressing controls and restrictions, but also (particularly at higher levels) posessing design documentation that reflects a concern for security that tracks back to the start of implementation, and some amount of documentation and perhaps code review to help ensure that the product meets the claims. Then there's a newer school, that likes to use the term Trusted OS to describe an OS posessing the features --- mandatory or discretionary access control, domain type enforcement, whatever --- that allow more fine-grained control over processes and the resources they're permitted to access than the traditional OS permissions system. These speakers disregard the certification part, and just use the "Trusted OS" tag to refer to the presense of the OS features. Since many, perhaps most of us using the first definition actually don't have a whole lot of respect for the demonstrated consequences of the certification programs, there's an interesting twist: the folks with the apparently more casual definition of "Trusted OS" seem to be more enthusiastic about them. But when you shed the different use of terminology, what I'm seeing is that nearly everyone participating in this thread thinks that these sorts of OS features are dead sexy, we want 'em in all our OSes yesterday for crissakes, but we aren't in general nearly as enthusiastic about the formal certification processes. Though personally, I must admit from what I've seen recently on the firewalls list in the thread "Common Criteria", it sounds like the certification thing is moving in a healthy direction. The way they've decomposed the process into building a Security Target, using a menu of options from the common criteria, getting that security target sanity-checked against a consistency rulebase, then getting your product evaluated against that target, that sounds like some sound engineering. I'm still not completely convinced that the certification will be as valuable as some are trying to claim, but I'm getting less skeptical the more I read. -Bennett
Attachment:
_bin
Description:
Current thread:
- Trusted OS... Jean Caron (Mar 05)
- Re: [firewall-wizards] Trusted OS... Magosanyi Arpad (Mar 06)
- Re: [firewall-wizards] Trusted OS... Jean Caron (Mar 12)
- Re: [firewall-wizards] Trusted OS... Magosanyi Arpad (Mar 12)
- Re: Trusted OS... Bennett Todd (Mar 21)
- Re: [firewall-wizards] Trusted OS... Jean Caron (Mar 12)
- Re: [firewall-wizards] Trusted OS... Magosanyi Arpad (Mar 06)
- <Possible follow-ups>
- Re: Trusted OS... Valerie Anne Bubb (Mar 06)
- Re: Re: Trusted OS... Paul McNabb (Mar 23)
- Re: Re: Trusted OS... Marcus J. Ranum (Mar 28)
- Re: Re: Trusted OS... Ryan Russell (Mar 29)
- Re: Trusted OS... Bennett Todd (Mar 29)
- Re: Re: Trusted OS... Marcus J. Ranum (Mar 28)
- Re: Re: Trusted OS... Marcus J. Ranum (Mar 28)
- Re: Re: Trusted OS... Iván Arce (Mar 29)
- Re: Re: Trusted OS... Patrick Bryan (Mar 29)