Re: Support the Sasser-author fund started

[Valdis.Kletnieks () vt edu]

On Tue, 18 May 2004 12:39:46 +1200, Nick FitzGerald <nick () virus-l demon co uk>  said:
> "Shane C. Hage" to Bill Royds:
>
> > I agree with most of your statements below.  
>
> Well, actually, he was wrong if you consider the NT family of OSes 
> starting in about 1993-4 (true, OOTB they were configured to be "fully 
> Win 3.x compatible" -- that is, with all security disabled/dumbed down
> -- but the underlying architecture design at least met most of the 
> minimum criteria for C2...).

Actually reading what C2 *required* is quite enlightening.

Code identified as a 'Trusted Computing Base'. Identification of specific
users.. discretionary access controls.. an audit trail.. object clearing before
reuse.. Testing for *obvious* flaws..

Yep, that's about it.  Userid/password, some sort of user-settable file
permissions, don't let the next user snarf blocks off the disk by allocating
a big file, and keep an audit trail.  *real* stringent. Even when NT came out, C2
wasn't considered much security at all...  Most of this stuff was already
well understood when Multics was done in the mid-60s.

Security labels? MAC? Those are B1.

"A team of individuals who thoroughly understand the specific implementation
of the TCB shall subject its design documentation, source code, and object code
to through analysis and testing".  That's not a requirement till B1 either.
(Yeah.. ponder THAT one - you don't have to do a thorough test to get C2 ;)

"Trusted Path" for login?  That's in B2, as is covert channel analysis.

You get the idea... ;)

Attachment: _bin
Description: