Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!newshost.telstra.net!act.news.telstra.net!psgrain!usenet.eel.ufl.edu!gatech!news.jsums.edu!news2.cais.net!news.cais.net!chi-news.cic.net!news.enteract.com!news.inap.net!uwm.edu!vixen.cso.uiuc.edu!newsfeed.internetmci.com!in2.uu.net!news.mindspring.com!nhammond.mindspring.com!nhammond From: nhammond@mindspring.com (Nicolas Hammond) Newsgroups: comp.os.linux.development.system,comp.os.linux.misc,comp.os.linux.networking,comp.unix.bsd.freebsd.misc,comp.unix.bsd.netbsd.misc,comp.unix.bsd.bsdi.misc Subject: Re: need secure OS to entrust millions to Date: Tue, 12 Mar 1996 00:37:35 -0400 Organization: MindSpring Enterprises, Inc. Lines: 41 Message-ID: <nhammond.6.000CA937@mindspring.com> References: <4gi6t6$3h9@lace.colorado.edu> <31304401.3341@pinsight.com> <4gq2j9$2g48@babyhuey.cs.utexas.edu> <nhammond.3.00AE67CD@mindspring.com> <4htqvq$d5o@cobweb.aracnet.com> NNTP-Posting-Host: nhammond.mindspring.com X-Newsreader: Trumpet for Windows [Version 1.0 Rev B] Xref: euryale.cc.adfa.oz.au comp.os.linux.development.system:19221 comp.os.linux.misc:91343 comp.os.linux.networking:31455 comp.unix.bsd.freebsd.misc:15347 comp.unix.bsd.netbsd.misc:2445 comp.unix.bsd.bsdi.misc:2630 In article <4htqvq$d5o@cobweb.aracnet.com> beattie@coyote.aracnet.com (Brian Beattie) writes: >I also used to work at SecureWare, although not as long as Nick, although >I had been working with with Trusted Computing for almost as long as >SecureWare had been around. I must agree with most of the points that the >Doug made. That is most of the Rainbow series is either irrelavent or >wrong for commercial concerns. I won't disagree, but some are relavent. > I also have a lot of problems with most >implementations of DoD type security but that is another matter. >Nick has a very good point and I agree with it that having a system with a >defined level of assurance. One that has been reviewed and tested by an >independent authority. One that includes detailed documentation on the >"correct" operation is important. Other than that no DoD level is better >than standard UNIX security for "most" commercial applications. The original poster was looking for something to "entrust millions to". >That said the assurance issue is a major one and for that reason alone >I would steer clear of Free unixes, for applications requireing high >assurance, unless you want to do the work required to have that assuracne. >The rest of what Nick say about levels is pure gospel according to NCSEC >and pretty much smoke and mirrors. That is to say if your security can >be breached at one level, it can probably be breached at any level. No. The point is that a secured OS provides multiple barriers. Suppose there is a bug in your http server, and suppose someone can get a shell. On a normal UNIX, they have free rein to the system and can begin other attacks. On a properly configured high-assurance (B1 level+), the http server is running at a different level than the rest of the OS and therefore someone with a shell because of a bug in the http server can do no damage. You are supposed to be able to trust the OS (high-assurance), but you can't trust the server software you run on it. You can trust the code you write, therefore you have to protect your millions against a buggy server.