Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 14 Oct 1997 14:16:51 -0400 (EDT)
From:      Drew Derbyshire <ahd@kew.com>
To:        petrilli@amber.org, softweyr@xmission.com
Cc:        security@FreeBSD.ORG
Subject:   Re: C2 Trusted FreeBSD?
Message-ID:  <199710141816.OAA05520@pandora.hh.kew.com>

next in thread | raw e-mail | index | archive | help
> From owner-freebsd-security@FreeBSD.ORG  Tue Oct 14 14:03:45 1997
> Christopher Petrilli writes:
>  > But what about when you have 10,000 users, and you need 486 of them to 
>  > not have access?  Do you see the issue of performance slowly creeping up 
>  > when yyou have 50,000 groups?  This becomes a hideous nightmare.
>
> Right.  A "secure" system with 10,000 users.  You obviously don't
> understand security in the same way the government does.  ;^)

No, that's exactly what they want -- 10,000 or 25,000 people with
access to the system but not all it's data.  Back in the late 80's
a large mainframe system for a government security agency had 25K
user accounts on it -- the vendor couldn't get a core dump from
them after problems, for the obvious reasons.  :-)

I believe IBM's VM/XA was C2 certified (a system which could handle 
1000 concurrent users pretty easily, so 25K accounts would not be
unreasonable); I don't know if they ever went for B1 or not.

-ahd-

--
Drew Derbyshire                 Internet:       ahd@kew.com
Kendra Electronic Wonderworks   Telephone:      781-279-9812

AAAAAA - American Association Against Acronym Abuse Anonymous.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710141816.OAA05520>