Date: Tue, 14 Oct 1997 22:17:29 -0400 (EDT) From: "Christopher G. Petrilli" <petrilli@amber.org> To: dkelly@hiwaay.net Cc: Wes Peters <softweyr@xmission.com>, security@FreeBSD.ORG Subject: Re: C2 Trusted FreeBSD? Message-ID: <Pine.BSF.3.96.971014221455.2865L-100000@dworkin.amber.org> In-Reply-To: <199710150202.VAA21041@nospam.hiwaay.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 14 Oct 1997 dkelly@hiwaay.net wrote: > > Has to be deallocated, unless you want to maintain ownership credentials > > of the deallocated pools. The act of returning a block of memory to the > > "free" pool changes its ownership. There is an existing standard for > > reclaiming memory in C2 systems. If I remember correctly, you have to > > overwrite each bit with successive 1 and 0 for 100 cycles. This is > > pretty cpu intensive, but can be done pretty easily by modify sbrk and > > friends. I guess in the post 2.2 world, it would be munmap that gets > > mangled, right? > > I've never seen the "100 times overwrite" requirement. The act of writing a > zero to memory that is parity checked in hardware should satisfy the spirit > of the requirement. If writing the zero didn't work, it fails on first read. It simply as to be cleared, that's all the requirements states. As for deallocate/allocate, that's a "preference", and in fact can be done on either because according to the TCSEC returning memory to the TCB (i.e. kernel) is not technically a change of ownership because the TCB is not an owner in the sense that this applies to. The TCB is trusted, therefore yo ucan do the clear on allocate, which is substantially easier over the long haul, and is what is commonly done. > In the above document, SGI points out "clear before reallocate" was > approved when they tested Trusted Irix for B1, so they claim the same is > good enough for plain Irix at C2. And Microsoft claims that NT is C2---they just forget that you can't have a network or floppy. :-) CHris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971014221455.2865L-100000>