Date: Wed, 15 Oct 1997 07:59:09 -0500 From: dkelly@hiwaay.net To: Colman Reilly <careilly@monoid.cs.tcd.ie> Cc: dkelly@hiwaay.net, security@freebsd.org Subject: Re: C2 Trusted FreeBSD? Message-ID: <199710151259.HAA23976@nospam.hiwaay.net> In-Reply-To: Message from Colman Reilly <careilly@monoid.cs.tcd.ie> of "Wed, 15 Oct 1997 12:37:36 BST." <199710151137.MAA20965@monoid.cs.tcd.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
> > SGI also *claims* to meet C2 with only Discressionary Access Control, in > other words, "plain old Unix user and groups." Note emphasis on "claims", > as they developed Trusted Irix for B1 or thereabouts and were somehow > prevented from having more than one system under test. And never submitted > a system for C2 testing. So they provide a white paper detailing how plain > old Irix with the addition of the Trusted Irix auditing system meets the > intent of C2. This has been Good Enough to use plain Irix with audit trails > at work. > Think it would have been good enough if it had been a free OS crowd writing > the paper and not SGI? It all depends on who your approving authority is. We've worked hard to establish a good relationship with ours. He respects our judgment. And availability of source code is no small plus in this business. One of their first concerns is to prevent a security violation. Next is to detect the violation. And once detected, the ability to analyze it and prevent it from happening again. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710151259.HAA23976>