Date: Thu, 10 Oct 2002 18:08:54 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.ORG> To: Terry Lambert <tlambert2@mindspring.com> Cc: "Roman V. Mashak" <mrv@tv2.tomsk.ru>, Steve Kudlak <chromexa@ovis.net>, "Nelson, Trent ." <tnelson@switch.com>, "'hackers@freebsd.org'" <hackers@FreeBSD.ORG>, "'questions@freebsd.org'" <questions@FreeBSD.ORG> Subject: Re: FreeBSD usage in safety-critical environments Message-ID: <Pine.NEB.3.96L.1021010180646.39392E-100000@fledge.watson.org> In-Reply-To: <3DA50C53.FA2B1619@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 9 Oct 2002, Terry Lambert wrote: > "Roman V. Mashak" wrote: > > On Wed, Oct 09, 2002 at 01:07:43PM -0400, Steve Kudlak wrote: > > > project and mucking with the "low grade" in my opinion C-2 security > > > that Sun OSes had and finding bugs in things like FTP logging and > > > the like. I now do other things so I don't worry about that. :) But it > > > is an interesting issue. I wonder if we should move it to chat? > > > > Could you please pick up some URLs with description of all security levels > > (C-2 and so on) - how to get, who is going on it and so on. > > Thanks in advance. > > Here is the "Orange Book" (DoD TCSEC / DoD 5200.28-STD): > > http://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.html > > You "get it" by paying a certified testing laboratory a huge amount of > money to test a particular hardware and software combination. Systems are no longer being evaluated to TCSEC. The new world order is based on a "Common Criteria" or language for expression protection profiles (PPs) in terms of a feature set, and then an assurance level (EAL-1 ... EAL-4 or higher). The logical equvilents to TCSEC C2 and B1, as mentioned in an earlier message I sent out, are the CAPP and LSPP protection profiles at EAL-4. In order to get your foot in the door, you really need at least EAL-3 / CAPP. There are lots of other protection profiles provided by NSA, NIST, and other international organizations. This is a logically seperate issue from the safety critical concern, although in many real world situations, you'd want both aspects. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1021010180646.39392E-100000>