Date: Mon, 13 Oct 1997 12:36:41 +0100 From: Colman Reilly <careilly@monoid.cs.tcd.ie> To: Terry Lambert <tlambert@primenet.com> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: C2 Trusted FreeBSD? Message-ID: <199710131136.MAA09217@monoid.cs.tcd.ie> In-Reply-To: Message from Terry Lambert dated today at 09:31.
next in thread | raw e-mail | index | archive | help
FreeBSD could easily be made C2 compliant. B1 is a bith, in that it
pretty much requires the network authentication go away. If I can't
trust a remote machine, I can't trust it to say "yes, this person is
who I say he or she is...".
One of the reasons I prefere the ITSEC model is that it allows you write down
your own security claims depending on what you want to be able to say. Far
more flexible than Orange Book.
In any case, there's nothing in B1 to prevent you trusting an external
machine, so long as it come in over a secure enough channel. Consider the
external machine as part of the system. (Is there? Not on my reading of
the standard anyway.)
Security comes down to no external connections and a marine guard at
the door of the Tempest vault, in most cases. 8-).
With a small nuclear device attached to your hardware in case the guards are
overcome.
Colman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710131136.MAA09217>