*BSD News Article 63410


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!newshost.telstra.net!act.news.telstra.net!psgrain!usenet.eel.ufl.edu!gatech!news.jsums.edu!news2.cais.net!news.cais.net!chi-news.cic.net!news.enteract.com!news.inap.net!uwm.edu!vixen.cso.uiuc.edu!newsfeed.internetmci.com!in2.uu.net!news.mindspring.com!nhammond.mindspring.com!nhammond
From: nhammond@mindspring.com (Nicolas Hammond)
Newsgroups: comp.os.linux.development.system,comp.os.linux.misc,comp.os.linux.networking,comp.unix.bsd.freebsd.misc,comp.unix.bsd.netbsd.misc,comp.unix.bsd.bsdi.misc
Subject: Re: need secure OS to entrust millions to
Date: Tue, 12 Mar 1996 00:37:35 -0400
Organization: MindSpring Enterprises, Inc.
Lines: 41
Message-ID: <nhammond.6.000CA937@mindspring.com>
References: <4gi6t6$3h9@lace.colorado.edu> <31304401.3341@pinsight.com> <4gq2j9$2g48@babyhuey.cs.utexas.edu> <nhammond.3.00AE67CD@mindspring.com> <4htqvq$d5o@cobweb.aracnet.com>
NNTP-Posting-Host: nhammond.mindspring.com
X-Newsreader: Trumpet for Windows [Version 1.0 Rev B]
Xref: euryale.cc.adfa.oz.au comp.os.linux.development.system:19221 comp.os.linux.misc:91343 comp.os.linux.networking:31455 comp.unix.bsd.freebsd.misc:15347 comp.unix.bsd.netbsd.misc:2445 comp.unix.bsd.bsdi.misc:2630

In article <4htqvq$d5o@cobweb.aracnet.com> beattie@coyote.aracnet.com (Brian Beattie) writes:

>I also used to work at SecureWare, although not as long as Nick, although
>I had been working with with Trusted Computing for almost as long as
>SecureWare had been around.  I must agree with most of the points that the 
>Doug made.  That is most of the Rainbow series is either irrelavent or
>wrong for commercial concerns. 

I won't disagree, but some are relavent.

>  I also have a lot of problems with most
>implementations of DoD type security but that is another matter. 

>Nick has a very good point and I agree with it that having a system with a
>defined level of assurance.  One that has been reviewed and tested by an 
>independent authority.  One that includes detailed documentation on the  
>"correct" operation is important.  Other than that no DoD level is better
>than standard UNIX security for "most" commercial applications.

The original poster was looking for something to "entrust millions to".

>That said the assurance issue is a major one and for that reason alone
>I would steer clear of Free unixes, for applications requireing high
>assurance, unless you want to do the work required to have that assuracne.

>The rest of what Nick say about levels is pure gospel according to NCSEC
>and pretty much smoke and mirrors.  That is to say if your security can
>be breached at one level, it can probably be breached at any level.

No. The point is that a secured OS provides multiple barriers.
Suppose there is a bug in your http server, and suppose someone can
get a shell. On a normal UNIX, they have free rein to the system and can begin
other attacks. On a properly configured high-assurance (B1 level+), 
the http server is running at a different level than the rest of the OS and 
therefore someone with a shell because of a bug in the http server can do
no damage.

You are supposed to be able to trust the OS (high-assurance), but you can't
trust the server software you run on it. You can trust the code you write, 
therefore you have to protect your millions against a buggy server.