C2 secure systems and the superuser

John F Haugh II jfh at rpp386.cactus.org
Tue Mar 19 23:12:00 AEST 1991


In article <FAIGIN.91Mar18121748 at sunstroke.aerospace.aero.org> faigin at aerospace.aero.org (Daniel P. Faigin) writes:
>In article <1991Mar17.060540.3911 at cbnewsh.att.com>, wcs at cbnewsh.att.com (Bill
>Stewart 908-949-0705 erebus.att.com!wcs) writes: 
>
>> Most of the market is satisfied with C2 functionality, and doesn't
>> really need the NSA Good Housekeeping Seal.  
>
>Correction. Most of the COMMERCIAL market. The ratings are there to help the
>DoD side of things. This goes along with the Agency's charter. If it ever gets
>the budget, the commercial side will probably be happer with NIST.

I tend to think that there are features above the C2 level that are
interesting in a commercial environment that would be beneficial if
they could be extracted from the remainder of the B1/B2 requirements.

Particularly, MAC and Least Privilege.  MAC is extremenly important
if information is to be protected - trojan horses can depend on DAC
to permit exporting information, but MAC prevents any unintentional
downgrading of information.  Thus, management data is protected from
programs gone awry.  It doesn't have to be "full-blown" MAC, with all
the requirements - just the basic concepts of subject and object
dominance.  I should be able to downgrade my own information so long
as I am on the trusted path.  [ Guess that means I need "trusted
path" too, eh? ]  Least privilege is in there because it's just a
good idea and allows operators to be given just enough authority
to get their jobs done.
-- 
John F. Haugh II        | Distribution to  | UUCP: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 832-8832 | GEnie PROHIBITED :-) |  Domain: jfh at rpp386.cactus.org
"I've never written a device driver, but I have written a device driver manual"
                -- Robert Hartman, IDE Corp.



More information about the Comp.unix.programmer mailing list