security levels, V.4

John F. Haugh II jfh at greenber.austin.ibm.com
Thu Dec 6 04:45:45 AEST 1990


In article <1990Nov30.145545.29792 at murdoch.acc.Virginia.EDU> Ran Atkinson <randall at Virginia.EDU> writes:
>
>In article <1990Nov29.224243.2934 at ico.isc.com> rcd at ico.isc.com, Dick Dunn writes:
>>And no, B2 is not required for V.4.  It's an option--I think MLS will take
>>you to the B2 level.

The evaluated B2 product (SV/MLS) was not based on SVR4.  It was based
on SVR3.2.1 (or 3.2.2 or bzzt).  I have a copy of the final evaluation
(nice sleep inducer) laying about someplace, but it is not a SVR4-based
product.  If anyone cares, I'll post the specifics, but it is really
pretty unexciting.

>Dick is correct.  The MLS (Multi-level Security) option for Unix System V
>is needed if you want a B2 system.  Note that UNIX System V/MLS is actually
>certified by NCSC as being a B2 system.  I don't think that SCO ever actually
>got their "C2" product certified by NCSC (who are the only folks who can
>certify Orange Book conformance).

The certification handed out by the NCSC people covers a very specific
hardware configuration and level of software.  The reason that I doubt
SCO will ever have a C2 for their product is because they would have to
pick a hardware platform to have it rated on - and that is really the
responsibility of a hardware vendor.  The rating which AT&T received
only applies to their hardware and that exact level of code (modulo
being involved in RAMP, which I am certain they are).  Any other level
of software (read: bug fixes) or hardware model (read: performance
improvements, etc.) are not covered.

>If folks dislike C2, they will be much more unhappy with B2.  I on the other
>hand prefer at least a B1 system because it is much safer from breakins
>and such.  I'll not bore folks with the differences between C2 and B1 or B2;
>if you want to know more, go read the Orange Book.

Yes, I would like a B1 or B2 system for the house.  MAC and least
privilege are very nice features to have.  For BBS users, trusted
path is also nice.  Keeps the little trojan horse weenies off your
back.
-- 
John F. Haugh II       | This space intentionally |    MaBellNet: (512) 838-4330
SneakerNet: 809/1C079  |      left blank ...      |      VNET: LCCB386 at AUSVMQ
BangNet: ...!cs.utexas.edu!ibmchs!auschs!snowball.austin.ibm.com!jfh (e-i-e-i-o)



More information about the Comp.unix.sysv386 mailing list