Re: Reasons for Inclusion

From: richard offer (offerat_private)
Date: Fri Mar 22 2002 - 16:14:53 PST

  • Next message: jmjonesat_private: "Re: Reasons for Inclusion"

    * frm bofhat_private "03/22/2002 11:12:15 PM +0100" | sed '1,$s/^/* /'
    *
    * On Fri, 22 Mar 2002 22:50, jmjonesat_private wrote:
    *> > In many cases, they may hear of "trusted computing" or perhaps even
    *> > "orange book B1" (or the new buzphrase "trustworty computing"). But
    *> > without an example of one it is impossible to determine if such a beast
    *> > would be usefull. Much less learn how to use it.
    *> 
    *> Not sure how LSM helps this.
    * 
    * LSM allows the implementation of most of the features that the obsolete
    * B1  standard required.  Note that B1/C2 security standards were not for
    * OSs or  security systems, they were for specific configurations.  Linux
    * would not  meet C2 any more than NT would, an OS can not meet it, it's a
    * particular  configuration of an OS.  A good configuration of SE Linux
    * would be likely to  meet C2.
    
    Nope. It would excede it in some areas (C2 doesn't require manditory access
    control), but it doesn't have the one feature that C2 mandates, audit :-)
    
    *> Can LSM support C2 fully, verifiably, and certifiably?  That's an
    *> advantage, if it can.  Has anybody proved this (at least in a paper?)
    * 
    * C2 is not relevant, it's been made obsolete.  I believe that the new 
    * standards are called "common criteria", but I'm not certain.  Whether
    * some  specific configuration of Linux can pass some contrived tests means
    * nothing  to me.
    
    It might mean nothing to you, but there's a significant ammount of real
    live revenue that hinges on passing those contrived tests. While you
    personally may not want or care about that, some people on this list do. 
    
    
    The Common Criteria is the framework for accepting an evaluation by other
    countries.
    
    The two common "Protection Profiles" for general purpose OSs are 
    
        Controlled Access (CAPP) - akin to C2
    and
        Labelled Security (LSPP) - akin to B1
    
    (you can find the full list of profiles at
    http://www.radium.ncsc.mil/tpep/library/protection_profiles/index.html)
    
    
    
    richard.
    
    -- 
    -----------------------------------------------------------------------
    Richard Offer                     Technical Lead, Trust Technology, SGI
    "Specialization is for insects"
    _______________________________________________________________________
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Mar 22 2002 - 16:16:18 PST