Re: Reasons for Inclusion

• Previous message: Seth Arnold: "Re: Reasons for Inclusion"
• In reply to: Russell Coker: "Re: Reasons for Inclusion"
• Next in thread: Valdis.Kletnieksat_private: "Re: Reasons for Inclusion"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* frm bofhat_private "03/22/2002 11:12:15 PM +0100" | sed '1,$s/^/* /'
*
* On Fri, 22 Mar 2002 22:50, jmjonesat_private wrote:
*> > In many cases, they may hear of "trusted computing" or perhaps even
*> > "orange book B1" (or the new buzphrase "trustworty computing"). But
*> > without an example of one it is impossible to determine if such a beast
*> > would be usefull. Much less learn how to use it.
*> 
*> Not sure how LSM helps this.
* 
* LSM allows the implementation of most of the features that the obsolete
* B1  standard required.  Note that B1/C2 security standards were not for
* OSs or  security systems, they were for specific configurations.  Linux
* would not  meet C2 any more than NT would, an OS can not meet it, it's a
* particular  configuration of an OS.  A good configuration of SE Linux
* would be likely to  meet C2.

Nope. It would excede it in some areas (C2 doesn't require manditory access
control), but it doesn't have the one feature that C2 mandates, audit :-)

*> Can LSM support C2 fully, verifiably, and certifiably?  That's an
*> advantage, if it can.  Has anybody proved this (at least in a paper?)
* 
* C2 is not relevant, it's been made obsolete.  I believe that the new 
* standards are called "common criteria", but I'm not certain.  Whether
* some  specific configuration of Linux can pass some contrived tests means
* nothing  to me.

It might mean nothing to you, but there's a significant ammount of real
live revenue that hinges on passing those contrived tests. While you
personally may not want or care about that, some people on this list do. 


The Common Criteria is the framework for accepting an evaluation by other
countries.

The two common "Protection Profiles" for general purpose OSs are 

    Controlled Access (CAPP) - akin to C2
and
    Labelled Security (LSPP) - akin to B1

(you can find the full list of profiles at
http://www.radium.ncsc.mil/tpep/library/protection_profiles/index.html)



richard.

-- 
-----------------------------------------------------------------------
Richard Offer                     Technical Lead, Trust Technology, SGI
"Specialization is for insects"
_______________________________________________________________________

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: jmjonesat_private: "Re: Reasons for Inclusion"
• Previous message: Seth Arnold: "Re: Reasons for Inclusion"
• In reply to: Russell Coker: "Re: Reasons for Inclusion"
• Next in thread: Valdis.Kletnieksat_private: "Re: Reasons for Inclusion"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Mar 22 2002 - 16:16:18 PST