Firewall Wizards mailing list archives

Re: Re: Trusted OS...

From: Rick Smith <rick_smith () securecomputing com>
Date: Mon, 03 Apr 2000 17:52:29 -0500

<whine>
Gee whiz, guys, how can you have a Trusted OS discussion while I'm on
vacation? I'm missing all the fun!
</whine>

Anyway, let me broach the question of "Is Sidewinder based on a Trusted OS?"

Of course we have to start by saying what we mean by a Trusted OS. Some
folks say that anything that completes a formal security evaluation is a
Trusted OS. But that includes C level OSes that can't defend against well
known threats like trojan horses. I don't especially like that definition
since it labels recognizably weak OSes as "trusted."

I generally agree with Paul McNabb that a true Trusted OS is one that
implements a mandatory access control mechanism. That's what Sidewinder
does with Type Enforcement. The point is that you can't bypass the type
enforcement mechanism even if you gain root. It's always enforced,
regardless of user ID.

For what it's worth, a lot of engineering went into the integration of type
enforcement into BSD. Basically, we dug into the guts of the system and
installed mandatory access control checks, generally in conjunction with
existing DAC checks. Then we added checks on other things we needed to
control, like network interfaces and individual ports. It took 2 or 3
releases to get all that done. The results have satisfied some very
paranoid customers over the years.

I recognize that it's very hard to tell from the outside whether the
engineering work is marketing hype or not. In the past, SCC has never
perceived a marketing or sales benefit in submitting Sidewinder to a formal
security evaluation. This could change now that the Common Criteria is in
place, especially since the Govt is trumpeting new rules about purchasing
evaluated firewalls.

Since so many commercial firewalls have devolved into (or returned to their
roots as) filtering routers, it might be hard to see a benefit in using a
trusted OS. These things let so much through that the principal threats
aren't against the firewall itself. However, some customers do maintain a
level of paranoia and implement the appropriate security policies to make
it worthwhile for them.

Rick.
smith () securecomputing com

Current thread:

Re: Re: Trusted OS... Paul D. Robertson (Apr 04)
- <Possible follow-ups>
- Re: Re: Trusted OS... Civ David R. Sears (Apr 04)
- Re: Re: Trusted OS... Pere Camps (Apr 10)
- RE: Re: Trusted OS... Michael . Owen (Apr 10)
- Re: Re: Trusted OS... Iván Arce (Apr 10)
- RE: Re: Trusted OS... Starkey, Kyle (Apr 10)
  - Re: Re: Trusted OS... Bennett Todd (Apr 10)
- Re: Re: Trusted OS... Rick Smith (Apr 10)
- RE: Re: Trusted OS... Rick Smith (Apr 13)
- RE: Re: Trusted OS... Matthew . Hannigan (Apr 17)