Re: Re: Trusted OS...

[Ryan Russell <ryan () securityfocus com>]

On Thu, 23 Mar 2000, Marcus J. Ranum wrote:

> Are you sure about that? Secure computing makes a trusted operating
> system (called LOCK, if I recall correctly) but Sidewinder was based
> on BSDI with some orange book fairy dust blown on it - I don't think
> it was a _real_ trusted operating system, just good old BSDI (which is
> probably better) with some hacks in it to include the domain/type
> enforcement stuff.

Isn't that the central problem?  Do C level and below Orange Book
requirements actually help anything?  If I can take an OS, and add some
typing features, and have the money for the testing, is C2 useful at all?

I think what you're speaking to is the fact that the denotative definition
of "trusted OS" in the US is just meeting the rainbow requirements.  While
most of us as security people would like to think that "trusted OS" means
that it has some actual security and has been carefully audited.

Certainly that doesn't mean an OS that has been succesfully been evaluated
can't also be secure... I think it just means that a rating alone doesn't
give assurance that the OS is secure (or even any more secure than
another.)  I don't think that will be a big surprise to anyone here.

                                        Ryan