> > Is MacOS X EAL4? > > Not so far as I know, but it could probably get there with some amount > of work if it isn't already.
MAC OS X and MAC OS X Server are currently in NIAP evaluation at EAL3 (see http://niap.nist.gov/cc-scheme/InEvaluation.html). > This is sort of what I mean about EAL4 not being good enough. The state > of affairs at present is that a whole bunch of known-breakable OS's are > nonetheless certifiable and being touted as secure... While I agree completely that EAL4 is too low of a bar given the current threat level against OSes used to connect to the Internet, I think that the true failure is in the PPs. Most efforts to create a PP with functional security requirements that are appropriate to the *known, existing* Internet threat - even at EAL4 - falter due to either limitations of the CC Functional Component families or a growing realization among the writers that no commercial OS could successfully show compliance with the necessary and sufficient set of requirements for safe Internet and Web computing. The fundamental security assurance problem is usually not with the basic OS features: i.e., scheduling and process, memory, and storage management. Instead, the evaluations choke on the networking facilities! It would generally be necessary to completely redesign the networking stack in most OS to extend the architecture concepts that hold for the OS itself. Since the OS stack is normally larger than the OS itself and designed using a set of architectural principles that are substantially different from those of the OS, this is a substantial and costly exercise! In this sense, the real advantage (which is pragmatically a serious problem) of EROS is that its underlying architecture will demand the design and implementation of a completely new network stack. This is good because the stack can be designed according to the same principles as the OS, but is a problem because it could delay release of a network-ready, high assurance EROS by inhibiting reuse of existing network stack implementations. -DMC > shap --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]