On Mon, 27 Mar 2000, Bennett Todd wrote:
> The Common Criteria are the descendant of the rainbow book Trusted
> Product Evaluation Program.
YM "Bastard stepchild", HTH, HAND.
> Once we figure out what security is, and how to specify it properly
> in a design, then we can start working on certification programs.
The TPEP did that fairly well at B2 and above IMO.
> At the moment, I only know of two people who design secure computer
> systems, and neither of them have anything to do with the C-C. Or
> the TPEP.
I know a fair ammount of people who do or hae worked with secure systems,
most of them coming from the TPEP world, but then I'm in the DC area,
where that sort of thing used to be pretty popular.
> If I wanted to build a secure server, I'd have more confidence in a
> well-seasoned open source OS running suitably-chosen components,
> like e.g. openssh, postfix or qmail, dnscache, and so forth.
So what about an open-source OS with sort-of-B1ish security built in?
<favorite security system plug>
http://www.rsbac.de/
</favorite security system plug>
Or are you of the opinion that real ACLs, MAC, role-based access, etc.
aren't useful to restrict compromise to the subset of suitably-chosen
components which may still have bugs, or the list of
not-as-suitably-chosen as you would have liked people?
Personally, I think there's still a great deal of assurance and even
security milage to be gotten from trusted systems, *especially* in the
limiting of administrative roles to least privilage. Most tellingly in
the case where remote operational management and distributed
administration with centralized configuraion are concerned.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
PGP signature
