Date: Tue, 25 Jul 2000 17:44:36 +1000 (Australia/NSW) From: Darren Reed <avalon@coombs.anu.edu.au> To: phk@critter.freebsd.dk (Poul-Henning Kamp) Cc: avalon@coombs.anu.edu.au (Darren Reed), imp@village.org (Warner Losh), john1000@cwcom.net, freebsd-security@FreeBSD.ORG Subject: Re: orange book rating for freebsd Message-ID: <200007250744.RAA17232@cairo.anu.edu.au> In-Reply-To: <9855.964508836@critter.freebsd.dk> from "Poul-Henning Kamp" at Jul 25, 2000 09:07:16 AM
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Poul-Henning Kamp, sie said: > > In message <200007250619.QAA05994@cairo.anu.edu.au>, Darren Reed writes: > >In some mail from Warner Losh, sie said: > >> > >> In message <397CEC16.F5453AC0@cwcom.net> m01ym900@cwcom.net writes: > >> : does anyone know what level of security rating freeBSD can be configured > >> : to, with regards to the orange book rating system (C1 through to A1). > >> > >> FreeBSD can be configured to be C2 secure, just like all the other > >> Unix-oids out there. There's some work with TrustedBSD to make things > >> B1 or B2, but those are very hard. FreeBSD doesn't have the > >> facilities to get A1, which requires, iirc, tagging of all data as > >> unclassified, secret or top secret and not allowing data to cross the > >> security boundaries (in either direction w/o authorization from the > >> system administrator). > > > >In addition to programming with labels, etc, Ax also requires taking into > >account "signalling" via covert channels. FreeBSD will never reach an A > >level orange book rating because it was not designed, from scratch, to be > >that way. C2 is just a matter of someone with money giving a box to the > >NSA, appropriately configured and with suitable documentation, for review. > > > >As for "tags", those are required for B2, along with rules about which > >way data can "travel". > > As far as I know we'll never get any A rating because that requires > design documents which define the security. Yes, that's what I said. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007250744.RAA17232>