From owner-freebsd-hackers Thu Oct 10 15: 6: 6 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5176937B401 for ; Thu, 10 Oct 2002 15:06:05 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id A58B843EB1 for ; Thu, 10 Oct 2002 15:06:04 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.12.4/8.12.4) with SMTP id g9AM5YOo039642; Thu, 10 Oct 2002 18:05:34 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Thu, 10 Oct 2002 18:05:34 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: "Nelson, Trent ." Cc: "'chromexa@ovis.net'" , "'hackers@freebsd.org'" Subject: RE: FreeBSD usage in safety-critical environments In-Reply-To: <8F329FEDF58BD411BE5200508B10DA7607D71A12@exchptc1.switch.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 9 Oct 2002, Nelson, Trent . wrote: > If you're referring to security criteria (Trusted Computer > Security Evaluation Criteria or ITSEC for Euro/UK), then no, FreeBSD > doesn't currently provide any features C2/F-C2+ configuration (Access > Control Lists, auditing, accountability, etc). This is being tackled by > TrustedBSD though, which I'm sure Robert Watson can provide some more > information on. We're actually close to feature completeness on the CAPP (Common Acess Protection Profile), which is logically equivilent to the old C2 TCSEC evaluation except expressed in the parlance of the Common Criteria, for 5.0. For example, we now have support for access control lists--we also have a number of features required for LSPP, which requires information labeling and mandatory protections. We don't current have an audit implementation, but I'm working to resolve that issue as soon as possible. The only big thing missing from the picture is actually someone who wants to bring FreeBSD to market with an evaluation--someone who's willing to go the distance on the evaluation process (paperwork, testing, etc). My goals for FreeBSD 6.0 include feature completeness on CAPP (C2) and LSPP (B1). > Although they are inter-related, the safety integrity level of > the system is what I was really querying. That tends to bring in a > whole host of metrics such as error and exception handling, standard > failure modes, MTBF, etc etc. Agreed. There are some similar notions, but they're not the same. I'm happy to take on the security feature issue, but I'm not qualified on the safety/reliability side. Anecdotately, FreeBSD has excellent up-time and strong failure tolerance, but you need something more than that in a formal sense. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message