From owner-freebsd-hackers  Thu Oct 10 15: 9:26 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id E074937B404; Thu, 10 Oct 2002 15:09:24 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id DFB4043ED1; Thu, 10 Oct 2002 15:09:23 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.12.4/8.12.4) with SMTP id g9AM8sOo039668;
	Thu, 10 Oct 2002 18:08:54 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Thu, 10 Oct 2002 18:08:54 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.ORG>
X-Sender: robert@fledge.watson.org
To: Terry Lambert <tlambert2@mindspring.com>
Cc: "Roman V. Mashak" <mrv@tv2.tomsk.ru>,
	Steve Kudlak <chromexa@ovis.net>,
	"Nelson, Trent ." <tnelson@switch.com>,
	"'hackers@freebsd.org'" <hackers@FreeBSD.ORG>,
	"'questions@freebsd.org'" <questions@FreeBSD.ORG>
Subject: Re: FreeBSD usage in safety-critical environments
In-Reply-To: <3DA50C53.FA2B1619@mindspring.com>
Message-ID: <Pine.NEB.3.96L.1021010180646.39392E-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG


On Wed, 9 Oct 2002, Terry Lambert wrote:

> "Roman V. Mashak" wrote:
> > On Wed, Oct 09, 2002 at 01:07:43PM -0400, Steve Kudlak wrote:
> > > project and mucking with the "low grade" in  my opinion C-2 security
> > > that Sun OSes had and finding bugs in things like FTP logging and
> > > the like. I now do other things so I don't worry about that. :) But it
> > > is an interesting issue. I wonder if we should move it to chat?
> > 
> > Could you please pick up some URLs with description of all security levels
> > (C-2 and so on) - how to get, who is going on it and so on.
> > Thanks in advance.
> 
> Here is the "Orange Book" (DoD TCSEC / DoD 5200.28-STD): 
> 
> 	http://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.html
> 
> You "get it" by paying a certified testing laboratory a huge amount of
> money to test a particular hardware and software combination. 

Systems are no longer being evaluated to TCSEC.  The new world order is
based on a "Common Criteria" or language for expression protection
profiles (PPs) in terms of a feature set, and then an assurance level
(EAL-1 ... EAL-4 or higher).  The logical equvilents to TCSEC C2 and B1,
as mentioned in an earlier message I sent out, are the CAPP and LSPP
protection profiles at EAL-4.  In order to get your foot in the door, you
really need at least EAL-3 / CAPP.  There are lots of other protection
profiles provided by NSA, NIST, and other international organizations.

This is a logically seperate issue from the safety critical concern,
although in many real world situations, you'd want both aspects.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message