Date: Tue, 25 Jul 2000 16:19:51 +1000 (Australia/NSW) From: Darren Reed <avalon@coombs.anu.edu.au> To: imp@village.org (Warner Losh) Cc: john1000@cwcom.net, freebsd-security@FreeBSD.ORG Subject: Re: orange book rating for freebsd Message-ID: <200007250619.QAA05994@cairo.anu.edu.au> In-Reply-To: <200007250251.UAA85516@harmony.village.org> from "Warner Losh" at Jul 24, 2000 08:51:16 PM
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Warner Losh, sie said: > > In message <397CEC16.F5453AC0@cwcom.net> m01ym900@cwcom.net writes: > : does anyone know what level of security rating freeBSD can be configured > : to, with regards to the orange book rating system (C1 through to A1). > > FreeBSD can be configured to be C2 secure, just like all the other > Unix-oids out there. There's some work with TrustedBSD to make things > B1 or B2, but those are very hard. FreeBSD doesn't have the > facilities to get A1, which requires, iirc, tagging of all data as > unclassified, secret or top secret and not allowing data to cross the > security boundaries (in either direction w/o authorization from the > system administrator). In addition to programming with labels, etc, Ax also requires taking into account "signalling" via covert channels. FreeBSD will never reach an A level orange book rating because it was not designed, from scratch, to be that way. C2 is just a matter of someone with money giving a box to the NSA, appropriately configured and with suitable documentation, for review. As for "tags", those are required for B2, along with rules about which way data can "travel". Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007250619.QAA05994>