Common Criteria?

[Linda Walsh]

> Jeff DeMello wrote:
> It sounds like you are trying to state your security requirements in the terms of B1, instead of stating your requirements, and seeing what B1 does and doesn't offer.  Note: there are no integrity policies enforced in B1.
---
	It seems modern systems often implement both the Bell-LaPadula
and the Biba integrity model to provide a more complete solution.  I'm
wanting complete MAC labels (in our case, Sens+Integ fields) both in 
the file system via attributes and in the process if turned on as an option.
Theoretically one could set the S=I=0 for levels and standard Unix DAC
would apply.  Yes, empty labels on objects could take up 4 bytes in an
inode (if implemented there) no big deal - minor overhead.  Then you could
still implement many useful degrees of separation w/o even using any
Divisions or Categories.  But if implemented to support those, what a bonus
for future expansion or other TBD uses.

	Also, something to be noted -- there are these correlations being
made with EAL's and B1/C2.  EALs are just for the development *process*,
documentation required, and evaluation (evaluator) requirements.  Functionality,
like auditing and mandatory labeling are specified separately from how
well you "assure" that the functionality was implemented and works correctly.

	Irix 6.5.7 is currently being evaluated for CAPP compliance.  After
that, Trusted Irix 6.5.? (different product) will be in for LSPP compliance.

	The Trix B1 implementation (with all the stuff we don't own stripped
out) was put on oss.sgi.com for the purposes of being a "reference" evaluation.
B1 compliance, of course, is a stepping stone to LSPP certification.

-l

-- 
Linda A Walsh                    | Trust Technology, Core Linux, SGI
law at sgi.com                      | Voice: (650) 933-5338
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message