TrustedBSD Auditing Facilities (was RE: FreeBSD usage in safety-c
ritical environments)
Nelson, Trent .
tnelson at switch.com
Fri Oct 11 07:04:44 GMT 2002
Hi,
> -----Original Message-----
> From: Robert Watson [mailto:rwatson at freebsd.org]
> Sent: Thursday, October 10, 2002 11:06 PM
> To: Nelson, Trent .
> Cc: 'chromexa at ovis.net'; 'hackers at freebsd.org'
> Subject: RE: FreeBSD usage in safety-critical environments
>
>
> On Wed, 9 Oct 2002, Nelson, Trent . wrote:
>
> > If you're referring to security criteria (Trusted Computer
> > Security Evaluation Criteria or ITSEC for Euro/UK), then no, FreeBSD
> > doesn't currently provide any features C2/F-C2+ configuration (Access
> > Control Lists, auditing, accountability, etc). This is being tackled by
> > TrustedBSD though, which I'm sure Robert Watson can provide some more
> > information on.
> We don't current have an audit
> implementation, but I'm working to resolve that issue as soon as possible.
> The only big thing missing from the picture is actually someone who wants
> to bring FreeBSD to market with an evaluation--someone who's willing to go
> the distance on the evaluation process (paperwork, testing, etc). My
> goals for FreeBSD 6.0 include feature completeness on CAPP (C2) and LSPP
> (B1).
Has anyone taken a look at how Tru64 UNIX tackles auditing, or even
enhanced security in general? I've had to devise a strategy over the last
few weeks for work to address the need for cross-Atlantic network
connectivity between a test-bed environment and what will eventually become
a 'live' safety-critical environment. The security configuration for such a
system (system being the components interacting with the link, not the
actual safety-critical system per se) must be very tight, and we've
basically prevented connectivity to anything other than the Tru64 UNIX
servers as nothing else we have can be configured to an acceptable level
(well, at least Linux anyway).
The Security Integration Architecture and auditing subsystem of
Tru64 UNIX are quiet elegant, IMO, and I believe they'd provide a good basis
for the road TrustedBSD would eventually have to travel down.
The security documentation (which details all of this, and a lot
more) for Tru64 UNIX can be found at:
http://www.tru64unix.compaq.com/docs/base_doc/DOCUMENTATION/V51A_PDF/ARH95DT
E.PDF
General documentation can be found at:
http://www.tru64unix.compaq.com/docs/pub_page/V51A_DOCS/ADM_DOCS.HTM
> Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
> robert at fledge.watson.org Network Associates Laboratories
Regards,
Trent.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list