dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


osOpinion: Mandatory Protection

Sep 07, 2000, 06:45 (14 Talkback[s])
(Other stories by TechnoJoe)

WEBINAR:
On-Demand

Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers


[ Thanks to Kelly McNeill for this link. ]

"A recent osOpinion article perked my interest about the Navy's recent decision to use the Microsoft Windows operating system in its next generation aircraft carrier. Two years earlier, a divide by zero error on a Microsoft Windows NT machine left the USS Yorktown dead in the water for over two hours. The sequence of these events forces one to ask the question: why would the government choose the Microsoft Windows operating system despite the known defects and problems? The answer is really quite simple - they do not have a choice in the matter."

"The Department of Defense has a little known rule that all computer products (hardware and software) containing classified or unclassified sensitive information must be evaluated and rated. The National Computer Security Center (NCSC), a branch of the NSA, is responsible for evaluating and rating commercial security products. These products fall into one of four divisions: D - Minimal Security, C - Discretionary Protection, B - Mandatory Protection, and A - Verified Protection. Divisions C, B, and A are divided into classes: C1 - Discretionary Security Protection (no longer in use), C2 - Controlled Access Protection, B1 - Labeled Security Protection, B2 - Structured Protection, B3 - Security Domains, and A1 - Verified Design (see Orange Book). The ratings, in order from least secure to most secure, are D, C1, C2, B1, B2, B3, and A1...."

"I believe Linux is capable of much more than just meeting the C2 rating Microsoft Windows NT holds. Since Linux can do everything that Microsoft Windows NT can do (and then some), one can reasonably assume that Linux can achieve a minimum C2 rating. In order to meet the B1 requirements, the operating system must be able to append security information to objects after they leave the system. Microsoft Windows NT could not achieve this rating because they supported only the FAT file system for floppy disks, which cannot track security information. Linux supports the EXT2 file system for floppy disks, and the kernel can be compiled to remove support for the less secure FAT, forcing users to use a file system that contains security information, hence mandatory protection...."

Complete Story

Related Stories: