---

Home Infrastructure

osOpinion: Mandatory Protection

By

[ Thanks to Kelly
McNeill for this link. ]

“A recent osOpinion article perked my interest about the Navy’s
recent decision to use the Microsoft Windows operating system in
its next generation aircraft carrier. Two years earlier, a divide
by zero error on a Microsoft Windows NT machine left the USS
Yorktown dead in the water for over two hours. The sequence of
these events forces one to ask the question: why would the
government choose the Microsoft Windows operating system despite
the known defects and problems? The answer is really quite simple –
they do not have a choice in the matter.”

“The Department of Defense has a little known rule that all
computer products (hardware and software) containing classified or
unclassified sensitive information must be evaluated and rated. The
National Computer Security Center (NCSC), a branch of the NSA, is
responsible for evaluating and rating commercial security products.
These products fall into one of four divisions: D – Minimal
Security, C – Discretionary Protection, B – Mandatory Protection,
and A – Verified Protection. Divisions C, B, and A are divided into
classes: C1 – Discretionary Security Protection (no longer in use),
C2 – Controlled Access Protection, B1 – Labeled Security
Protection, B2 – Structured Protection, B3 – Security Domains, and
A1 – Verified Design (see Orange Book). The ratings, in order from
least secure to most secure, are D, C1, C2, B1, B2, B3, and
A1….”

I believe Linux is capable of much more than just meeting
the C2 rating Microsoft Windows NT holds. Since Linux can do
everything that Microsoft Windows NT can do (and then some), one
can reasonably assume that Linux can achieve a minimum C2
rating. In order to meet the B1 requirements, the operating
system must be able to append security information to objects after
they leave the system. Microsoft Windows NT could not achieve this
rating because they supported only the FAT file system for floppy
disks, which cannot track security information. Linux supports the
EXT2 file system for floppy disks, and the kernel can be compiled
to remove support for the less secure FAT, forcing users to use a
file system that contains security information, hence mandatory
protection….”

Complete
Story

Complete Story
Previous article
Next article

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.