Linda Walsh writes:
> Rik van Riel wrote:
>> Personally I'd rather see Linux chose for real security than
>> for some paperwork issue.
>
> Also, what do you mean "real security"? By which standard is it
> measured and evaluated? Is there a security policy? A security
> target defined? Other parts of the CAPP require those to be written
> down. Tests are required to show that the provided functionality has
> been verified. A set of system files, the Trusted Computing Base
> (TCB) needs to be defined. Each file in the TCB has to be evaluated
> for one of three classifications "Security enforcing", "Security
> relevant" and "Not Security Relevant". Has someone written (I hope?)
> a security analysis of every system call and every ioctl/fcntl? These
> are formal elements of a secure system.
...
> It might be an interesting task for you to define a "real security"
> Protection Profile and submit it to the Common Criteria.
I think I know what he means.
For "real security" you don't pretend that you can stop spies.
The system is strictly DAC-based, and most likely uses a root
account in the traditional way. Instead of adding new features,
you verify that the existing ones work correctly. An LSPP/B1
system full of bugs is worse than a perfect not-quite-C2 system.
The latter will at least correctly enforce DAC, while the former
might well let remote attackers get into kernel memory.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun May 07 2000 - 21:00:11 EST