Common Criteria?
Robert Watson
rwatson at FreeBSD.org
Tue Apr 18 18:35:37 GMT 2000
Needless to say, your response is very thought-provoking. A
better-phrased answer to your question about targetting the B1 feature set
is that the B1 feature set meets the needs of a number of environments I
have been working in--in particular the electronic commerce web host
environment wherein sharing of hardware and software resources is required
for cost-effective operation (which is really the goal of web hosting),
but the system administrator wishes to provide improved discretionary
access control handling, as well as impose mandatory integrity and privacy
policies on the environment, both for the purposes of protecting customers
and for enforcing internal management structure (which imposes hierarchy
beyond that which pure partitioning addresses). Similarly, the auditing
requirements of the B1 environment provide many of the same services in an
electronic commerce environment: accountability, as well as being useful
for intrusion detection. It's easy to imagine commercial applications
requiring subsets of the so-called B1 feature set for a variety of reasons
(organizational divisions, etc).
Given the CC as a more flexible superset and description environment for
trusted systems, it makes sense to transpose the description of these
features from ``B1'' to appropriate CC categories and levels. Based on my
first few passes through the document over the last couple of weeks, it
appears that EAL3 and EAL4 are the feasible maximum for an existing OS
being ``hardened''.
I think it continues to be accurate to describe TrustedBSD as targeting
the B1 criteria, as the features described in the B1 criteria are
markedly similar to those being implemented. That said, I would agree
that expressing these requirements in the CC vocabulary is a useful goal,
and would help clarify the goals of the project, and put the project in a
more appropriate place with regards to current standards processes.
One thing that would be extremely useful is some sort of executive summary
of feature requirements for the various categories the CC defines for
secure systems. Another thing that would be helpful is a text-based
version of the CC requirements, which would allow easier discussion and
analysis in purely text-based forums (such as mailing lists). I've only
managed to find the CC in PDF format, which is substantially less useful.
Robert N M Watson
robert at fledge.watson.org http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list