Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!elroy.jpl.nasa.gov!usc!apple!ames!haven!uvaarpa!murdoch!news From: randall@Virginia.EDU (Ran Atkinson) Newsgroups: comp.unix.sysv386 Subject: Re: security levels, V.4 Message-ID: <1990Dec3.152642.25938@murdoch.acc.Virginia.EDU> Date: 3 Dec 90 15:26:42 GMT References: <1990Dec3.122925.1968@odi.com> Sender: news@murdoch.acc.Virginia.EDU Reply-To: Ran Atkinson Followup-To: misc.security Distribution: na Organization: University of Virginia Lines: 32 In article <1990Dec3.122925.1968@odi.com>, benson@odi.com (Benson I. Margulies) writes: >Randall@virginia is misinformed: No. I was avoiding the use of technical jargon and avoiding going into detail that I felt was inappropriate for this audience. That isn't nearly the same has being incorrect or misinformed. Next time don't be quite so quick to flame without cause. I stand by my statement that a B system is harder to break into (i.e. more trustworthy) -- realise that I (like most folks) consider a break in to be ANY form of unauthorised access to data or other compromise of system security in general. >a B2 system has two things that no C system has (other than >labels) >1) trusted path: > >2) an implementation that passed must stricter muster with the DODCSC. >B2 systems have to have full design documentation and meet some modularity >standards. C systems just sort of have to have the features. >Curious individuals should acquire copies of the orange book and >see for themselves. I was looking at my personal copy when I wrote my comments. I agree that those interested in the topic should look at the original document. Followups have been redirected to misc.security.