Xref: utzoo comp.unix.programmer:1369 alt.sources.d:1643 alt.security:2000
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!cs.utexas.edu!natinst!sequoia!rpp386!jfh
From: jfh@rpp386.cactus.org (John F Haugh II)
Newsgroups: comp.unix.programmer,alt.sources.d,alt.security
Subject: Re: C2 secure systems and the superuser
Message-ID: <19115@rpp386.cactus.org>
Date: 19 Mar 91 13:12:00 GMT
References: <19103@rpp386.cactus.org> <1991Mar13.185609.21132@convex.com> <19104@rpp386.cactus.org> <1991Mar17.060540.3911@cbnewsh.att.com> <FAIGIN.91Mar18121748@sunstroke.aerospace.aero.org>
Reply-To: jfh@rpp386.cactus.org (John F Haugh II)
Organization: Lone Star Cafe and BBS Service
Lines: 31
X-Clever-Slogan: Recycle or Die.

In article <FAIGIN.91Mar18121748@sunstroke.aerospace.aero.org> faigin@aerospace.aero.org (Daniel P. Faigin) writes:
>In article <1991Mar17.060540.3911@cbnewsh.att.com>, wcs@cbnewsh.att.com (Bill
>Stewart 908-949-0705 erebus.att.com!wcs) writes: 
>
>> Most of the market is satisfied with C2 functionality, and doesn't
>> really need the NSA Good Housekeeping Seal.  
>
>Correction. Most of the COMMERCIAL market. The ratings are there to help the
>DoD side of things. This goes along with the Agency's charter. If it ever gets
>the budget, the commercial side will probably be happer with NIST.

I tend to think that there are features above the C2 level that are
interesting in a commercial environment that would be beneficial if
they could be extracted from the remainder of the B1/B2 requirements.

Particularly, MAC and Least Privilege.  MAC is extremenly important
if information is to be protected - trojan horses can depend on DAC
to permit exporting information, but MAC prevents any unintentional
downgrading of information.  Thus, management data is protected from
programs gone awry.  It doesn't have to be "full-blown" MAC, with all
the requirements - just the basic concepts of subject and object
dominance.  I should be able to downgrade my own information so long
as I am on the trusted path.  [ Guess that means I need "trusted
path" too, eh? ]  Least privilege is in there because it's just a
good idea and allows operators to be given just enough authority
to get their jobs done.
-- 
John F. Haugh II        | Distribution to  | UUCP: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 832-8832 | GEnie PROHIBITED :-) |  Domain: jfh@rpp386.cactus.org
"I've never written a device driver, but I have written a device driver manual"
                -- Robert Hartman, IDE Corp.