Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!uwm.edu!linac!att!ucbvax!mar.ed.ray.com!ESTHER From: ESTHER@mar.ed.ray.com ("Esther PARIS: x2022, x1398, x2451, or x2607") Newsgroups: comp.sys.apollo Subject: more on that disk in the SECRET safe (wishing it were in an Apollo!) Message-ID: <9105211257.AA06017@ray.com> Date: 21 May 91 12:56:00 GMT Sender: daemon@ucbvax.BERKELEY.EDU Lines: 74 Hello Everyone! Thanks to all the great Internet folks who have given me so much feedback about how to declassify a SECRET Apollo disk! I really appreciate your time and effort. Here's the status/plan of attack to date: 1. disk is still locked up 2. We're running our software-based experiments on another OS 10.3 machine that has a spare small disk with no users on it. 3. We've tried all kinds of advice we've received from people, to no avail. 4. Our particular requirement, that goes beyond DoD directive 5200.28 is that we have to be able to read from the disk and show that it's been overwritten with unclassified or random patterns. In particular, we're tasked with doing three passes of overwrites, (all 1s, all 0s, all of a third number), and after EACH PASS doing a low level read of the disk to show that there's all 1s (after first pass), all 0s (after 2nd pass) and all of the third number (after third pass) on every spot on the disk. This is to prove our procedure. We have to develop the procedure, document it, demonstrate it to ourselves, invite in the Defense Investigative Service Gurus, have them witness a dry run of the program on the spare unclassified disk, have them approve the procedure, than follow that procedure on our SECRET disk. 5. We have gratefully acknowledged all the ideas about FBS and DEX for the declassification part of the procedure! This has been very helpful information! ****** 6. We're still looking for a way to do the low level read of the disk so that we can prove the overwrites have occurred. We have tried using the special files found in /dev/dsk and/or /dev/rdsk. These have not helped us to date as when you scan them (ie, run this shell script against the files: #!/bin/sh case $# in 0) DISK=/dev/rdsk/W0d1s1 ;; 1) DISK=$1 ;; *) echo 'usage: scandisk [device]' 1>&2 ; exit 1 ;; esac od -x $DISK | sed -e ' /5555 5555 5555 5555 5555 5555/d /^\*/d ' and hope to see some lines other than the boot block of the disk). It hasn't mattered how much data I have written to my spare disk, the scan of the disk shows the same results. We are running with OS 10.3, in the Aegis environment with systype = sys5.3 7. In the meantime, we're trying to shake down a method of putting the Maxtor 760-MB disk onto a PC with an ESDI disk controller and formatting/declassifying the thing from DOS. We here from our security office that Norton Utilities can be used to software-declassify a PC hard disk. We're trying to find an ESDI disk controller we can borrow (I can't ask the only person who has one here until Friday), or find out if the disk controller from the Apollo that's now diskless and unclassified could be put into the classified AT clone we have in the same room as the safe with the disk. 8. I can't just take the disk to any other machine with an ESDI disk controller or any old SUN because I can only put the disk onto a machine that itself is classified at SECRET or above. Additional ideas still welcomed! Esther Paris, 508/490-2022, Esther@mar.ed.ray.com ---- and ----- Bill Short, 508/490-3931, BShort@mar.ed.ray.com Raytheon EDL