Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!clyde!cbosgd!ihnp4!ptsfa!lll-lcc!mordor!sri-spam!rutgers!mit-eddie!uw-beaver!uw-june!uw-entropy!uw-apl!cel
From: cel@uw-apl.UUCP
Newsgroups: comp.unix.wizards
Subject: UNIX classified operation
Message-ID: <175@uw-apl.UUCP>
Date: Mon, 15-Jun-87 12:12:40 EDT
Article-I.D.: uw-apl.175
Posted: Mon Jun 15 12:12:40 1987
Date-Received: Wed, 17-Jun-87 01:44:16 EDT
Organization: UW Applied Physics, Seattle
Lines: 16
Keywords: UNIX, classified, DoD, audit


New DoD requirements for classified computing require that we provide on demand
an audit trail from which they can reconstruct all "actions to open, close,
create and destroy classified files", Section XIII, 111.b.(4), Security
Requirements for Automated Information Systems, DoD 5220.22-M.  A real UNIX
wizard will understand better than I do that this is not a trivial task in a
UNIX environment.  You have to protect against access by mv, cp, rm, cat, as
well as attempts by aliased users, tasks which were linked on another system
and imported by, e.g., mag tape, etc., etc..  Is there anyone out there who has
addressed this problem seriously, let alone solved it?  It doesn't seem likely
that Berkeley has done it, or will do it.  [OOPS!  Sorry, I forgot to mention
at the top that we're running 4.2bsd.]  Send replies (even suggestions and
comments) to:

         Curtis Lacy
         {allegra,microvax,decvax,ucbvax!lbl-csam}!uw-beaver!uw-apl!cel