Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watmath!clyde!rutgers!gatech!mcnc!rti!dg_rtp!meissner From: meissner@dg_rtp.UUCP Newsgroups: comp.unix.wizards Subject: Re: UNIX classified operation Message-ID: <2165@dg_rtp.UUCP> Date: Sat, 20-Jun-87 19:14:09 EDT Article-I.D.: dg_rtp.2165 Posted: Sat Jun 20 19:14:09 1987 Date-Received: Sun, 21-Jun-87 09:07:13 EDT References: <175@uw-apl.UUCP> Reply-To: meissner@dg_rtp.UUCP (Michael Meissner) Organization: Data General (Languages @ Research Triangle Park, NC.) Lines: 30 In article <175@uw-apl.UUCP> cel@uw-apl.UUCP (Curtis Lacy) writes: > > New DoD requirements for classified computing require that we provide on demand > an audit trail from which they can reconstruct all "actions to open, close, > create and destroy classified files", Section XIII, 111.b.(4), Security > Requirements for Automated Information Systems, DoD 5220.22-M. A real UNIX > wizard will understand better than I do that this is not a trivial task in a > UNIX environment. You have to protect against access by mv, cp, rm, cat, as > well as attempts by aliased users, tasks which were linked on another system > and imported by, e.g., mag tape, etc., etc.. Is there anyone out there who has > addressed this problem seriously, let alone solved it? It doesn't seem likely > that Berkeley has done it, or will do it. [OOPS! Sorry, I forgot to mention > at the top that we're running 4.2bsd.] Send replies (even suggestions and > comments) to: As others have said, the only real way to get the audit trail reliably, is to put it into the kernel in the open, close, shm*, bind, etc. system calls. However, the fun question is where do you log it to? Tape [you had better have fulltime operators], disk [audit trails chew up an huge quanity of disk in a hurry - I've heard of filling a 350M disk in about an hour of normal timesharing use on other systems], etc. Also, you have to watch out for set user-ID programs, etc. I don't have the orange book at home with me, but I seriously doubt whether ANY UNIX can be made more secure than B3 or maybe B2, and still have it be UNIX. In some senses, it could be said that manitory security is the antithisis of UNIX (flamers note, I mean that UNIX was designed to encourage sharing amonst it's users). -- Michael Meissner, Data General Uucp: ...mcnc!rti!dg_rtp!meissner It is 11pm, do you know what your sendmail and uucico are doing?