"Mike A. Harris" wrote:
>
> On Sat, 19 Feb 2000, Rogier Wolff wrote:
> >Consider it another measure in line with the C2 rating of Linux:
> >
> >Linux is at C2 of the orange book ratings. This means that accidental
> >access to protected information is blocked.
>
> Linux is rated C2? Surely you jest! I'm sure that it is heading
> for the day when it would meet C2, but I doubt it does right now.
>
> The reference I have on C2 (not authoritative however) says ...
The authoritative reference is at:
http://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.html#HDR2.1.1
My reading is that:
For C1 we'd need only documentation and test program development; all
the basic mechanisms are in place. Most of the required documentation
exists too; it would just need to be pulled together in their format.
For C2 we'd need quite a lot of work. Extensive security auditing, dump
things that cannot pass, add some patches and perhaps some utilities,
and do a lot more documentation and testing.
Probably only a major distribution vendor could do this. You'd need to
control what goes into a distribution (no un-audited stuff) and you'd
need considerable resources.
For the B levels we'd need some basic re-design.
But the Rainbow Series of books are being superceded by the Common
Criteria:
http://www.radium.ncsc.mil/tpep/library/ccitse/index.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:24 EST