Re: signing a filesystem

Andrew G. Morgan (morgan@parc.power.net)
Sun, 29 Dec 1996 07:12:59 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Robin Becker: "2.1.17 can't find ide"
Previous message: bofh@snoopy.virtual.net.au: "Re: signing a filesystem"
In reply to: Andrey V Khavryutchenko: "2.0.27 oops'es"

Hi,

Andrew G. Morgan wrote:
> bofh@snoopy.virtual.net.au wrote:
> > >At this stage, I'm interested mostly in peoples' comments. I'm becoming
> > >fascinated by what it would take to make Linux conform to Orange-Book Class B
> > >security. This modification to the filesystem would be relevant to getting it
> > >over C1 (sub-paragraph 2.1.3.1.1!)
> >
> > Sounds great!
> >
> > If there is a good copy of these security standards on the net could you
> > please give me the URL? Otherwise could you please provide a brief summary of
> > the important points?

Re: The Orange book.

As a follow up to my linux-kernel post (extract above), I wasted yesterday
morning, converting the plain text of Part-I of the famous Orange book to
sgml. The result is "part I" on the web.. I have tried to keep true to the
emphasis used in the printed copy (new features required by higher levels
are in bold to distinguish them). I have also corrected a few typos that
seem to be present in the NIST electronic copy - but were not in the printed
DOD 5200.28-STD version (if anyone spots any more, please tell me). My
efforts are to be found here:

http://parc.power.net/morgan/Orange-Linux/index.html

The html is available for browsing and the sgml/ps/txt/html (of part-I) are
available for downloading, as well as a copy of the NIST electronic version.
On the Orange-book page, I have given a pointer to the electronic archive of
other rainbow books (maintained by NIST).

If there is interest, I will have a go at converting the rest of the Orange
book. It wasn't much fun to convert Part I, but I'm happy with it now its
done.

Please feel free to comment on the other stuff present on this page. I'm
sincerely interested in modifying the kernel to be flexible enough to plug
in modules (or whatever) that implement the various Orange-Book security
classes. Whether such modifications ever get distributed with a future
kernel is out of my hands, but the more discussion the better the design,
and the more attractive such changes will ultimately be.

Best wishes

Andrew

-- 
        Linux-PAM: http://parc.power.net/morgan/Linux-PAM/index.html
          libpwdb: http://parc.power.net/morgan/libpwdb/index.html
       [ For those that prefer FTP  ---  ftp://ftp.lalug.org/morgan ]

Next message: Robin Becker: "2.1.17 can't find ide"
Previous message: bofh@snoopy.virtual.net.au: "Re: signing a filesystem"
In reply to: Andrey V Khavryutchenko: "2.0.27 oops'es"