> Of course C2 security is better than no security, but C2 was never
Welll ....... it is if you understand its limitations. Otherwise ...
> "designed for commercial use" as is sometimes written in articles and
> email. If you are in an environment where the system administrators
> want to *enforce* security on the users, B1 and higher security features
> are needed. But remember, none of the TCSEC ("Orange Book") security
> levels were designed for anything other than military/government use.
> It just happens that a lot of the security they specify is general-
> purpose and works well in all kinds of environments.
(1) B1 is not much better than C2.
(2) The strengths of B2 and above are related to the high assurance issues
rather than to the features. At B2 you have a very good expectation
that the system actually works like it is supposed to. After that, you
must determine if the high assurance features really address the
threats in your environment.
I would also argue the issue that TCSEC strictly addressed the military.
The issues addressed by the TCSEC primarily, at B2 and above, focus on "how
do you know it works - prove it!" The sad truth is that people who
generated TCSEC systems focused on meeting precisely their interpretation
of the minimum system that met the TCSEC requirements. That is not the
Jon F. Spencer spencerj @
Data General Corp. Phone : (919)248-6246
62 T.W. Alexander Dr, MS #119 FAX : (919)248-6108
Research Triangle Park, NC 27709 Office RTP 121/9
Reality is an illusion - perception is what counts.
No success can compensate for failure in the home.
President David O. McKay
***** UCC 1-207 ********