Let start splitting hairs here....
In the 'Orange Book' context, at the B3-A1 level of evaluation, you
have the concept known as minimalization. Basicily, if a function
isn't security related, it doesn't belong in the standard configuration,
just to avoid introducing another backdoor into the box. So you have
B3-A1 security kernals, which enforce the security policy within the box,
(such as task switching, memory management, etc.) but not B3-A1
Operating Systems, with TCP/IP stacks, remote management, etc.
Functions not a part of the security kernal would have to be implemented
as part of an application, seperate and indepenedent of the kernal, this
avoid the debate if it is possible to bypass the security application
through the underlying operating system.
Leonard Miyata
aka leonard @
geminisecure .
com
GEMINI COMPUTERS INC.
On Fri, 8 Aug 1997, Brian Mitchell wrote:
>
> There are A1 level operating systems? I was not aware of that, the tcsec
> page does not seem to list any last I checked. As for type enforcement, it
> is just defined 'roles' that can execute specific system calls (or cant
> execute system calls) as far as I know. There's a big difference between
> (what appears to be) syscall hacks and operating systems designed from the
> ground up to be secure.
>
> I could, of course, be totally wrong about type enforcement, the details
> provided are somewhat sketchy.
>
References:
|
|
