[4469] in WWW Security List Archive
Re: Trusted Solaris and MLS (All servers have MLS data)
daemon@ATHENA.MIT.EDU (Jay Heiser)
Mon Feb 17 14:46:04 1997
Date: Mon, 17 Feb 1997 10:26:06 -0500
From: Jay Heiser <Jay@homecom.com>
Reply-To: jay@homecom.com
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Jim Frank wrote:
>
> Does anyone out there have information on trusted solaris and multi level
> security .
> I am told that there are machines and that they are approved for multi
> level security.
I actually helped build an MLS web server once -- interesting, but only
intelligence agencies (and very few of them) would buy the thing.
What is it that you want to do? In reality, the installed base of MLS
systems
is fairly low. Given that the military and intelligence communities
usually
don't use these things, its unlikely that there will be a strong
commercial demand.
Sun's MLS and the other Compartmented Mode Workstations are pretty
tedious to
administer and use. There aren't enough good UNIX administrators to go
around,
pushing people towards NT even in cases where UNIX might be better
suited. There doesn't seem to be a lot of enthusiasm for going the
other way
and increasing the administrative complexity of UNIX, but that's what
MLS does.
> Am I just paranoid or is there a problem with different levels of security
> in the same machine?
No, you are not paranoid, but consider this: All organizations with more
than 1
member have data that not everyone is authorized to see. Every
organization
has data that could be at least compartmentalized, and probably ranked
by
sensitivity (military uses unclass, secret, top secret, etc). Many
existing
business servers are storing data that an intelligence agency would
store on
separate machines on separate networks.
Systems like trusted solaris,DEC MLS, H-P's B1, SCO CMW+ are designed
with a special
architecture to strictly label and segregate all objects (anything that
UNIX would
consider a 'file' including monitor & esp magnetic media) by their
security
compartment and sensitivity. The system is explicitly designed to to
have difft levels of
security on it.
The govt also sees a prob with this. The "Yellow Book" basically
decrees that
B1 systems only be used for two contiguous security levels, so all of
the
commercially available B1/CMW implementations are theoretically limited
to
2-level. There are B2 and above systems avail that are acceptable as
MLS,
but they don't have useful things like networks, GUIs and support for
commercial applications, so their use is limited too. Given that
they've
backed themselves into a corner, most Govt and Intel sites use C2 or
below
systems, and attempt to maintain strict physical security and
segregation of
systems & networks. Few commercial organizations would be willing to
install
parallel networks like the military does.
The big debate is whether B1, admittedly not the ideal, but at least
commercially
feasible, is a better or worse alternative than multiple systems running
at
C2 or (most likely) less.
--
Jay Heiser, 703-610-6846, jay@homecom.com
Homecom Internet Security Services
http://www.homecom.com/services/hiss
For company & industry news...subscribe to newsletter@homecom.com
