arosen@hawk.ulowell..edu (MFHorn) (11/14/88)
Written 5:40 pm Nov 8, 1988 by scott@attcan.UUCP (Scott MacQuarrie) > There is a product available from AT&T's Federal Systems group called > MLS (Multi-Level Security) which provides B1-level security in a System V > Release 3.1 environment. > I have seen the product on a 3B2, it's availablity > from other vendors would probably require work by those vendors. What does this product do to get this rating? I had heard that ATT, Sun and probably others had been working on a B-level Unix. I didn't know anyone had gotten past C2. Andy Rosen | arosen@hawk.ulowell.edu | "I got this guitar and I ULowell, Box #3031 | ulowell!arosen | learned how to make it Lowell, Ma 01854 | | talk" -Thunder Road RD in '88 - The way it should've been
smb@ulysses.homer.nj.att.com (Steven M. Bellovin) (11/15/88)
In article <10192@swan.ulowell.edu>, arosen@hawk.ulowell..edu (MFHorn) writes: > > What does this product do to get this rating? I know about AT&T's System V/MLS; let me describe it a bit. For those who want more details, see the May/June 1988 issue of the AT&T Technical Journal. I'll start by quoting from the introduction: ``System V/MLS adds several security enhancements to the standard UNIX system, including mandatory access controls based on labels consistent with the DoD classification scheme, improved protection of passwords, extensive auditing, boot-time assurance measures to detect the introduction of malicious code, and restriction of certain capabilities that historically have been responsible for security failures. The most interesting change is the way mandatory labels are implemented. What's done is to reinterpret the GID. Rather than being used for a simple equality check, the System V/MLS GID is used as a pointer to a label table; this table gives the security level, compartment information, etc.