morgan@ms.uky.edu (Wes Morgan) (07/03/90)
m19940@mwvm.mitre.org (Emily H. Lonsford) writes: >To me, the worst problem is with UNIX's root account; there it's all or >nothing when it comes to privileges. There's no such thing as "separation of >duties." And so far the "more secure" versions of UNIX really haven't >addressed that. AT&T has a product called "System V/MLS" (Multi-Level Security), which they released in 1989. Reading from the product announcement, I see that System V/MLS was certified at the B1 security level by the NCSC. It is configurable at C1, C2, and B1 levels. System V/MLS is available (at least at initial release) for the 3B2/500 and 3B2/600 computers; I'd be surprised if AT&T hasn't ported it further up the product line. There is also a windowing terminal that maintains a B3 trusted path to the security kernel. They also have a suite of trusted RFC networking utilities. After reading the Orange Book, I'm reasonably sure that AT&T has achieved the "separation of duties" to which Emily refers. I haven't used this product, nor have I read any reviews; I just know what I read in the literature. Wes - -- | Wes Morgan, not speaking for | {any major site}!ukma!ukecc!morgan | | the University of Kentucky's | morgan@engr.uky.edu | | Engineering Computing Center | morgan%engr.uky.edu@UKCC.BITNET | Lint is the compiler's only means of dampening the programmer's ego.