Linked by Thom Holwerda on Tue 12th Jul 2005 20:13 UTC, submitted by Mike Focke
General Unix The US Common Criteria Evaluation and Validation Scheme, the body that grants Evaluation Assurance Level (EAL) ratings in the US has granted an EAL5 Augmented to BAE System's XTS-400 and the STOP Unix operating system. This is the first OS to be granted a EAL5 or better and is the first public EAL5 granted in the US. Read more for details.
E-mail Print r 0   · Read More · 10 Comment(s)
Order by: Score:
Probably based on a BSD....
by Anonymous on Tue 12th Jul 2005 20:55 UTC
Anonymous
Member since:
---

.... or multiple BSDs.

Reply Score: 0

v re: Probably based on a BSD....
by Anonymous on Tue 12th Jul 2005 21:17 UTC
re: Probably based on a BSD
by Anonymous on Tue 12th Jul 2005 22:30 UTC
Anonymous
Member since:
---

Or it could be based on actual Unix (TM) code, there are still several different versions out there that ye rarely hear of, for example the version NEC have that they run on their vector computers.

Now using Unix in their press release is dodgy unless they go and get it certified by the opengroup.

Reply Score: 0

RE: re: Probably based on a BSD
by Anonymous on Wed 13th Jul 2005 00:09 UTC in reply to "re: Probably based on a BSD"
Anonymous Member since:
---

the version NEC have that they run on their vector computers.

"NEC SuperUX"

Now using Unix in their press release is dodgy unless they go and get it certified by the opengroup.

Apple does it all the time, without even anything close to POSIX conformance required by the SUS. Open Group threatened to sue Apple, but nothing happened thereafter. It seems that the enforcement of the trademark is extremely poor, especially/even against Open Group members.

Reply Score: 0

RE: re: Probably based on a BSD
by Anonymous on Wed 13th Jul 2005 03:38 UTC in reply to "re: Probably based on a BSD"
Anonymous Member since:
---

im surre saying "unix-like" or "based on unix" will be fine. Most linux companies say that.

Reply Score: 0

Anonymous
Member since:
---

It was Wang Federal, Inc. http://appserv.gcn.com/14_28/news/31543-1.html
http://www.radium.ncsc.mil/tpep/epl/entries/CSC-EPL-92-003-C.html
and trace it further back to HFS, Inc (XTS-200)
http://chacs.nrl.navy.mil/xtp1/epl.html
and further back to Honeywell SCOMP which ran on DPS6plus hardware, which was a Level 6 box, that also ran GCOS 6 (all the way back to the old Multics stuff).
http://www.multicians.org/history.html
So, it now has Linux ABI on new hardware.

Reply Score: 0

Darren Moffat
Member since:
2005-07-13

As BAE Systems own documentation says it isn't just the assurance level of EAL5 that is important but also the protection profiles. What is most interesting is that LSPP is one of them.

However unlike Trusted Solaris 8 which has LSPP, CAPP, RBAC at EAL4+ the BAE STOP system doesn't do multilevel cut and paste, trusted path is outside of the window system, so it isn't a true multilevel desktop in that sense. Both BAE STOP and Trusted Solaris implement the same MAC labeling model for their LSPP claims.

However a great effort none the less, congratulations on the EAL5 for CAPP and LSPP to BAE Systems.

Reply Score: 3

XTS-400 not based on *nix
by Anonymous on Wed 13th Jul 2005 05:25 UTC
Anonymous
Member since:
---

The original solution was developed from scratch back in the early '80s and was called SCOMP (Secure Communications Processor), which ran on a Honeywell Level 6 minicomputer. SCOMP received NSA A1 validation (back when the A, B, C Orange Book evaluation levels were used), which is the highest validation that NSA ever granted. The OS had to be written from scratch because it had to stand up to formal proofs of its security architecture in order to be validated at the A1 level. The successor to SCOMP was the XTS-200, which ran on the DPS6plus minicomputer from Honeywell, which was still a proprietary hardware platform. The XTS-200 first introduced a *nix-like user environment and API for developing applications designed to run within ring 3, but the core OS was still (and still is today) based on the original SCOMP. The XTS-200 was validated at B3 by NSA. Both the XTS-300 and XTS-400 were/are based on Intel microprocessor technology and the "Wintel" hardware architecture. The *nix-like user/developer environment was further refined on these platforms. The XTS-400, like its predecessors, was designed to be a multilevel secure communications guard platform, allowing the controlled connection of multiple networks, each operating in a different security domain. It was never intended as a desktop multilevel secure platform, which is the space that Trusted Solaris occupies. Honeywell actually worked with Sun, DEC and others to help them develop multilevel secure desktop solutions, but SCOMP/XTS was never intended for that role. As a final note, while Honeywell developed the famous MULTICS OS, this OS was not used as the base for XTS.

Reply Score: 1

EAL
by Anonymous on Wed 13th Jul 2005 18:47 UTC
Anonymous
Member since:
---

EAL sounds nice et all.But the qualification is only valid for an ideal configured system.We have seen and heard from the guy who cracked more than 50 supposed to be highly secure goverment systems.Like a fighter plane who can do more than it's pilot.Is there an EAL for admins?

Reply Score: 0

Re: EAL
by Anonymous on Wed 13th Jul 2005 23:57 UTC in reply to "EAL"
Anonymous Member since:
---

Security in the context of a multi-level secure OS means more of: even if you can 0wn the box, it won't matter -- you'll be sandboxed in a (potentially dynamic) container based on the sensitivity of the information you're allowed to access. Such a system is intended to prevent disclosure of SecretStuff. An attack is going to have to exploit a vulnerability in the enforcement mechanism, or is going to have to be unconventional (covert channel, DDoS, etc).

A high EAL level does not (necessarily) a secure system make: EAL refers to how much assurance there is that the system does what it is described to do (and nothing more). That description is the Security Target ( http://niap.nist.gov/cc-scheme/st/ST_VID3012-ST.pdf ) and the associated protection profiles (in this case LSPP http://niap.nist.gov/cc-scheme/pp/PP_LSPP_V1.b.html and CAPP http://niap.nist.gov/cc-scheme/pp/PP_CAPP_V1.d.html ). This is why Jon Shapiro of EROS/CoyoteOS ( http://eros.cs.jhu.edu/~shap/NT-EAL4.html ) said that Windows received an EAL 4: it rigorously proved that it did things just as it was intended. Tell that to anyone who was hit by Sasser or whose IIS web server blue-screens regularly (or *cough* is that red-screens, softie afficionados?) So in deciding how secure the system is, you'd have to contrast say, the MS Security Target, which we can assume is total fluff ;) , against the whichever other product's ST; in addition, you'd have to consider which PPs are necessary to meet your needs. If the ST sounds good, you use the EAL level to assess the degree to which the product can be trusted to meet those needs. Part of the problem with the CC is that it's hard to map the arguably more stringent TCSEC requirements ( http://www.radium.ncsc.mil/tpep/library/rainbow/ ) against protection profiles (MRPP http://niap.nist.gov/cc-scheme/pp/PP_MLOSPP-MR_V1.22.html comes closer to this, but targets EAL4) and an appropriate EAL level.

I expect the short of it is that if you are trying to market your product to a customer that requires a specific EAL level evaluation, and can't get a waiver for it, then having such a high EAL level is an important (and costly) rubber stamp

The XTS folks have been doing this for some time, up to 20 or so years ago when they were SCOMP folks (the highest A1 TCSEC rating).

Reply Score: 0