From: hallam@w3.org
To: cypherpunks@toad.com
Message Hash: c4d81dfb796ab96d68836eb1f42bbb6cd6339233929bd1347feadb22ad2345d6
Message ID: <9509262046.AA18525@zorch.w3.org>
Reply To: <199509260404.AAA14297@clark.net>
UTC Datetime: 1995-09-26 20:46:55 UTC
Raw Date: Tue, 26 Sep 95 13:46:55 PDT
From: hallam@w3.org
Date: Tue, 26 Sep 95 13:46:55 PDT
To: cypherpunks@toad.com
Subject: Re: Hack Microsoft?
In-Reply-To: <199509260404.AAA14297@clark.net>
Message-ID: <9509262046.AA18525@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain
> Microsoft recently got C2-security status approved for Windows NT by
>the National Computer Security Center, a division of the NSA. They
>are supposed to put systems through "laborious testing and review" before
>they approve C2.
Well yes and no, C2 is not a particularly high security rating. It is also a
fairly obsolete set of requirements. So if anyone is to claim a breach of a C2
system it had better be one within the C2 assurances, not something that is only
covered in the B series criteria. What really matters is the combined criteria
which should have/would have emerged from NIST had the issue of harmonising the
US/Canadian criteria with the European ones turned up.
As a cypherpunks aside we reviewed the orange book criteria in a reading group
here at MIT a few months back. One point that was made was that Orange Book does
not consider cryptographic security systems which was generally considered a
disappointment.
Obviously Windows NT is "fair game" for analysis. Remember however that it is an
established operating system and that there are many people who rely on it. I
think that if people want to go down that route they should start by
establishing a contacts with CERT and Microsoft in order to make sure that
people whose businesses depend on the security of their O/S are not compromised.
You may well find that Microsoft is willing to give you free copies of WNT to do
this type of work on.
I think that this would be a really good project. The more independent analysis
of an operating system that takes place the more confidence people can place in
it. Windows NT is in many ways a descendent of VMS which has a very good
security record. There is no reason why Windows NT should not mature to that
level of security. It was built with security in mind after all, unlike UNIX
sitation security was never more than an afterthought and often merely wishfull
thinking.
There are an awful lot of WNT seats out there already. I expect them to
outnumber UNIX very soon. The only thing that is holding it back is the
relatively small size of the userbase compared to windows and the resources
required to run it. WNT requires similar CPU and memory to UNIX which is hardly
suprising since it is doing very much the same thing.
I would suggest however that the project is structured and coordinated in some
fashion. Someone should keep a list of security concerns that have been
addressed and checked. That list should have some structure such as a division
into the main risk categories (Authenticity, confidentiality, Service) so that
people can get a feel for how thoroughly the space is being searched. Later on
that list is likely to be one of the most valuable end results of such a
project.
Phill
Return to October 1995
Return to “Tim Scanlon <tfs@vampire.science.gmu.edu>”