You are here

evaluations

Multics was flawless?

Last week I participated in a very geeky panel discussion about a now-defunct standard for computer system security: the TCSEC. I showed some charts and diagrams about costs, error rates, and adoption of government-

Multics logo

sponsored programs for evaluating computer securityDuring the panel, some audience members made the following claim:

"After its evaluation, Multics never needed a security patch."

I admit I find this hard to believe, and it's not consistent with my own Multics experience. However, most of my Multics experience predated the evaluation. So I ask: does anyone know if Multics had a security patch after its B2 TCSEC evaluation?

[see newer posting]

Wordpress tag: 
Post category: 

LOCK - A trusted computing system

The LOCK project (short for LOgical Coprocessing Kernel) developed a "trusted computing system" that implemented multilevel security. LOCK was intended to exceed the requirements for an "A1" system as defined by the old Trusted Computing System Evaluation Criteria (a.k.a. the TCSEC or "Orange Book").

Post category: 

Observations on Multi-Level Security

Multilevel security (MLS) is an overloaded term that describes both an abstract security objective and a well-known mechanism that is supposed to achieve that objective, more or less.

Click here for a general introduction to MLS.

Post category: 

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer