Last week I participated in a very geeky panel discussion about a now-defunct standard for computer system security: the TCSEC. I showed some charts and diagrams about costs, error rates, and adoption of government-sponsored programs for evaluating computer security. During the panel, some audience members made the following claim:
“After its evaluation, Multics never needed a security patch.”
I admit I find this hard to believe, and it’s not consistent with my own Multics experience. However, most of my Multics experience predated the evaluation. So I ask: does anyone know if Multics had a security patch after its B2 TCSEC evaluation?
[see newer posting; also, I’ve added links below to Multics information on line]
Aside from random earlier pokes at Multics while doing ARPANET maintenance in the late ’70s, I never really used Multics until I worked at Honeywell in the early 1980s. Since Multics was a Honeywell product, we generally installed the latest and greatest Multics version on our site. After I left Honeywell, I re-encountered Multics through NSA’s DOCKMASTER system. This system was pretty well locked down so I can’t say much about whether it was security patched or not. No doubt the answer to that question exceeds the default security clearance of this blog’s readership.
People were comfortable with Multics security, but I vaguely remember people referring to unexpected problems that were found and fixed. Even then, before the official Multics security evaluation, people felt that Multics was a secure, well-designed system. But I don’t remember people believing that it would never, ever require patching.
I don’t think it’s possible to leave a security system unpatched indefinitely. While it’s true that the system might in be flawless in some formal sense, it doesn’t operate in a formal world. A practical view of security doesn’t factor out its informal aspects. Those aspects hide the cracks that any sensible attacker will exploit.
Online Multics Resources
[added to the original article in late 2016]
- Multicians – a web site to publish materials about Multics and to loosely connect people who have a history with Multics. Curated by Multics developer Tom Van Vleck.
- Multics Wiki – a clearinghouse for information on the emulator-based versions of Multics.
- Multics manuals online – saved in PDF at Bitsavers.
The modern Multics community contains three groups: an aging population of original Multics users, people fascinated with ancient computer history, and others who have started working with the emulator. There is some overlap, of course. The Multics emulator project relies heavily on the contributions and encouragement of some original Multics users. And some original users, like me, are fascinated by computer history.