[ILUG] OT - Rainbow series

[Brian Foster]

  | Date: Fri, 27 Jul 2007 08:55:01 +0100
  | From: Michael Watterson <watty at eircom.net>
  | 
  | Are these complete?
  |  http://www.fas.org/irp/nsa/rainbow.htm

 I've no idea if that's complete (I haven't been involved
 in this area for at least a decade), but Yes, those are
 the books being talked about.

  | It's an information overload.  Effective security
  | design & systems are simple and easy to folllow
  | but hard to defeat.

 Back when I was involved, the problem was thought to be
 that most systems — which in this context means software
 AND hardware AND the policies/procedures — were poorly
 designed, if they existed at all.  At that time, part of
 the rationale was to kick everybody's arse and treat the
 issues more seriously.  Whether or not that was happened
 is unclear; to take just one example, the rampant problem
 of ID theft suggests the principles laid out are not being
 followed very well, if at all.

  | Who has time to read & learn all this?

 Back then, when (and why) I was involved, if you wanted
 to sell to the USA Federal Government (not just NSA/DoD,
 but any government bid) your package was supposed to be
 certified as meeting one of the defined security levels.
 So many system designers and so on, back then, had to
 get to grips with it.

 Software-wise, Unix had a big advantage, since it was
 thought to be _almost_ C2, lacking (technically) mostly
 an acceptable audit system (i.e., means to log who did
 what when).  (There was also a lack of suitable design
 documentation.)   Everything else was thought to be D
 (no useful security (pedantically, has or would fail
 the certification process)), excepting a few specialist
 (expensive/classified) and research systems.

 It all came more-or-less to naught, however.  There were
 multiple problems, including, but not limited to:  The
 NSA was involved (so everything proceeded very slowly
 if there was any movement at all);  the focus of the
 certification was ensuring the system kept things secret
 (which is not quite what is needed outside the limited
 NSA/DoD-land);  the process(es) the NSA tended to assume
 (e.g., waterfall) were both obsolete and generally not
 used (in the Unix community);  even the most minor of
 upgrades or changes would invalid the certification
 (so certified software was effective frozen solid);  and
 the preferred systems were so-called “mixed-level”(? or
 something like that).  Mixed-level systems could be used
 for BOTH classified and un-classified work without any
 danger of the classified material leaking.  Mixed-level
 is an interesting theorical problem — and is why the
 original Orange Book was so heavy on theory — but in
 practice, separated independent systems work rather
 better (AFAIK).

 Upshot is whilst you can(? could?) get exotic products
 like CMW and B2, there wasn't any compelling reason
 (unless you are inside NSA/DoD-land).  And it's fairly
 clear that policies and procedures are still, generally,
 a mess.

 It's been too long since I was involved to know if any
 of the books are useful for day-to-day administration;
 I suspect not.  I recall that there was, back then, an
 attempt at a pamphlet for end-users, but again it was
 (as I recall) heavily infused with NSA/DoD-land concerns
 (e.g., shoot yerself rather than say anything  ;-)  ).

 Apologies in advance for errors and over-simplifications.
 (I have simplified (cynicalified?) several points.)
cheers!
	-blf-
-- 
▶ ▶  I AM CURRENTLY LOOKING FOR A JOB!  ◀ ◀ | Brian Foster
Experienced (>25 yrs) software engineer:    |        Montpellier, FRANCE
 • Unix, Linux, embedded, design-for-test;  | Stop E$$o (ExxonMobile)!
 • Software/hardware co-design, debugging;  |     http:/www.stopesso.com
 • Kernels, drivers, filesystems, &tc;    Résumé (CV) & contact details:
 • IDL, automated testing, process, &tc.   http://www.blf.utvinternet.ie