当前位置:Linux教程 - Linux文化 - SGI能让Linux到达“B1”等级?

SGI能让Linux到达“B1”等级?


SGI 的 Open Source 软体发展中心上,有一个专案叫作 OB1,目的是建立一个 B1 信任等级的系统。

OB1 专案是 GPL 的 Open Source 软体,许多部份是由从 IRIX 的设计中撷取出来,包括 MAC、ALC 等等。目前 OB1 并不完整,还只能称得上是个 B1 系统的『〖例』。OB1 可用在 Linux 上,藉着 SGI 的努力,也许不久的将来 Linux 真的会变一个可靠的 B1 系统。

OB1 的下载位址在於:ftp://oss.sgi.com/www/projects/ob1/download/

=========================================================================

《B1信任等级橘皮书》

最近几则新闻都提到了 B1 这个字眼,相信很多人不知道 B1 核定标准(evaluation criteria),要了解什麽是 B1 核定标准,先得了解什麽是 橘皮书(Orange Book)。

橘皮书事实上是美国国防部(US Department of Defense -> DoD)信任电脑核定标准(Trusted Computer System Evaluation Criteria)的简称,一开始是为了美国军方国防系统而制定的,但它对系统安全的等级划分现在则广泛的为资讯相关产业所采用。

DoD 安全分类为从 D (最低防护)到 A (完全防护):

D - Minimal Protection

C - Discretionary Protection

C1 - Discretionary Security Protection

C2 - Controlled Access Protection

B - Mandatory Protection

B1 - Labelled Security Protection

B2 - Structured Protection

B3 - Security Domains

A - Verified Protection

A1 - Verified Protection

A2 and above

由上往下看,愈下面的表示包含了之上的规〖,当然本身又加了一些更安全的规〖,而目前资讯相关的规定大概都着重在 B1 层级上,也就是说包括了 D,C1,C2 的规〖在内,主要差别在於 C 层级比较自由(不一定要遵守每一项规定),而 B 层级则是强制性的遵守,换句话说,要达到 B1 标准,必须有下列条件达成:

Discretionary Access Control, for example Access Control Lists (ACLs), User/Group/World protection.

Usually for users who are all on the same security level.

Username and Password protection and secure authorisations database (ADB).

Protected operating system and system operations mode.

Periodic integrity checking of TCB.

Tested security mechanisms with no obvious bypasses.

Documentation for User Security.

Documentation for Systems Administration Security.

Documentation for Security Testing.

TCB design documentation.

Typically for users on the same security level

Example systems are earlier versions of Unix

以上是 C1 层级

Object protection can be on a single-user basis, e.g. through an ACL or Trustee database.

Authorisation for access may only be assigned by authorised users.

Object reuse protection (i.e. to avoid reallocation of secure deleted objects).

Mandatory identification and authorisation procedures for users, e.g. Username/Password.

Full auditing of security events (i.e. date/time, event, user, success/failure, terminal ID)

Protected system mode of operation.

Added protection for authorisation and audit data.

Documentation as C1 plus information on examining audit information.

Typical systems are later Unixes, VMS

以上是 C2 层级

Mandatory security and access labelling of all objects, e.g. files, processes, devices etc.

Label integrity checking (e.g. maintenance of sssensitiy labels when data is exported).

Auditing of labelled objects.

Mandatory access control for all operations.

Ability to specify security level printed on human-readable output (e.g. printers).

Ability to specify security level on any machine-readable output.

Enhanced auditing.

Enhanced protection of Operating System.

Improved documentation.


——摘自:LinuxFab