SGI 的 Open Source 軟體發展中心上,有一個專案叫作 OB1,目的是建立一個 B1 信任等級的系統。
OB1 專案是 GPL 的 Open Source 軟體,許多部份是由從 IRIX 的設計中撷取出來,包括 MAC、ALC 等等。目前 OB1 並不完整,還只能稱得上是個 B1 系統的『〖例』。OB1 可用在 Linux 上,藉著 SGI 的努力,也許不久的將來 Linux 真的會變一個可靠的 B1 系統。
OB1 的下載位址在於:ftp://oss.sgi.com/www/projects/ob1/download/
=========================================================================
《B1信任等級橘皮書》
最近幾則新聞都提到了 B1 這個字眼,相信很多人不知道 B1 核定標准(evaluation criteria),要了解什麽是 B1 核定標准,先得了解什麽是 橘皮書(Orange Book)。
橘皮書事實上是美國國防部(US Department of Defense -> DoD)信任電腦核定標准(Trusted Computer System Evaluation Criteria)的簡稱,一開始是為了美國軍方國防系統而制定的,但它對系統安全的等級劃分現在則廣泛的為資訊相關產業所采用。
DoD 安全分類為從 D (最低防護)到 A (完全防護):
D - Minimal Protection
C - Discretionary Protection
C1 - Discretionary Security Protection
C2 - Controlled Access Protection
B - Mandatory Protection
B1 - Labelled Security Protection
B2 - Structured Protection
B3 - Security Domains
A - Verified Protection
A1 - Verified Protection
A2 and above
由上往下看,愈下面的表示包含了之上的規〖,當然本身又加了一些更安全的規〖,而目前資訊相關的規定大概都著重在 B1 層級上,也就是說包括了 D,C1,C2 的規〖在內,主要差別在於 C 層級比較自由(不一定要遵守每一項規定),而 B 層級則是強制性的遵守,換句話說,要達到 B1 標准,必須有下列條件達成:
Discretionary Access Control, for example Access Control Lists (ACLs), User/Group/World protection.
Usually for users who are all on the same security level.
Username and Password protection and secure authorisations database (ADB).
Protected operating system and system operations mode.
Periodic integrity checking of TCB.
Tested security mechanisms with no obvious bypasses.
Documentation for User Security.
Documentation for Systems Administration Security.
Documentation for Security Testing.
TCB design documentation.
Typically for users on the same security level
Example systems are earlier versions of Unix
以上是 C1 層級
Object protection can be on a single-user basis, e.g. through an ACL or Trustee database.
Authorisation for access may only be assigned by authorised users.
Object reuse protection (i.e. to avoid reallocation of secure deleted objects).
Mandatory identification and authorisation procedures for users, e.g. Username/Password.
Full auditing of security events (i.e. date/time, event, user, success/failure, terminal ID)
Protected system mode of operation.
Added protection for authorisation and audit data.
Documentation as C1 plus information on examining audit information.
Typical systems are later Unixes, VMS
以上是 C2 層級
Mandatory security and access labelling of all objects, e.g. files, processes, devices etc.
Label integrity checking (e.g. maintenance of sssensitiy labels when data is exported).
Auditing of labelled objects.
Mandatory access control for all operations.
Ability to specify security level printed on human-readable output (e.g. printers).
Ability to specify security level on any machine-readable output.
Enhanced auditing.
Enhanced protection of Operating System.
Improved documentation.
——摘自:LinuxFab
