When C2 Is on the PO

In the Public Interest Doing Business with Governments

When C2 is on the PO

If you sell to the federal government, Orange Book was issued first in August 1983 and in December 1985 was reissued there is a good chance that your as a Department of Defense standard product will have to run on a (DOD 5200.28-STD). The Orange Book then became refer- trusted system. enced as a mandatory requirement for operating systems delivered to DOD. Once that happened, anyone who sold an operating system to DOD had to implement a trusted system. This forced firms, such as DEC, Hewlett-Packard, IBM onsider this scenario: Your firm’s Taken together, there are seven levels (in and others, to develop trusted versions of marketing efforts have finally suc- decreasing order of security): A1, B3, B2, their respective operating systems. This Cceeded in penetrating a large fed- B1, C2, C1 and D. The technical attribut- concept has moved beyond DOD, and eral agency. The potential for significant es of each are detailed in the Orange currently many civilian agencies, such as sales from this organization is large. Just Book, which is described below. the IRS, the Department of Agriculture, as you begin to count your revenue (or U.S. Customs and others, require a trust- your commission check if you’re the sales By the Book ed operating system on many if not all of person for this account), your prospect The National Computer Security Center their operating system purchases. While asks, “Your software does run on a C2 sys- (NCSC) evaluates the security features of this often does not include desktop oper- tem, doesn’t it?” trusted products against established tech- ating systems such as DOS and Windows, You answer, “Huh?” This might not be nical standards and criteria. It maintains it does apply to servers. the best time to begin learning about trust- the Evaluated Products List, a compilation ed systems. of all computer products that have under- The ISV’s Involvement Do independent software vendors gone formal security evaluations, and indi- Does an independent software vendor (ISVs) really have to worry about trust- cates the relative security merit of each really have to worry about these issues? ed systems? Since your software product computer product. The criteria against Worry is probably not the best word here. runs at the “user level,” are you affect- which computer systems are evaluated is What is needed is an understanding of ed by running on a somewhat different the Orange Book. what your software requires in terms of operating system than you currently sup- In January 1981, the National Security privileges and its interaction with the port? Let’s take a look at each of these Agency (NSA) became responsible for the operating system. Keep in mind that the questions. security of computer systems for the U.S. definition of a trusted system includes A trusted computer system is one that Department of Defense (DOD). As a both hardware and software. For a vendor provides a computing environment con- result, NCSC was formed as part of the to take a server with its operating system sisting of both hardware and software, NSA. NCSC’s role was to develop and to NCSC for testing and evaluation is an and incorporates software integrity mea- maintain a set of standards and confor- involved, time-consuming process. At the sures that allow its use to concurrently mance tests of those standards in the area end of this process, the vendor has process classified or unclassified infor- of computer security. Then DOD could achieved a trusted certification for that mation without violating access privileges specify a certain conformance level of specific combination of hardware and by any user, regardless of their level of those standards when purchasing systems software. If that combination changes in classification. There are different levels of and be assured of having a known degree any way, such as a different hardware trust that are based on the ability of the of security features. configuration or additional hardware, the computer system to enforce access privi- These standards were published as the certification will no longer be valid. Nei- leges to authorized users and to system- Department of Defense Trusted Computer ther the vendor nor the federal end user protected files. There are four primary lev- System Evaluation Criteria. Because this will be eager to undo a process that has els of trust: A, B, C and D, with A being publication had an orange cover, it was taken considerable effort to complete. the most trusted and D the least. Some of often referred to as the Orange Book (a Since your software product runs at these levels have sublevels (1, 2 and 3). cozier name than DOD TCSEC). The the “user level,” you are probably not affected by running on a somewhat dif- By Gary Donnelly ferent operating system than you currently support. For an operating system to

44 UniForum’s ITSolutions JULY 1996 achieve a certified trust level, changes in have something more to say than “Huh?” but it’s better to be aware of problems the operating system—in the form of Find out what trusted platform your soft- before having to deliver the software. And access controls, reuse of objects, identifi- ware is going to be required for, and then wouldn’t that be a novel approach? IT cation and authentication, and audit—are work with the vendor of that operating required. Most of these changes may system. As with TIS, you may be able to Gary Donnelly teaches and consults in require the granting of different levels of obtain developer information to assist you the client/server and open systems arena, privileges to your application, but the basic in knowing more about that platform. focusing on federal marketing issues. He application should still run properly. You’ll likely not have a major problem, can be reached at [email protected]. One commercially available operating system that has achieved an NCSC certifi- ADVERTISING INDEX cation is Trusted Xenix from Trusted Infor- ADVERTISING SALES mation Systems (TIS) of Glenwood, MD. ADVERTISER PAGE # INQUIRY # OFFICES Trusted Xenix has been evaluated at B2 Elan Computer Group...... 17 107 Northwestern U.S. and Western Canada by the NCSC on a variety of 286 and 386 http://www.elan.com Pat Macsata (510) 888-1104 R.W. Walker Co. (510) 888-0472 fax platforms produced by AST, Grid, Fujitsu Microelectronics...... Cover 2 101 Hewlett-Packard, IBM, NCR, NEC, Trend, 22971 Sutro St., Ste. B http://www.fmi.fujitsu.com Hayward, CA 94541 Unisys, Wang and Zenith. From this list Hyde Co., The...... 47 110 you should notice that being certified for Southwestern U.S. http://www.spatch.com one platform doesn’t grant certification to Michael Walker (310) 450-9001 others, even if both use the Intel platform. IBM Corp...... 1 102 R.W. Walker Co. (310) 450-8176 fax 2716 Ocean Park Blvd. Additionally, TIS has developed Trusted http://www.ibm.com Mach (Tmach), a version of Carnegie-Mel- #1010 Santa Monica, CA 90405 lon University’s Mach operating system, Interex...... 15 106 http://www.interex.org which is currently undergoing testing and Midwestern U.S. and Central Canada evaluation at NCSC for a B3 rating. Linux Journal ...... 29 108 Thomas Fitzpatrick (708) 653-1611 Noelle McAuliffe, a systems analyst http://www.ssc.com/lj TF Marketing Associates (708) 653-1612 fax for TIS, says that her firm provides to 1496 County Farm Ct. Wheaton, IL 60187 third-party developers an application Network Computing Devices...... Cover 3 111 http://www.ncd.com development guide to assist them in New England and Eastern Canada writing applications for Trusted Xenix. Santa Cruz Operation, The ...... 2-3 103 Paul Moschella (617) 769-8950 McAuliffe explains that as the certifica- http://www.sco.com Hajar Associates (617) 769-8982 fax tion level moves toward higher security 49 Walpole St. (from C2 to B2, for example), special SCO Forum ...... Cover 4 112 Norwood, MA 02062 http://www.sco.com privileges may be required for applica- Mid-Atlantic U.S. tions to operate properly. These include Sterling Software ...... 13 105 Barbara Best (908) 741-7744 areas such as audit, Set User ID (SUID) http://www.sterling.com Hajar Associates (908) 741-6823 fax root, and both discretionary and manda- 569 River Rd. tory access controls. As a software devel- UniDirect ...... 9 104 Fair Haven, NJ 07704 http://www.unidirect.com oper, you will have to work with the Southeastern U.S. provider of the trusted operating system UniForum Association...... 6-7, 41 Scott Rickles (770) 664-4567 and do advanced testing to determine http://www.uniforum.org Ray Rickles & Co. (770) 740-1399 fax the effect of these security issues on your 560 Jacaranda Ct. application. UniSolutions Associates...... 47 113 Alpharetta, GA 30202 http://www.unisol.com In terms of porting your software to a Publisher’s Sales Office trusted system, the general consensus is WEBsmith ...... 43 109 Richard Shippee (408) 986-8840, that your application should move over http://www.ssc.com/websmith x17 without much problem. If you are con- UniForum’s IT Solutions (408) 986-1645 fax fronted with the earlier question about World Wide Web addresses of UniForum’s IT Solutions advertisers are 2901 Tasman Dr., #205 e-mail: your software running on a trusted sys- listed complimentarily each month. The ad index is published as a Santa Clara, CA 95054 [email protected] tem, you should now at least be able to service. The publisher assumes no liability for errors or omissions.

JULY 1996 UniForum’s ITSolutions 45