Peter Eisentraut wrote:
> On Monday 20 July 2009 17:52:44 Joshua Brindle wrote:
>> That is your (and the communities) prerogative. Linus wasn't very
>> supportive of SELinux in the kernel either but it is the only way Linux got
>> an EAL4+ LSPP evaluation for use in certain government systems. I
>> personally would love to see an open source DBMS evaluated for systems like
>> this because the current state of the art is fairly sad.
>
> This would actually be a reasonable baseline to work against, if we define a
> project goal to be satisfying this standard.
>
> This is presumably the web site that describes this standard: http://www.niap-
> ccevs.org/cc-scheme/pp/pp_os_ls_v1.b/ There I see
>
> Succeeded By: pp_os_ml_mr2.0_v1.91
> Sunset Date: 16 September 2007
>
> And the successor document is vastly more comprehensive than implementing a
> MAC scheme.
The target of this protection profile is operating system,
so it is a bit mismatch.
Referring to the prior case, Oracle Label Security (it also provides
label based access controls, but no collaboration with OS) is cerfified
with the BR-DBMSPP (U.S.Government Protection Profile Database Management
Systems For Basic Robustness Environments) and additional functional
components (such as FDP_IFC.1: Subset Information Flow Control,
FDP_IFF.2: Hierarchical Security Attributes, and so on).
http://www.commoncriteriaportal.org/products_DB.html#DB
* ST for Oracle Label Security for Oracle Database 10g Release 2
http://www.commoncriteriaportal.org/files/epfiles/20080306_0402b.pdf
> So how do we realistically get from here to there (and where is "there")?
Security functionality is a factor to get ISO/IEC15408 certification,
but not all. (For example, who can defray the cost for evaluation?)
However, it is important to pull up the baseline functionality to
satisfy these security functional components.
If certification is only valid on the "patched" version, rest of people
will not be happy.
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>