May 24th, 2002, 04:55 PM
SGI Irix Trusted O/s
What do you guys think of this - especially in the context of Mfgrs including security at the OS level...
SGI Trusted Irix Offers Secure Operating System for Government and Commercial Sectors
NIAP Validates SGI Trusted Irix 6.5 for Trusted and Multilevel Security Processing
MOUNTAIN VIEW, Calif., May 23 /PRNewswire/ -- SGI (NYSE: SGI - News) today announced that the National Information Assurance Partnership's (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS) has successfully evaluated and validated the SGI® Trusted IRIX(TM) 6.5 operating system with conformance to the National Security Agency Information Systems Security Organizations (ISSO) Labeled Security Protection Profile (LSPP). NIAP CCEVS has also successfully evaluated the SGI® standard IRIX® 6.5 operating system software with conformance to the ISSO's Controlled Access Protection Profile (CAPP) against the International Common Criteria for Information Technology Security Evaluation.
Conformance to the LSPP provides confidence to military, government and commercial customers that Trusted IRIX uses strict access controls to information and clearly identifies user roles against unsecured access or activity. The Common Criteria for Information Technology Security Evaluation (or "Common Criteria") is a multinational successor to the previous Department of Defense Trusted Computer System Evaluation Criteria (TCSEC or "Orange Book" criteria).
The requirements defined in the LSPP correspond to the TCSEC B1 security level. The requirements defined in the CAPP are consistent with the C2 security level specified by the TCSEC.
"SGI Trusted IRIX 6.5 and Standard IRIX 6.5 offer solid commercial-off-the-shelf, secure platforms, providing safeguards against internal and external threats that exceed protections available from other UNIX operating systems," said Casey Schaufler, Trusted Technology manager, SGI. "With their broad base of special and sensitive applications, cross-platform environments, high-performance capabilities, and security, SGI Trusted IRIX 6.5 and standard IRIX 6.5 are now positioned to become the standard, high-end security platforms for both the government and commercial sectors."
SGI Trusted IRIX 6.5 is based on standard IRIX 6.5, the fifth-generation 64-bit UNIX® operating system from SGI, and is the most robust and mature UNIX operating system release in the industry. Both Trusted IRIX 6.5 and standard IRIX 6.5 are characterized by a rich set of scalability, big data management and real-time 3D visualization enhancements, as well as middleware features for broader server and workstation deployment.
SAICs Center for Information Security Technology Common Criteria Testing Laboratory, a NIAP CCEVS-approved laboratory, conducted the Common Criteria evaluations of the SGI Trusted IRIX and standard IRIX operating systems.
"SGI is committed to providing its customers with secure products that have been evaluated by U.S. and international government evaluation programs like the Common Criteria," said Lang Craighill, senior director of federal operations, SGI Federal. "Within SGI Federal, we've seen growing interest in secure operating systems from government customers. The threats posed by today's computing environment of increased connectivity and data sharing cannot be addressed without secure operating systems. If an OS fails, system-wide vulnerabilities result."
SGI Trusted IRIX 6.5 provides system integrity and information assurance by addressing three fundamental security areas-policy, accountability and assurance. SGI Trusted IRIX 6.5 now has the B1 security functionality, including the following functions:
-- Mandatory access control allows the system administrator to set up
policies and accounts that will allow each user to have full access to
the files and resources he or she needs, but not to other information
and resources not immediately necessary to perform assigned tasks. In
addition, access permission cannot be passed from one user to another,
as under traditional UNIX systems, which use only discretionary access
-- Access control lists allow the system administrator to specify on a
user-by-user basis those users who may access files and directories.
The purpose of this feature is to provide a finer level of control
than is allowed through traditional discretionary access control.
-- The system audit trail allows the system administrator to keep a
precise log of all system activity. The system audit trail provides a
means for the system administrator to oversee each important event
that takes place on the system, track changes in sensitive files and
programs, and identify inappropriate use of the system.
-- Identification and authentication allow the system administrator to be
certain that the people on the system are authorized users and that
private password integrity is maintained to the highest possible
-- The capability-based privilege mechanism is utilized to grant
particular, controlled privileges to specific functions without
granting access to key user accounts. A privilege is determined based
on the set of effective capabilities for a given process.
-- The object reuse policy precludes accidental disclosure of data,
display memory and long-term data storage. For example, all system
memory is always cleared automatically before it is allocated to
freedom is a road seldom traveled by the multitude
freedom aint free
May 24th, 2002, 08:03 PM
But IRIX is already too expensive... B1-level boxes tend to make things rather exorbinant in price.
I've had the great fortune of playing the B1-level Solaris boxes... great toys, but
they are normally outside the price most companies want to pay for a "secure" box.
Hopefully that will put some fire back in to SGI though... I'd hate to see them
continue in their decline.
\"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"