C2 and You
Article Date: 9/93
Stratus has announced plans to make changes to the operating system to make it "C2 compliant" for security purposes. Many users are not clear on what is in the C2 security standard or how it applies to VOS, so in this article we'll take a brief look at the major points of C2 and how they apply to VOS.
The US Department of Defense (DoD) has developed a series of security standards for computer operating systems. These standards are described in the DoD document Trusted Computing System Evaluation Criteria (DOD5200.28-STD, Dec 1985), also known as "The Orange Book". Standards range from C1 (allow users to prevent other users from seeing their files, etc.) to A1 (extreme security for tightest DoD needs). Most users consider C2 to be a good, commercial-grade level of security for operating systems when properly applied by the user.
For the user, there are basically four areas of the C2 standard that you will come in contact with: identification and authentication (I&A), discretionary access control (DAC), object reuse management, and auditing and monitoring. In many of these areas, VOS is already in compliance with the standard; in other areas, future changes would bring VOS into compliance. Remember that the standard requires the operating system to give you the capabilities - you, the user, must apply the tools properly to be secure.
Identification and authentication says that each user must be uniquely identified within the system, must identify him or herself to the system, and must be authenticated by the system as that user. VOS has always had this capability, since each user must login with a unique name and be authenticated by providing a password. Make sure that you don't cripple the I&A standard by such things as group logins, weak passwords, or passwords that never change. Audit your system parameters and your users to prevent this. Enforce a policy where each user must login by unique ID. Be careful of privileged accounts which can alter critical system settings.
Discretionary access control says that access to objects will be granted based on the user's authenticated ID and can be controlled down to the level of a single user. The use of this is at the discretion of the user. Again VOS has always had this capability using the access control list (ACL) mechanism. Through the current release (11), you can protect files and directories, devices, and external commands (which are only files) using ACLs. In the future, this protection may be extended to internal commands as well. Make sure that DAC is working in your favor by auditing the ACLs in your directory tree for consistency to make sure you have not introduced holes (see the March newsletter for a discussion of "The Black Holes of ACLs").
Object reuse management says that the system will not allow a user to see information left by another user in a system object when they released it back to the system. For instance, when I delete a file, you cannot see the contents of the disk blocks if you claim the space for your file. VOS has always done some of this and may be enhanced in the future for compliance.
The final major area is auditing and monitoring. VOS has provided some of this already through entries in syserr logs and security logs. One of the requirements for C2 will be the ability to audit when an object is used correctly, not just when an unsuccessful attempt takes place. Even at the current level, make sure that security logging is turned on for your system, and make sure that you audit the log contents regularly, looking for problems.
Note that in each of these areas, the user will have the tools to run VOS at a C2 level of security. However, saying that VOS is C2 compliant actually does nothing to secure your system. It is up to you to apply the tools to secure your system. Develop and enforce security policies that support the level of security you require. Use the VOS features supplied to you for I&A, DAC, and monitoring. Then, constantly monitor their implementation by auditing your system's security on a regular basis.
| 
