home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Power Tools 1993 November - Disc 2
/
Power Tools Plus (Disc 2 of 2)(November 1993)(HP).iso
/
hotlines
/
gsyhl
/
blsds.txt
< prev
next >
Wrap
Text File
|
1992-08-31
|
7KB
|
152 lines
HP-UX B-Level Security operating system
Technical Data
HP9000 Series 800 business servers
HP-UX BLS (B-Level Security) is an enhanced security version of the HP-
UX operating system. Designed for the HP9000 Series 800 Business
Servers, HP-UX BLS addresses the more complex "multi-level" security
needs typical in federal government and defense-related communities
which process sensitive information. HP-UX BLS is under evaluation by
the National Computer Security Center (NCSC) targeting a B1 rating as
specified by the Trusted Computer Security Evaluation Criteria (TCSEC)
or "Orange Book".
Security Architecture
The core of the HP-UX BLS secure system design is the Trusted Computing
Base (TCB), the set of mechanisms responsible for enforcing the
system's security policies. These policies transparently protect
information from disclosure to unauthorized individuals.
HP-UX BLS supports sensitivity labeling in conjunction with mandatory
and discretionary access control policies to control access to system
information:
Sensitivity Labeling--Sensitivity labels are assigned to all system
subjects (e.g., users, processes) and objects (e.g., files, devices).
The system supports a virtually unlimited number of labels which can be
hierarchical (e.g., secret, unclassified) and/or categorical (e.g,
NATO, personnel). A specially designated system administrator is
responsible for initial label assignment. These labels are
subsequently inherited by all files created in the user's session.
Mandatory Access Control (MAC)--When users attempt to access objects
their sensitivity labels are compared using the Bell-LaPadula model of
computer security to determine access privileges. This model supports
the concepts of read-down and write-up. Users can read objects at
their own level and lower and write only to objects of the same level.
This policy is referred to as "mandatory" since users can not alter
these access permissions at their own discretion.
Discretionary Access Control (DAC)--This policy allows users to grant
or deny access at their own discretion within the limits of MAC. HP-UX
BLS enforces this policy through the implementation of Access Control
Lists (ACLs) which grant or deny a single user access to files.
In combination these policies ensure that users have both the proper
clearance to access data as defined by MAC, and a user-controlled
"need-to-know" defined by DAC.
Key Security Enhancements
Password Management--HP-UX BLS supports an elegant password management
mechanism that meets the objectives and recommendations of the U.S.
Department of Defense Password Management Guideline ISC-STD-002-85
("Green Book"). This mechanism supports password generation,
screening, and aging functionality in order to reliably identify and
authenticate users.
Least Privilege--HP-UX BLS supports the principle of least privilege
which states that each subject should be given no more privileges than
absolutely required to perform its intended function. In HP-UX BLS,
the privileges that had been associated with the superuser are divided
up into a number of different authorizations. Each privileged
operation is associated with a set of authorizations. Only users
possessing the required authorization can run the privileged operation.
Administrative tasks can be separated into a number of distinct roles.
This reduces the probability that an inadvertent administrator error
compromises security. More importantly, it is no longer necessary to
tolerate the risk associated with super-user privilege on the system.
HP-UX BLS pre-defines three roles. The "auth" administrator role
establishes and manages all user accounts. The "audit" administrator
selects parameters for audit and assigns MAC labels. The "sysadm"
administrator is responsible for most other general administration
tasks (e.g, backup).
Trusted Path--This B-2 Level mechanism provides a direct and distinct
communication path between HP-UX BLS and users. It prevents malicious
attempts to capture a users password through the use of programs
designed to spoof users into typing passwords at fake login prompts.
Auditing--HP-UX BLS can maintain an extensive audit log of all security
relevant actions beginning with login. From a menu the Audit
Administrator can select the event types, individual users, groups of
users, sensitivity levels, and time intervals to be audited.
Import/Export--This feature enables secure importation and exportation
of data so that B1-level of system security is not compromised by the
introduction of unlabeled data.
Multi-level Directories--Processes with different sensitivity labels
can access files securely in public directories using Multi-level
directories.
Application Time of Day (ATOD)--ATOD limits the running of an
application to pre-defined time slots.
Usability
HP-UX BLS includes a "Security Features User Guide" (SFUG) which
educates the end-user on B-level security policy, features, and user
responsibility. In addition, an administrator guide called the
"Trusted Facilities Manual" (TFM) is provided which explains how to set
up and maintain a multi-level secure system using the intuitive menu-
driven security interface to perform tasks. A simple, friendly
installation procedure is facilitated with a Screen-oriented interface.
Training and Support
HP-UX BLS is supported by a complete package of Training and Support
options. Three new self-paced training manuals are available including
User, Administrator and Programmer Tutorials. A class-room training
option will be available per demand. HP can tailor a support package
to meet the special needs of HP-UX BLS customers.
Secure Operating Environment
Standards--Like HP-UX, the HP-UX BLS system strategy is based on a
commitment to implementing industry standards to facilitate application
portability and multi-vendor interoperability. Accordingly, HP-UX BLS
integrates de facto standard secure system technology selected by OSF
with HP-UX Release 8.0. In addition, HP-UX BLS complies with the
System V Interface Definition, Version 2 (SVID2) and will comply with
IEEE's POSIX once the definition is established for operating system
security extensions.
Applications & Tools--HP-UX BLS security enhancements are built into
the software architecture. This means that unless restricted by the
security policy, off-the-shelf commercial applications will run without
modification. Similarly, many of the value-added applications, tools,
and features, developed for HP-UX will function in a secure fashion.
For example, HP-UX BLS inherits from HP-UX support for Autoconfig
tools; C, Pascal, COBOL, and FORTRAN development environments; and new
end-user tools such as Terminal Session Manager and Visual Editor. A
specially designated systems administrator is responsible for
determining whether or not a given application can be trusted to run in
a particular installation.
Trusted Database Support--HP has formulated agreements with the leading
database vendors to provide support for multi-level secure database
application environments. Both Informix and Oracle have selected HP-UX
BLS and the HP9000 Series 800 hardware family as the reference platform
to base NCSC evaluations of their B1-Level secure database product
offerings.