Talk:Secure operating system
From Wikipedia, the free encyclopedia
Operating systems that achieve a Common Criteria certification, are still not generally considered "secure" operating systems. 100% security is practically impossible. Therefore the standard name for a system that is common criteria certified is "trusted". I think this article should be moved to 'trusted operating systems'. I could be wrong about the specific semantics though. Hopefully someone can comment. - Taxman 12:17, May 28, 2004 (UTC)
Besides, what level of certification did Trusted Solaris get? I'd be surprised if it was B2.
- details here (it's alphabetti-spaghetti to me) -- Finlay McWalter | Talk 12:52, 28 May 2004 (UTC)
-
- EAL4 is the level it recieved it seems (along with some protection profile augmentation, whatever that means. [1] For an explanation of the EAL levels. I'm not sure how or if those map accurately to the old Orange Book levels of B2 C1, etc. - Taxman 14:36, May 28, 2004 (UTC)
- C2 is typically put at CAPP/EAL4 -- Controlled Access Protection Profile, a discretionary access control model, at Assurance Level 4. The B-levels from the Orange Book introduced MAC (Mandatory Access Control), which maps to the MAPP, or Mandatory Access Protection Profile, under the Common Criteria. This isn't NPOV, but EAL4 is really inadequate for a B2-equivalent sytem. Perhaps B1, but B2 was, as I recall, the first of the so-called "high assurance" levels of trust. Anyone know where I can add that bit of gibberish and any other gibberish I can remember from when I was doing formal evaluations? Send me a note as I don't aways Wiki often enough for Talk page comments to show up in my watched page changes list. Tall Girl 01:21, 22 April 2006 (UTC)
- EAL4 is the level it recieved it seems (along with some protection profile augmentation, whatever that means. [1] For an explanation of the EAL levels. I'm not sure how or if those map accurately to the old Orange Book levels of B2 C1, etc. - Taxman 14:36, May 28, 2004 (UTC)
This page needs to be moved, as it's POV. Something along the lines of "Security certification based operating systems", or something. Taxman's above comment that "100% security is practically impossible." is probably pertinent and the title is not reflecting it. Dysprosia 12:40, 28 May 2004 (UTC)
- the way things were a few days ago, when everything was in "security focussed..." seemed fine to me. -- Finlay McWalter | Talk 12:49, 28 May 2004 (UTC)
-
- The security focused... article claims to be about systems that have not been certified, but are focused on security. This article could be about only OS's that have achieved Common Criteria or other standard certification. I concur with the move Dysprosia has outlined, but perhaps "Operating systems with security certification". That is more accurate than "certification based" - Taxman 14:36, May 28, 2004 (UTC)
-
-
- I know this is a really old comment by Taxman, but I think the current page name is more appropriate, and then stick to evaluated systems within the body of the article. Trusted operating systems is often confusing as the meaning of trust within the industry is different than what people outsite the community understand trust to mean. I know that's a lousey reason, but I think articles have to be accessible to those outside specialized fields, too. Tall Girl 01:21, 22 April 2006 (UTC)
-