The secure Unix implementation developed by AT&T’s Federal Systems Division has been submitted for certification to the B1 level def-ined by the US Orange Book of computer security specifications and AT&T is hoping to be able to sell it as a licensed product as soon as certification is complete – as early as the first quarter 1988 if all goes well. The product, for which AT&T has not yet set licence terms, was developed specifically for US government contracts and is not part of mainstream Unix releases, although AT&T Unix Europe technical manager Sue Picus, who described the development at the Sphinx Open Software Conference last week, said that it is System V Interface Definition-compatible with the exception of restrictions on the setuid command. In the UK, manufacturers and software developers are keen to get their hands on a secure product to help them meet the stringent requirements of Government procurements such as the huge CHOTS Ministry of Defence office automation project – although that also has considerable demands for network security. In the longer term, AT&T thinks it will be possible to get up to the B2 level with mainstream Unix releases and is already working on the problem. Meanwhile IBM has been releasing details of its secure Xenix implementation for the Personal AT, also developed by its Federal Systems Division in the US, which it has also submitted for certfication at the National Computer Security Centre to the even higher B2 level. Gould Computer Systems, which was the first vendor to get a Unix product certified secure to C2 level, said last summer it was looking to licence the technology to other manufacturers.
This article is from the CBROnline archive: some formatting and images may not be present.
CBR Online legacy content.