Ask Computer Systems Inc’s Ingres Corp is claiming a world first for its Ingres/Enhanced Security relational database, which has picked a Information Technology Security Evaluation Criteria E3/F-B1 security rating. ITSEC is the classification used by in the UK, France, Germany and the Netherlands. Ingres reckons that its rating is comparable with a US Department of Defense Orange Book B1 Trusted Database Interpretation rating. The company is still waiting in line for US certification – as is every other database vendor. The fact that the UK launch presentation attracted around 260 people from the Ministry of Defence and around 10 from commerce indicates the potential market, and in fact the first customers for the product come from the military. However Ingres reports increasing interest from other sectors and goes so far as to suggest that the Enhanced Security features may become an optional part of the standard Ingres database in the release after next. In fact the company says that making Ingres secure involves only around a 3% addition to the product in terms of code. The additions bump up the mandatory and discretionary access controls, give each piece of data held a security level label and implement the sophisticated system auditing capabilities that the certification requires. It is the maintenance of these audit logs that generates most of the system overhead according to the company; at the most basic level the extra security imposes a 2% to 3% speed reduction, but as the system records become more complete, this rises. Though the Enhanced Security product is the culmination of a five-year development effort, the company says that the really tough part was providing the documentation and analyses to convince UK testing house Secure Information Systems Ltd that it had actually done the work. The secure version of the database is initially available for Digital Equipment Corp’s security enhanced VMS and SunOS Compartmented Mode Workstation operating systems.
