Re: Security/compliance

hallam@dxal18.cern.ch (HALLAM-BAKER Phillip)
Errors-To: listmaster@www0.cern.ch
Date: Wed, 1 Jun 1994 21:00:57 +0200
Errors-To: listmaster@www0.cern.ch
Message-id: <9406011859.AA22233@dxal18.cern.ch>
Errors-To: listmaster@www0.cern.ch
Reply-To: hallam@dxal18.cern.ch
Originator: www-talk@info.cern.ch
Sender: www-talk@www0.cern.ch
Precedence: bulk
From: hallam@dxal18.cern.ch (HALLAM-BAKER Phillip)
To: Multiple recipients of list <www-talk@www0.cern.ch>
Subject: Re: Security/compliance
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
In article <7140@cernvm.cern.ch>, crocker@tis.com (Stephen D Crocker ) writes:

|>Compliance!  Now there's a nifty idea.  What's the plan for arranging
|>for compliant software?
|>
|>If there's a solution to this problem, then it would also be nice to
|>know which clients are safe and don't have exploitable holes in them.

In general:

Compliance level IV	Designed for compliance.
Compliance level III	Tested in accordance with approved suite
Compliance level II	Synthesized from the specs
Compliance level I	Validated as correct using approved technology.


For security compliance there would have to be `whole system' checks.
Validation could only be made for a particular product on a particular
TCB.


--
Phillip M. Hallam-Baker

Not Speaking for anyone else.