[Info-vax] "VAX, VMS, UNIX and other minicomputers"...
abrsvc
dansabrservices at yahoo.com
Fri May 11 15:01:06 EDT 2012
On Friday, May 11, 2012 2:18:24 PM UTC-4, RobertsonEricW wrote:
> On May 11, 12:19 pm, Bob Gezelter <gezel... at rlgsc.com> wrote:
> > On Friday, May 11, 2012 10:47:03 AM UTC-4, DTL wrote:
> > > I'm preparing my CISSP certification and I found this in the book "Official (ISC)2 Guide to the CISSP CBK Certification" (2nd Edition, p. 116):
> >
> > > "Discretionary controls represent a very early form of access control and were widely employed in VAX, VMS, UNIX and other minicomputers ../.."
> >
> > > LOL
> >
> > DTL,
> >
> > I would like to see a more extensive citation.
> >
> > In particular, I would like to see what the author believes to be "modern" access controls.
> >
> > Systems with mandatory access controls (B-level in the Orange book) have not made significant progress in adoption over the years.
> >
> > I would offer as a reference my chapter on OpenVMS Security in the Handbook of Information Security (H. Bidgoli, Ed., Wiley, 2005). However, if the CISSP Guide is providing incorrect information, it should be addressed.
> >
> > - Bob Gezelter,http://www.rlgsc.com
>
> I believe there used to be a product called SecureVMS that allowed an
> OpenVMS system to be compliant to level B-2 of the "Orange Book". The
> SecureVMS product essentially added the Mandatory Access Controls to
> the Discretionary Access Controls provided by the Base OpenVMS system
> software. Does HP even sell the SecureVMS (or maybe
> SecureOpenVMS?)product anymore? Last I looked, I didn't see any
> information on the HP OpenVMS web pages about it.
>
> Eric
SeVMS was an addon to the base OS that did indeed increase the security level. This was utilized in a few government areas and was last supported in V6 (I think) as a product. There was a little of a performance hit because of it, but not much. I did some testing of the product with real applications in my stint at DEC and found for most things there was little cost performance wise.
Security testing revealed that it did increase the security level to the B range. Standard VMS is a C level rating. Again, if I recall correctly, the system was only short a few minor items that prevented the next highest rating.
Dan
More information about the Info-vax
mailing list