Functionally, a trusted operating system is defined primarily by its support of mandatory access controls. However, at many of the sites where trusted operating systems are deployed, its important that these operating systems also are defined by their certifications.
The job of certifying trusted operating systems is generally left to the Common Criteria Project, an international initiative made up of security associations in Canada, France, Germany, the Netherlands, the United Kingdom and the United States. The project develops guidelines for evaluating IT security products that are mutually recognized by the projects members.
Common Criteria certifications include separate categories for addressing a products functionality—defined by Protection Profiles—and the level at which that functionality has been tested—defined by Assurance Levels.
When evaluating the certifications of a particular product, its important to note both categories and their associated metrics.
For example, the Certified Edition of Trusted Solaris 8 meets the Labeled Security, Role Based Access Control, Controlled Access, Trusted Desktop and Trusted Networking profiles and satisfies Evaluation Assurance Level 4+.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page