[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hack Microsoft?




>   Microsoft recently got C2-security status approved for Windows NT by
>the National Computer Security Center, a division of the NSA. They
>are supposed to put systems through "laborious testing and review" before
>they approve C2.

Well yes and no, C2 is not a particularly high security rating. It is also a 
fairly obsolete set of requirements. So if anyone is to claim a breach of a C2 
system it had better be one within the C2 assurances, not something that is only 
covered in the B series criteria. What really matters is the combined criteria 
which should have/would have emerged from NIST had the issue of harmonising the 
US/Canadian criteria with the European ones turned up.

As a cypherpunks aside we reviewed the orange book criteria in a reading group 
here at MIT a few months back. One point that was made was that Orange Book does 
not consider cryptographic security systems which was generally considered a 
disappointment.

Obviously Windows NT is "fair game" for analysis. Remember however that it is an 
established operating system and that there are many people who rely on it. I 
think that if people want to go down that route they should start by 
establishing a contacts with CERT and Microsoft in order to make sure that 
people whose businesses depend on the security of their O/S are not compromised. 
You may well find that Microsoft is willing to give you free copies of WNT to do 
this type of work on.

I think that this would be a really good project. The more independent analysis 
of an operating system that takes place the more confidence people can place in 
it. Windows NT is in many ways a descendent of VMS which has a very good 
security record. There is no reason why Windows NT should not mature to that 
level of security. It was built with security in mind after all, unlike UNIX 
sitation security was never more than an afterthought and often merely wishfull 
thinking.

There are an awful lot of WNT seats out there already. I expect them to 
outnumber UNIX very soon. The only thing that is holding it back is the 
relatively small size of the userbase compared to windows and the resources 
required to run it. WNT requires similar CPU and memory to UNIX which is hardly 
suprising since it is doing very much the same thing.

I would suggest however that the project is structured and coordinated in some 
fashion. Someone should keep a list of security concerns that have been 
addressed and checked. That list should have some structure such as a division 
into the main risk categories (Authenticity, confidentiality, Service) so that 
people can get a feel for how thoroughly the space is being searched. Later on 
that list is likely to be one of the most valuable end results of such a 
project.


		Phill