Learning from the past

Marc SCHAEFER (schaefer@alphanet.ch)
Sun, 19 Oct 1997 15:34:18 +0200


In alphanet.ml.security.bug-traq, there are many articles describing
current design vulnerabilities of the proprietary MS-WINDOWS'NT
kernel from the Microsoft software editor.

Conclusions are, notably, that Microsoft doesn't seem to have
learnt anything from the 20+ years of UNIX design, for example in
the system call area and the process/system armour by separating
address space.

UNIX *implementations* have still a long way to become B (except
SCO who sells a Trusted UNIX at rate B1). NT is moving, but not in the
right direction.

PS: the analysis was made through reverse-engineering, because Microsoft
 does not document this.

Classifications:
 A verified design (not a single system is certified A yet)
 B trusted design
 C mandatory access controls (most modern UNIX systems)
 D trashcan system.

There is a more complete description in bug-traq.

.