Trusted Information Systems, Inc.
|8 April 1992|
Trusted XENIX version 3.0 is a UNIX-like, multi-level secure operating system that has been enhanced (from Trusted XENIX version 2.0) to include the platforms listed above. It is a multi-user, multi-tasking system. Trusted XENIX contains many functional and security enhancements while maintaining binary compatibility with programs developed under IBM Personal Computer XENIX versions 1.0 and 2.0. (XENIX is a trademark of Microsoft Corporation).
Trusted XENIX is designed to provide a high level of security for environments requiring trusted desktop data processing. Trusted XENIX enforces a mandatory security policy based on the Bell and LaPadula security model. Discretionary access controls include traditional UNIX protection bits, as well as Access Control Lists. Trusted XENIX performs user identification and authentication, generates audit trail records, and provides a base upon which to build secure application programs. Evaluated hardware configurations include a range of disks, disk controllers, video configurations, and a cartridge tape unit for fast system back-up and restore. (UNIX is a registered trademark of AT&T Bell Laboratories, Inc.).
The system enforces the "principle of least privilege" (i.e., users should have no more authorization than what is required to perform their functions) for each of the four defined privileged user roles available in multi-user mode. These privileged users are assigned to one of the four following roles: System Security Administrator, Secure Operator, Account Administrator, and Auditor. This separation is supported by strictly limiting privileged users to predefined operations. In addition, all actions performed by privileged users can be audited, and the audit log cannot be modified by unprivileged users, the System Security Administrator, Secure Operator, or Account Administrator. In addition, there is also a Trusted System Programmer who is responsible for initial hardware and system configuration. This role only exists in single-user mode.
The security protection provided by Trusted XENIX, configured according to the most secure manner described in the Trusted Facility Manual, has been evaluated by the National Security Agency (NSA) against the requirements specified by the Department of Defense Trusted Computer System Evaluation Criteria [DOD 5200.28-STD] dated December 1985.
The evaluation team has determined that the highest class at which Trusted XENIX satisfies all the specified requirements of the Criteria is class B2. In addition, Trusted XENIX satisfies the functionality of the B3 requirements for DAC, Trusted Path, and Trusted Facility Management.
For a complete description of how Trusted XENIX satisfies each requirement of the Criteria, see Final Evaluation Report, Trusted Information Systems, Trusted XENIX Version 3.0 (Report No. CSC-EPL-92/001).