E, EROS export status -- answers

[shapj@us.ibm.com]

Please direct these to eros-arch instead of eros-announce!  I erred on the
original post.

> I believe that if a system does not
> incorporate enough of the Orange Book
> functionality to be rated at B2, it
> does not matter what things above B2 it
> does contain (e.g. secure restart).
> It is not export controlled. Specifically,
> KeyKOS without the KeySafe code described
> in Susan Rajunis' paper is not controlled
> because it does not have things like audit
> trails, access control lists etc.  Do you
> disagree?

On your first point I disagree. The text of the restriction reads:

     Designed or modified to provide certified
     or certifiable "multilevel security" or
     user isolation at a level exceeding Class
     B2 of the Trusted Computer System Evaluation
     Criteria (TCSEC) or equivalent;

I take this to mean that regardless of other deficiencies relative to the
orange book, providing either user isolation or multilevel security that
exceeds the requirements of Orange Book B2 places you in an unfortunate
position.

I agree with your comments about KeyKOS without KeySafe.

I am intentionally taking a somewhat conservative position here because
none of us would get much coding done from Leavenworth and I think that
having this stuff out in the world is important. Given that the issue looks
to be going away for open source, it seems better to err on the side of
being conservative.

And once again, I am speaking here about my interpretation of the
regulations, and NOT about my opinions on civil disobedience in connection
with these regulations.

Jonathan S. Shapiro, Ph. D.
Research Staff Member
IBM T.J. Watson Research Center
Email: shapj@us.ibm.com
Phone: +1 914 784 7085  (Tieline: 863)
Fax: +1 914 784 6576