Microsoft recently got C2-security status approved for Windows NT by the National Computer Security Center, a division of the NSA. They are supposed to put systems through "laborious testing and review" before they approve C2.
Well yes and no, C2 is not a particularly high security rating. It is also a fairly obsolete set of requirements. So if anyone is to claim a breach of a C2 system it had better be one within the C2 assurances, not something that is only covered in the B series criteria. What really matters is the combined criteria which should have/would have emerged from NIST had the issue of harmonising the US/Canadian criteria with the European ones turned up. As a cypherpunks aside we reviewed the orange book criteria in a reading group here at MIT a few months back. One point that was made was that Orange Book does not consider cryptographic security systems which was generally considered a disappointment. Obviously Windows NT is "fair game" for analysis. Remember however that it is an established operating system and that there are many people who rely on it. I think that if people want to go down that route they should start by establishing a contacts with CERT and Microsoft in order to make sure that people whose businesses depend on the security of their O/S are not compromised. You may well find that Microsoft is willing to give you free copies of WNT to do this type of work on. I think that this would be a really good project. The more independent analysis of an operating system that takes place the more confidence people can place in it. Windows NT is in many ways a descendent of VMS which has a very good security record. There is no reason why Windows NT should not mature to that level of security. It was built with security in mind after all, unlike UNIX sitation security was never more than an afterthought and often merely wishfull thinking. There are an awful lot of WNT seats out there already. I expect them to outnumber UNIX very soon. The only thing that is holding it back is the relatively small size of the userbase compared to windows and the resources required to run it. WNT requires similar CPU and memory to UNIX which is hardly suprising since it is doing very much the same thing. I would suggest however that the project is structured and coordinated in some fashion. Someone should keep a list of security concerns that have been addressed and checked. That list should have some structure such as a division into the main risk categories (Authenticity, confidentiality, Service) so that people can get a feel for how thoroughly the space is being searched. Later on that list is likely to be one of the most valuable end results of such a project. Phill