IEEE Works on Secure OS Standards.
The P2200 Base Operating System Security working group will look at creating "baseline consistent security requirements" for commercial off-the-shelf operating systems, using the Common Criteria standards as a starting point.
Common Criteria is a set of International Standards Organization "profiles" used to determine whether a security product meets certain basic requirements. In the US, CC is administered by the National Institute of Standards and Technology.
But the IEEE said that using the CC framework is optional, and that the final standard will not necessarily look like CC. Varying standards will likely be created for different types of operating systems.
The organization said that BOSS will address identification, authentication, access control and cryptographic concepts. Currently the plan is to have something completed before the end of next year.
Jack Cole, chair of the working group, said that input is being encouraged from OS developers, government, and end users in the financial and process control industries - critical infrastructure managers and the likely early adopters of such technology
"We must have as much buy-in as possible, so the standard is widely used and supported by both producers and users," Cole said in a statement.
Group vice chair Gary Stoneburner added: "It also will take advantage of the ISO Common Criteria framework as a tool, not a requirement." and that the effort helps "by moving OS security standards from government edict to community consensus."
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Institute of Electrical and Electronic Engineers|
|Article Type:||Brief Article|
|Date:||Sep 12, 2003|
|Previous Article:||Torvalds Rejects SCO's Open Letter.|
|Next Article:||Gartner Counts the Cost of Desktop Linux Migrations.|
|IEEE STANDARD EXTENDS WIRELESS TO INEXPENSIVE APPLICATIONS.|
|Dr. Herman P. Schwan.|