To the Trusted Operating System web site, an Internet-based resource
center created to deliver information on OS technology and related
products, and provide access to knowledgeable consultants, vendors
and other members of the TOS community. This is an open site,
and your comments and ideas are welcome. If you have information,
papers, or products that you would like on this site, please use
our Contact section.
What are Trusted Operating Systems?
An operating system must have certain characteristics to be
- It must be able to implement a mandatory
access policy, which means that a user cannot give away
information that is under his control. Controls must be imposed
on all system resources (including processes, filesystems, networking,
- It must use a least privelege model,
which means that it grants fine-grained controls over priveleged
operations to users and processes on a "need-to-know" basis.
There is no superuser account.
- It must include assurance by being
independently validated. An OS with an impressive set of features
is completely worthless if there is no evidence that it works
Why use a Trusted OS?
The fastest growing market for trusted operating systems is Internet-based
commerce. Businesses on the web constantly face challenges to
their security. Only the operating system, which can impose limits
on all software, can effectively control certain threats, such
as compromise of priveleged applications. A trusted operating
system does not replace other security mechanisms; it strengthens
them. Elaborate encryption and authentication systems are absolutely
worthless if a hacker can bypass them and directly access confidential
files. Only a trusted operating system can ensure that security
policies are completely enforced.