To the Trusted Operating System web site, an Internet-based resource center created to deliver information on OS technology and related products, and provide access to knowledgeable consultants, vendors and other members of the TOS community. This is an open site, and your comments and ideas are welcome. If you have information, papers, or products that you would like on this site, please use our Contact section.

What are Trusted Operating Systems?

An operating system must have certain characteristics to be considered trusted:

• It must be able to implement a mandatory access policy, which means that a user cannot give away information that is under his control. Controls must be imposed on all system resources (including processes, filesystems, networking, and IPC).
• It must use a least privelege model, which means that it grants fine-grained controls over priveleged operations to users and processes on a "need-to-know" basis. There is no superuser account.
• It must include assurance by being independently validated. An OS with an impressive set of features is completely worthless if there is no evidence that it works as advertised.

Why use a Trusted OS?

The fastest growing market for trusted operating systems is Internet-based commerce. Businesses on the web constantly face challenges to their security. Only the operating system, which can impose limits on all software, can effectively control certain threats, such as compromise of priveleged applications. A trusted operating system does not replace other security mechanisms; it strengthens them. Elaborate encryption and authentication systems are absolutely worthless if a hacker can bypass them and directly access confidential files. Only a trusted operating system can ensure that security policies are completely enforced.