Accession Number:

ADA001120

Title:

Multics Security Evaluation Volume II. Vulnerability Analysis.

Descriptive Note:

Final rept. Mar 72-Jun 73,

Corporate Author:

ELECTRONIC SYSTEMS DIV L G HANSCOM FIELD MASS

Personal Author(s):

Report Date:

1974-06-01

Pagination or Media Count:

160.0

Abstract:

A security evaluation of MULTICS for potential use as a two-level SecretTop Secret system in the Air Force Data Services Center AFDSC is presented. An overview is provided of the present implementation of the Multics Security controls. The report then details the results of a penetration exercise of Multics on the HIS 645 computer. In addition, preliminary results of a penetration exercise of MULTICS on the new HIS 6180 computer are presented. The rport concludes that MULTICS as implemented today is not certifiably secure and cannot be used in an open use multi-level system. However, the Multics security design principles are significantly better than other contemporary systems. Thus, MULTICS as implemented today, can be used in a benign SecretTop Secret environment. In addition, MULTICS forms a base from which a certifiably secure open use multi-level system can be developed.

Subject Categories:

  • Computer Programming and Software
  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE