from http://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.html
"The Trusted Computing Base (TCB) of a class (C1) system nominally satisfies the discretionary security requirements by providing separation of users and data. It incorporates some form of credible controls capable of enforcing access limitations on an individual basis, i.e., ostensibly suitable for allowing users to be able to protect project or private information and to keep other users from accidentally reading or destroying their data. The class (C1) environment is expected to be one of cooperating users processing data at the same level(s) of sensitivity." and "Systems in this class enforce a more finely grained discretionary access control than (C1) systems, making users individually accountable for their actions through login procedures, auditing of security-relevant events, and resource isolation." Orange booke certification is a testing process of a hardware and software combination - the whole system has to interact to provide all of the required security of the rating. This means that the kernel and drivers cannot allow direct interaction between a user and hardware, things like that. The requirements are all at that website, in techno-bureaucratic. Hardware and software can be tested independantly, but not OSes or complete boxes. lots more on the site... Mathias
