@ Daniel Faigin
I didn't have my hopes up re BLACKER and other exemplar designs of the past. I figure someone has them somewhere on floppies collecting dust. Maybe one of the original researchers. If I ever find one, the idea is to use FOIA to get it released for historical and educational purposes as I can't imagine anyone is using pre-TCSEC software in production. (Although, I might be able to squeeze some use out of it.)
"I will note that there is one legacy of BLACKER in use every day -- Perl was written to meet the A1 CM requirements for BLACKER (for details, see the history section in the Camel book, which I wrote -- Larry Wall, Mark Biggar, and I shared an office when the first version of Perl was developed)"
Wow! I didn't know that at all. I didn't even know it was that old: I discovered it in the very late 90's. Thanks for that tidbit!
It's funny you mentioned CM b/c it was one of the first EAL5-7 products I intended to build (if funded) to bootstrap security in further high assurance products. Hard to put plenty of faith in a binary whereby A1-class source was translated by EAL4 black box tools likely running on EAL1-4 OS.
"As for using GEMSOS -- I can't really answer the question for today. Last time I used the product, it was on the 286 and 386 platforms. If the capabilities of the product meet your specific need, it is certainly work exploring."
They did send me some marketing material. From what I see, they haven't really changed it much at all. They spent most of their modern effort on software that runs on top of it or integrates it with other modern stuff.
"As for A1 and B3... I'll note that another Ross -- Ron Ross, of NIST -- is working to bring back aspects of A1 and B3 in the improved assurance controls in NIST SP 800-53 Rev 4. You can get an idea of what is coming by looking at the initial public draft of earlier this year (available from NIST). Look particularly at Appx E. I believe the next draft should be out in early 2013."
It's about time they consider that! Again, thanks for the info. I'll surely look into it.