Why don't more commercial operating systems meet the highest security requirements described in the orange book?
The orange book stipulates various security requirements necessary for a standard system. It aids the measurement of different levels of protection and security by use of policies and assurance of security through trust. It facilitates a continuous measurement of the security levels of a system, acts as a guide to the design of security conscious systems and also ensures the effective acquisition of such requirements (Landwehr, 1985).
There are many reasons that lead most commercial operating systems into going against or not meeting the security requirements in the Orange book. First, the very fact that these operating systems are aimed at profit ...