top - download
⟦c404b36e6⟧ Wang Wps File
Length: 31633 (0x7b91)
Types: Wang Wps File
Notes: S-90 PROPOSAL, Technical
Names: »4793A «
Derivation
└─⟦f44f167f1⟧ Bits:30006019 8" Wang WCS floppy, CR 0458A
└─ ⟦this⟧ »4793A «
WangText
…07……00……00……00……00…"…02……00……00…"
"…07…!…09…!…0c…!…01… …0a… …01……1f……86…1 …02… …02… …02… …02… …02…
S-90 - PART II SYS/84-04-10
TECHNICAL PROPOSAL Page
T̲A̲B̲L̲E̲ ̲O̲F̲ ̲C̲O̲N̲T̲E̲N̲T̲S̲
4 HARDWARE .......................................
4.1 COMPUTER ...................................
4.2 SECONDARY STORAGE ..........................
4.3 WORKSTATION ................................
4.3.1 Monitor ...............................
4.3.2 Keyboard ...............................
4.3.3 Printer ................................
4.4 "R…1e…S"-APPROVED WORKSTATION .................
4.5 TIME TERMINAL SYSTEM .......................
4.6 APL-TERMINAL ...............................
4.7 FIBEROPTICAL COMMUNICATION .................
4.8 PROPOSED AMOS/NY CONFIGURATION .............
4̲ ̲ ̲H̲A̲R̲D̲W̲A̲R̲E̲
The proposed solution is based on the CR32 UNIMASTER
hardware that performs extremely well in distributed
systems like the ones included in S-90. The hardware
elements are all designed in accordance to widely used
standards giving a high degree of modularity and expandability.
?
THE CR32 UNIMASTER TABLETOP MODEL.
4.1 C̲O̲M̲P̲U̲T̲E̲R̲
The system architecture is based on the CR32 UNIMASTER
computer produced by Christian Rovsing A/S. The CR32
features the 32/16 bit M68000 CPU and an internal bus
compatible with IEEE 796 (Multibus). Additionally an
extra bus (the P2 bus) gives the CPU rapid access to
the dual ported RAM of which a maximum of 2M byte may
be included. The Multibus provides access to controllers,
for a full range of peripherals (disks, terminals,
printers, etc.), communication ports, and local area
networks. The de facto LAN standard, Ethernet (IEEE
802.3), is supported fully in hardware and software.
?
CR32 INTERNAL BUS STRUCTURE
The CR32 is equipped with an efficient switch-mode
power supply that provides a stable voltage within
wide variations of the mains supply. Additionally the
system is provided with a battery-powered clock that
will maintain the current time and date while the system
is switched off.
4.1.1 The processing power may be expanded by adding Extension
Elements to the Base Element. Addition of an Extension
Element provides the system with an additional M68000
CPU and RAM in the range of 512KB - 2MB, as well as
additional communication ports, peripherals, etc. The
elements of a multiprocessor configuration communicates
via the fast 10Mbit/sec serial IEEE 802 compatible
bus.
The basic (minimal) configuration consists of one processing
element providing a system with one CPU and a maximum
of 2MB RAM. Adding Extension Elements allows for configurations
with a maximum of 16 CPUs and 32MB RAM thus providing
ample processing power for demanding applications.
?
CR32 MODULAR EXTENSION PRINCIPLE.
4.1.2 The RAM (primary memory) of the CR32 Base Element
is expandable from the minimal configuration of 512KB
to 2MB in steps of 512KB. Memory boards are available
in 512KB and 1MB, and a maximum of two boards may be
included in any one system. Use of Extension Elements
provides the same range of memory capacity for each
element.
4.1.3 The secondary storage capability is normally based
on one or more 5 1/4 " Winchester type disk drives
controlled by a disk controller that will handle a
maximum of 4 drives. The disk controller transfers
by use of DMA the data between the disk and the RAM
via the Multibus. For large secondary storage demands,
disks of the SMD type may be attached via a SMD disk
controller.
4.1.4 The workstations are attached to the CR32 via standard
RS-232C serial interface using standard 25 pole Cannon
connectors (V24). The printers use the same type of
interface and may be connected either to a terminal
as a slave printer or directly to the CR32. The devices
are attached to the Serial Communication Interface
(SCI) board which provides four ports, or to the CPU
board which also provides four serial ports. Additionally
the CPU-board provides a Centronics-type parallel printer
port.
4.1.5 Expansion of the processing power is done by adding
an Extension Element which is comprised of a 19" cabinet
that will fit a standard rack, and necessary cabling
to connect the element with the other elements.
The RAM may be expanded quite easily by plugging in
an additional RAM board of 512KB or 1MB into the Multibus.
Expansion of secondary storage may be performed either
by exchanging the existing disk with another with a
higher capacity or by adding drives. Only one Winchester
disk will fit into the CR32 cabinet, additional drives
are built into a separate cabinet that also contains
a power supply for the extra drives.
Addition of workstations will require the inclusion
of an additional SCI board if no free ports are available.
The board is simply inserted into the Multibus.
4.1.6 One terminal acts as the system console, i.e. when
the system is powered up, only this terminal is active
until the system is running and the additional terminals
are enabled automatically or manually by entering appropriate
commands on the system console. Also off-line diagnostics
may only be run from the system console. The system
console may additionally be used as a normal workstation
as it may be of exactly the same type as other workstations.
4.1.7 The data communication facilities are provided by the
Serial Communication Interface (SCI) that features
on Z80 microprocessor and upto 64KB of RAM. The Z80
provides all the low-level handling of the communication
protocol thus relieving the main CPU of this demanding
work. The protocol handling software is downloaded
by the main CPU at system start-up time or whenever
a change in the functions of the SCI board is required
(e.g. change to another protocol). The SCI board provides
four ports that are strapable to either V24, X21 or
current loop.
4.1.8 According to specifications, the RS-232C interface
is limited to a cable length of 15m at a transmission
speed of 9600 baud - at distances beyond this modems
should be utilized. However, the limit of 15m may often
be exceeded without causing any problems.
4.1.9 In order to indicate the performance of the CR32, FMV
may specify tests to be run on the computer.
4.1.10 Personal computers may be attached to the CR32 directly
or via modems allowing for communication in TTY-mode.
This will allow file tranfers between the PC and the
CR32 as well as letting the PC work like a terminal
on the CR32.
4.2 S̲E̲C̲O̲N̲D̲A̲R̲Y̲ ̲S̲T̲O̲R̲A̲G̲E̲
4.2.1 The Unix operating system supports in numerous ways
the handling of classified information on the secondary
storage drives attached to the CR32 UNIMASTER.
Handling of classified information requires that the
system is equipped with a secondary storage medium
of the removable type, i.e. floppy disk, streamer tape,
or removable hard disk. The choice depends on the requirements
to storage capacity and access time requirements.
4.2.2 The CR32 UNIMASTER is capable of using a number of
different secondary storage media.
4.2.3 This includes 5 1/4" Winchester type disks, large SMD
type disks (fixed and removable), 5 1/4" and 8" floppy
disks, 1/2" tape station, and cartridge type streamer
tape.
The combinations proposed are varying with the different
requirements of the various systems included in S-90.
4.2.4 All systems will include a 5 1/4" Winchester disk with
an unformatted capacity of either 50 or 85 MB. The
disk interface conforms to the ST506/412 standards,
including 5MHZ transfer rate. The average seek time
is 33 milli seconds and the average rotational latency
is 8.3 milli seconds, giving an average total access
time of 41.3 milli seconds.
The disk controller interfaces to the Multibus and
will handle a maximum of four drives.
4.2.5 Backup facilities are available as floppy disks, streamer
tape, or - for the very large data requirements of
AMUS/NY - as a removable SMD disk. The storage capacity
for a floppy disk is approx. 640 KB while the streamer
tape will take either 45 MB or 60 MB depending on the
cartridge type used.
The streamer tape facility may also be operated in
block mode.
4.2.6 Backup of Winchester disks is most easily performed
by use of a 1/4" streamer tape. A menu-driven programme
allows for easy handling of backup and restore functions,
and also records the current time and date as well
as a text of the choice of the operator when a backup
is performed. When a restore is requested, this information
is displayed, allowing the operator to identify the
tape properly, before the restore is performed.
A backup of a 50 MB Winchester disk is performed in
less than 15 minutes.
4.2.7 Cartridge tapes written on a streamer device may be
read by any other CR32, thus allowing for easy exchange
of data and programmes.
For smaller data volumes the floppy disk may be a more
appropriate medium. The standard format used complies
with statskontoret's norm no. 21:1, type 6B.
4.2.8 The streamer tape device will store 45 MB on a cartridge
of type 300XL when used in streaming mode.
The recording mode used is in accordance with the QIC-24
standard and the internal interface used is the QIC-02
standard.
4.3 W̲O̲R̲K̲S̲T̲A̲T̲I̲O̲N̲
The workstation consists of a display unit, a keyboard,
and in some cases a printer.
The proposed devices are the advanced Facit Twist video
terminal and the Facit 4512 matrix printer.
The printer is attached to the terminal unit via a
standard RS-232C interface allowing for a maximum cable
length of 15m when operating at 9600 baud.
The keyboard is connected to the terminal unit via
a coiled cable that may be streched to a maximum length
of 1.5m.
?
The Facit Twist Video Terminal
4.3.1 M̲O̲N̲I̲T̲O̲R̲ ̲
4.3.1.1 The Facit Twist features a large dual display format
that allows the monitor to be in either landscape or
portrait format. The landscape format provides 24 lines
of 80 characters each, while the portrait format features
72 lines of 80 characters each.
Additionally 1 status line of 80 characters is available.
4.3.1.2 The character set is in full compliance with statskontoret's
norm no. 3:1. The Facit Twist provides several character
sets and even allows for the use of user designed characters.
4.3.1.3 The monitor provides a very stable and non-flickering
picture due to the high resolution and scan frequency
used.
4.3.1.4 The contrast between display characters and background
is superior allowing for easy recognition of displayed
text even in a fully lit-up office environment.
4.3.1.5 The luminance (brightness) is fully adjustable in 32
steps by use of software control.
4.3.1.7 The display tube has a direct etched faceplate giving
excellent glare protection.
4.3.1.8 The text is displayed in black on a white background
or as the reverse if preferred.
4.3.1.9 The character size in portrait mode is 5x3mm, while
the landscape mode provides a 2.5x2mm character size.
Each character is built up in a matrix of 16x7 dots
(portrait) or 20x16 dots (landscape).
4.3.1.10 A full set of display attributes is available:
Nondisplayed
Low intensity
Blink
Reverse video
Underline
The attributes may be combined in all possible combinations.
4.3.1.11 The Twist terminal features a 15" diagonal tube.
4.3.1.12 The displayed text may be scrolled up or down. In the
landscape mode even a smooth scroll facility is available
at two possible speeds: 6 or 12 lines per second.
4.3.1.13 The refresh rate is 65Hz.
4.3.1.14 The Twist provides a semigraphic mode that allows the
use of the "Special Graphics" as defined in the ANSI
Command Set.
4.3.1.15 The monitor integration is a state-of-the-art solution
that allows the monitor to be tilted, lifted and even
twisted.
4.3.1.16 There is no video outlet provided.
4.3.2 K̲e̲y̲b̲o̲a̲r̲d̲
4.3.2.1 The keyboard is detached from the monitor and is in
accordance with statskontoret's norm no. 1 : 1, version
SIS E 47.
?
Keyboard Layout
4.3.2.2 The keys are produced in a material that provides good
contrast between the light grey background color and
the distinct black color used for the text.
4.3.2.3 The keys are made a non-glaring plastic material.
4.3.2.4 A separate numeric keypad is provided to the right
of the normal keyboard.
4.3.2.5 An audible keyclick tone is generated by a small loudspeaker
mounted in the main cabinet. The level of sound may
be adjusted by turning the potentiometer located on
the rear side of the main cabinet.
4.3.2.6 An Auto Repeat function may be enabled. This feature
allows most key functions to repeat automatically after
the key has been depressed for 0.5 sec. Keys that will
not auto repeat are the SET UP, BREAK, NO SCROLL, TAB,
RETURN, and ENTER keys, and any other key that is depressed
in conjunction with the CTRL key.
4.3.2.7 The following dedicated function keys are available:
o Cursor up, down, left, right
o Tab
o Back Tab
o Home
o Line Insert
o Character Insert
o Line Delete
o Character Delete
o Erase to End of Line/Page
All function keys may be reprogrammed.
4.3.2.8 The Twist provides four function keys PF1-PF4, eight
function keys F1-F8 and four assignable LED indicators.
All function keys may be programmed to an desired code
sequence.
4.3.3 P̲r̲i̲n̲t̲e̲r̲
Depending on the requirements to printing quality and
quantity required either a matrix printer or daisy
wheel printer may be used.
4.3.3.1 The offered matrix printer is the Facit 4512, while
the daisy wheel printer is the Dataproducts DP-55.
4.3.3.2 The character set for both printer types conforms to
Statskontoret's norm 3:1. The matrix printer will additionally
print semi-graphic characters.
4.3.3.3 Both printers are silent when not printing. The DP55
daisy wheel printer should be placed in a noise- reduction
cabinet if it is to be placed in an office environment.
4.3.3.4 The daisy wheel printer will print a fast black image
on archive paper.
4.3.3.5 Both printers allow new line and form feed commands
to be given from the computer.
4.3.3.6 Test print-outs are shown below:
?
FACIT 4512 TEST PRINT
DP55 TEST PRINT
4.3.3.7 The matrix printer will print 140 CPS at 10 CPI.
The daisy wheel printer produces 55 CPS.
4.3.3.8 The matrix printer will handle paper widths 4" to 15".
The daisy wheel printer will handle paper widths 2"
to 15".
4.3.3.9 Matrix printer: 10, 12 and 17 CPI as well as proportional
spacing.
Daisy wheel printer: 10, 12, 15 CPI as well as proportional
spacing.
4.3.3.10 The matrix printer may use tractor feed or friction
feed.
The daisy wheel printer will use sheet feder and tractor
feed.
4.3.3.11 The matrix printer will print on paper consisting of
an original and max. 3 copies (max. thickness 0.33mm)
The daisy wheel printer requires a paper quality with
a thickness between 0.076 mm and 0.686 mm. Forms containing
1 to 6 parts may be used.
4.4 "̲R̲…9e…S̲"̲-̲A̲P̲P̲R̲O̲V̲E̲D̲ ̲W̲O̲R̲K̲S̲T̲A̲T̲I̲O̲N̲
Generally the proposed equipment is of commercially
available types.
Christian Rovsing A/S has experience in delivering
systems subject to requirements of no compromising
emanation.
Christian Rovsing A/S proposes, that the proposed equipment
is analysed as a joint venture between our experts
and FMV in order to achieve the most feasible system
solutions.
See section 6.4.4 for a more detailed rationale.
4.5 T̲I̲M̲E̲ ̲T̲E̲R̲M̲I̲N̲A̲L̲ ̲S̲Y̲S̲T̲E̲M̲
The CR proposal for the S-90 system includes a terminal
system for input of various work transactions. The
system, which is called Micronic Time is very flexible
and modular. It can be configured to meet a broad range
of individual user requirement from a single input
station to a cluster of 8 or more input stations per
cluster.
Each cluster is prepared for more than 20 input workstations,
and several clusters can be attached to the same host,
in order to provide additional capacity.
The modules in the Time Terminal System include the
following modules
- Time Terminal host, which provides processing power
for all input terminals in a cluster.
- Input Terminals , to be distributively placed in
relation to the input work.
- Display panels, which indicate presence or more
non presence of individual people.
- Optional card reader, i.e. identify cards with
magnetic stripe.
- Light pen reader for input.
- Printer unit.
- Removable input station with printer for use outside
normal location.
The Time Terminal System is very flexible and can store
personal data for an extensive period in order to log
an checking facilities. The system is equippped with
5 volt batteries to provide power back up for several
hours in case of primary power failure. This will ensure
that no data is lost during main system failures of
any kind.
The system keeps a real time clock function, which
can identify year, month day, day within week plus
hours and minutes. All these functions are software
based so that modifications can be introduced if required.
The system is equipped with a 20 key keyboard and a
16 position display to allow an easy dialog with the
system.
4.6 A̲P̲L̲-̲T̲E̲R̲M̲I̲N̲A̲L̲
The APL version of the Facit Twist is proposed for
use in workstations where this facility is required.
4.7 F̲I̲B̲E̲R̲O̲P̲T̲I̲C̲A̲L̲ ̲C̲O̲M̲M̲U̲N̲I̲C̲A̲T̲I̲O̲N̲
In all serial communication between terminals and between
terminal and processor-equipment, where the transmission
is serial compliant with EIA, RS-232 (CCITT V24), the
electrical connection can be replaced by an optical
link. For transmission speeds below 10 kbps no external
power supply connection is required, as the link will
be supplied through the RS 232-connector.
4.8 P̲R̲O̲P̲O̲S̲E̲D̲ ̲A̲M̲O̲S̲/̲N̲Y̲ ̲C̲O̲N̲F̲I̲G̲U̲R̲A̲T̲I̲O̲N̲
As an example of an exact hardware configuration in
accordance with the specifications given in the Appendix,
AMOS/NY (Appendix 4) will be considered.
The AMOS/NY systems, which are to be used for Materials
Management, are based on a CR32 computer with 2MB main
memory, 600 MB disc space, 3 initial workstations,
and a magnetic tape drive. The systems support future
communication as described in section 3.1.4 and are
equipped with all necessary systems software and development
tools.
The proposed configuration looks as follows:
- CR32 Computer with 2 MB RAM and built-in 43 MB
Winchester Disc
- Fast printer M200
- CDC 9766 Disc (300 MB Removable disc)
- CDC 9715 Disc (340 MB Fixed disc)
- CDC Keystone 1600 bpi tape drive
- Communication interface
- 3 to 5 workstations consisting of
* Facit Twist Terminal
* Facit 4512 Printer
- System software and development tools: e.g.
* ORACLE relational database
* ORACLE application generator
* ORACLE business graphics
* PASCAL Compiler
* ADA Compiler
* COBOL Compiler
* APL Compiler
* FORTRAN Compiler
(A full description of the available software on the
CR32 computer is shown in section 3).
The CDC Keystone tape drive and the CDC 9715 disc will
be mounted together in a rack. A graphic representa-
tion of the configuration is shown in figure 4.8-1.
Figure 4.8-1
If more workstations are to be connected without a
degrade in performance, the CPU power may be doubled
by adding another CR32 computer connected to the first
CR32 via Ethernet.
By use of this technique, the system may easily be
expanded to allow for future development including
addition of
- Plotters (e.g., HP7470)
- Up to 10 workstations
- 3 fast printers, including one printer with graphics
option
- Tape Cartridge streamer (DC300)
- 8" Floppy Disk
- 5 1/4" Floppy Disk
- Addition of CDC Disk Drives up to 675MB in size.
Up to 4 disk drives per CPU are supported.
T̲A̲B̲L̲E̲ ̲O̲F̲ ̲C̲O̲N̲T̲E̲N̲T̲S̲
5 DATA SECURITY ................................
5.1 INTRODUCTION ...............................
5.2 SYSTEM FUNCTIONS ...........................
5.3 ACCESS CONTROL SYSTEM ......................
5.4 SYSTEM CONTROL .............................
5.5 STORAGE OF INFORMATION .....................
5.6 BACKUP OF DATA .............................
5.7 SUPPORT AND SERVICE ........................
5.8 SIGNAL PROTECTION ..........................
5̲ ̲ ̲D̲A̲T̲A̲ ̲S̲E̲C̲U̲R̲I̲T̲Y̲
5.1 I̲N̲T̲R̲O̲D̲U̲C̲T̲I̲O̲N̲
The security aspects are properly handled by the combination
of hardware and operating system facilities available
in the CR32 UNIMASTER. The Unix operating system provides
excellent facilities for controlling the access to
data and programmes, and additionally allows the system
developer to provide programmes that will let the users
access data in a predefined and orderly manner only.
Unix provides full control over which secondary storage
media is used for storage of data files and programmes.
It is thus possible to control that files containing
confidential information are kept on a specific disk.
Although a CR32 UNIMASTER is physically connected to
other computers via e.g. Ethernet or communication
lines, the software will be able to effectively isolate
a computer so that confidential information may be
properly handled.
5.2 S̲Y̲S̲T̲E̲M̲ ̲F̲U̲N̲C̲T̲I̲O̲N̲S̲
5.2.1 The Unix operating system requires that a user performs
a login before a session starts. Additionally a password
may be required, giving a very high degree of security.
5.2.2 All workstations connected to a computer are easily
identified by use of a standard Unix command.
5.2.3 The hardware and operating system provides full protection
of memory so that no programme will be able to access
other parts of the primary memory than the ones it
has been assigned.
5.2.4 The hierarchial structure of the file system allows
any subtree to be placed on another physical media
than the one used as the system disk.
It is thus possible to use a removable storage media
for storage of secret information. This media may then
be removed from the system, when it is not required,
and stored in a secure place.
The files confined to a removable media may include
the dump files and print spool queues. Even the swop
area of the system used for swopping out passive programmes
may be located on a removable media - it will however
require that the system is stopped and restarted if
the media is to be removed.
5.2.5 Unix system V provides a number of spool-handling facilities.
Several spool-queues may be used and print may be routed
to a passive print queue (i.e. no printing is currently
taking place) and then later be activated when requested
by a user.
5.2.6 The operating system provides a log.
The logging facility may be enabled and disabled by
the super user. It is however possible to ensure that
no disabling is performed by using either a well guarded
password for the super user, or by totally removing
the super user from the system.
5.2.7 The log includes the following information:
o user id
o group id
o terminal id
o starting time
o CPU time used
o system time used
o clock time elapsed
o no. of i/o characters handled in terminal
communication.
o no. of i/o blocks used in block transfer.
o command executed.
The log is stored in a file on a secondary storage
media and protected by the standard Unix protection
facilities. A number of Unix commands allows for advanced
extraction of information from the log file.
Examples are:
o Display all activities done by a specific user.
o Display all activities within a specific time
interval.
o Display all executions of a specific command.
5.3 A̲C̲C̲E̲S̲S̲ ̲C̲O̲N̲T̲R̲O̲L̲ ̲S̲Y̲S̲T̲E̲M̲
5.3.1 The Unix operating system provides an effective means
on controlling the access to programmes and data stored
in the system. Each file may have individual protection
rights set for three levels of users:
o the owner
o a group
o public (all others)
For each of these levels the access rights may be set
individually for three types of access:
o reading
o writing
o executing
The hierarchial structure of the file system allows
for easy use of these access control features. By restricting
the access to a directory a user may be effectively
prevented from accessing any files within the subtree
branching out from that directory. Using the group
feature allows for implementation of e.g. a group for
persons with the right to process top secret information.
The access control system is protected by the fact
that only the owner of a file or the super-user may
alter the access rights of the file. Appropriate user
of ownership and dividing the users into groups gives
a very reliable access control system.
Additional security may be gained by using the "set
user-id on execution" facility in Unix. This facility
is used when a limited access to a file is wanted and
is used in the following way:
A programme is written that performs a number of well
defined operations on some data files and the "set
user-id bit" is set on the object file. Now an ordinary
user may execute this programme and within it he will
have the same access rights as the owner of the object
file is allowed, e.g. access some files that he otherwise
is unable to access. The programme will take care that
only acceptable operations on the data can be performed.
5.3.2 The facilities described above are all standard facilities
of the Unix System V operating system.
5.3.2.1 The operating system provides full control of the access
to functions (programmes) and files.
Control based on the workstation used is not integrated
in the operating system but will have to be integrated
within the menuhandling programmes. However, Unix provides
the necessary system calls for identifying the terminal
executing a particular programme. Fulfilling the requirement
that changes to the access control system must be performed
by the super-user at the main console will require
a change within some of the Unix commands, i.e. a change
to the standard Unix operating system.
5.3.2.2 The access control facilities provide, as described
in 5.3.1, means of controlling the right to execute
programmes, read data and programmes, and provide changes
to existing data or programme files.
5.3.2.3 The operating system provides a feature (cron) for
making access rights dependant on current time of day.
5.3.2.4 All users may be provided with a user-id. This user-id
may be longer than 9 characters.
5.3.2.5 A password may be defined by each user. The password
is never displayed on the screen and may be longer
than 5 characters. The user may at any time change
his current password.
5.3.2.6 The encryption method is in accordance with the National
Bureau of Standards Data Encryption Standard.
5.3.2.7 All terminal sessions are initiated by entering the
user-id and password.
5.3.2.8 The standard operating system does not provide a means
for deactivation of a terminal if a number of unsuccessful
login attempts has been executed. This feature will
require a change within the Unix login command.
5.3.2.9 It may be specified within the standard operating system
that the monitor is to be blanked at log-out time.
5.3.2.10 There is no feature for logging out an unactive terminal.
This feature may be provided by a change to the operating
system.
5.3.2.11 The standard log provided includes information on user-id
for a terminal session as well as starting and end
time for all functions (programmes) executed.
5.3.2.12 The standard log facility provides logging of the execution
of all programmes. There are however no logging of
erroneous login attempts, unsuccessful access attempts
to functions or data or changes made to the access
rights.
5.4 S̲Y̲S̲T̲E̲M̲ ̲C̲O̲N̲T̲R̲O̲L̲
5.4.1 It is required that a number of functions only may
be performed by the super-user from the main console.
These functions may easily be restricted to be performed
by the super-user only. In order to handle the requirement
on restricting the use to the system console it will
be necessary to make the modifications as mentioned
in 5.3.2.1.
5.5 S̲T̲O̲R̲A̲G̲E̲ ̲O̲F̲ ̲I̲N̲F̲O̲R̲M̲A̲T̲I̲O̲N̲
5.5.1 In order to handle secret and top secret information
the systems must be provided with a removable storage
media.
5.6 B̲A̲C̲K̲U̲P̲ ̲O̲F̲ ̲D̲A̲T̲A̲
In order to perform a rational backup of secret or
top secret information the computers that are to handle
such information will have to be equipped with two
secondary storage devices, e.g. floppy disk, streamer
or large disks.
5.7 S̲U̲P̲P̲O̲R̲T̲ ̲A̲N̲D̲ ̲S̲E̲R̲V̲I̲C̲E̲
5.7.1 The technical service personnel will be qualified and
authorized persons only.
5.7.2 The system must be totally isolated when secret data
are stored in the system. This may be handled by software
that will ignore and refuse all access requests from
communication lines and local area networks. In this
way also the running of remote diagnostics is effectively
barred.
5.8 S̲I̲G̲N̲A̲L̲ ̲P̲R̲O̲T̲E̲C̲T̲I̲O̲N̲
Protection of classified information on communication
lines may be performed by using optic fibre links or
by use of cryptography.
5.8.1 The CR32 Serial Communication Interface (SCI) will
communicate with the crypto-equipment furnished by
the Swedish defense by use of a X.21 interface with
a HDLC-protocol.
