[TUHS] Government-Issue UNIX?

Ron Natalie via TUHS tuhs at tuhs.org
Sat Oct 11 03:16:40 AEST 2025 

I was working on crafting a second Ethernet interface into it and 
turning it in to a secure “downgrading” station.  You took a file from 
one network, verified that it had no higher classified content, and then 
wrote it out on the lower classification network.

If I recall properly, Jakob Rector had written the original driver.


------ Original Message ------
>From "GARY LUCKENBAUGH via TUHS" <tuhs at tuhs.org>
To "Ron Natalie via TUHS" <tuhs at tuhs.org>
Cc "segaloco" <segaloco at protonmail.com>; tuhs at tuhs.org
Date 10/10/2025 9:29:04 AM
Subject [TUHS] Re: Government-Issue UNIX?

>Yes, I know Tom Wellington very well. He was a strong proponent of Secure Xenix and worked hard to get it into NSA. I believe he had some success with that, even after it was sold to Trusted Information Systems. I heard there was a Secure Phone system built out of it, but that was past my time.
>
>Gary Luckenbaugh
>
>Sent from my iPhone
>
>>  On Oct 9, 2025, at 10:28 PM, Ron Natalie via TUHS <tuhs at tuhs.org> wrote:
>>
>>  I was consulting for IBM FSC (Gaithersburg MD).   Tom Wellington was who I was dealing with there.
>>
>>>  On Oct 9, 2025, at 21:30, GARY LUCKENBAUGH via TUHS <tuhs at tuhs.org> wrote:
>>>
>>>   BTW, Ron Natalie, where did you work on IBM Secure Xenix? I'm surprised we didn't cross paths. Maybe we did, and I just don't remember. My 68 y/o brain isn't what it used to be.
>>>
>>>  Gary Luckenbaugh
>>>
>>>
>>>  Sent from my iPhone
>>>
>>>>>  On Oct 9, 2025, at 9:11 PM, GARY LUCKENBAUGH via TUHS <tuhs at tuhs.org> wrote:
>>>>
>>>>  I was the lead developer on IBM Secure Xenix. I designed all the APIs and did much of the kernel work from Jan 1984 until 1989 when we handed off the project to Steve Walker's Trusted Information Systems.
>>>>
>>>>  My dream job was to work on the Unix kernel, and by some miracle I got to do that at IBM. I was the first IBMer on the project and the last off. This was my first job out of graduate school. My thesis advisor, Virgil Gligor, was an IBM consultant, and he knew they were looking for kernel developers, dare I say kernel hacker.
>>>>
>>>>  Besides my advisor, and my IBM manager, I was the only one working the project until the summer of 1984 when we brought in two PhDs to work the project, one was from IBM's Yorktown Research Division, and one was a hire from AT&T Naperville.
>>>>
>>>>  I was the only one with knowledge of the Unix kernel. I was two steps down the ladder from the guys with PhDs, but my manager quickly figured out I was the only one that really knew what I was doing. I got really annoyed with the analysis paralysis. I decided I had enough of that, and implemented the Mandatory Access Controls over a weekend. 😆
>>>>
>>>>  That project was a heck of a lot of fun, and the highlight of my career. I was one of IBM's first Unix people, and I got to run all around the corporation giving talks. My home base was IBM Federal Systems Division in Gaithersburg, MD, but I spent a lot of time at IBM's Advanced Workstation Division in Austin, TX the home of IBM's AIX.
>>>>
>>>>  Gary Luckenbaugh
>>>>
>>>>  Sent from my iPhone
>>>>
>>>>>>  On Oct 9, 2025, at 5:44 PM, segaloco via TUHS <tuhs at tuhs.org> wrote:
>>>>>
>>>>>  
>>>>>>
>>>>>>>>  On Fri, 10 Oct 2025, at 01:35, Jon Forrest via TUHS wrote:
>>>>>>>>
>>>>>>>>  KSOS was made from scratch at Ford Aerospace in the late
>>>>>>>>  1970s. I was in the group that did it, although I didn't
>>>>>>>>  work on it because I didn't have a security clearance.
>>>>>>
>>>>>>
>>>>>>  There seems to be an IEEE paper on this, though I’ve not read it yet. Hate it when things need a login :-(
>>>>>>
>>>>>>  Do you know where it belonged on the spectrum from “zero AT&T code” to “new kernel but overwhelmingly AT&T userland”?
>>>>>>
>>>>>>  Intrigued,
>>>>>>
>>>>>>  John
>>>>>
>>>>>  Fwiw the manual I have on hand is just for the kernel API, so I couldn't
>>>>>  say.  On a quick flip-through, the sections appear to have been
>>>>>  rearranged (.e.g Section I describes datatypes used by syscalls) and in
>>>>>  none of the sections did I spot anything particularly resembling
>>>>>  userland applications, although I think the API documentation includes
>>>>>  non-syscall entrypoints implying parts of a userland C library.
>>>>>
>>>>>  - Matt G.
>>

More information about the TUHS mailing list