processed by the system User can only access certain files Must have formal approval, NDA, need to know, and the necessary clearance to access the data that they need to carry out their jobs The Bell-LaPadula model is an example of a multilevel security model because it handles multiple information classifications at a number of different security levels within one system simultaneously D MacIntyre INFO6010 120
A security evaluation examines the security- relevant parts of a system, meaning the TCB Access control mechanisms Reference monitor Kernel Protection mechanisms The relationship and interaction between these components are also evaluated D MacIntyre INFO6010 121
There are different methods of evaluating and assigning assurance levels to systems Methods and ideologies have evolved over time Various parts of the world look at computer security differently and rate some aspects of security differently D MacIntyre INFO6010 122
The U.S. Department of Defense developed the Trusted Computer System Evaluation Criteria (TCSEC) Used to evaluate operating systems, applications, and different products These evaluation criteria are published in a book with an orange cover Customers use the assurance rating that the criteria present as a metric when comparing different products Provides direction for manufacturers so they know what specifications to build to, and provides a one-stop evaluation process so customers do not need to have individual components within the systems evaluated D MacIntyre INFO6010 123
The Orange Book is used to evaluate whether a product contains the security properties the vendor claims it does and whether the product is appropriate for a specific application or function The Orange Book is used to review the functionality, effectiveness, and assurance of a product during its evaluation, and it uses classes that were devised to address typical patterns of security requirements D MacIntyre INFO6010 124
TCSEC - Orange book security classes D – Minimal protection C – Discretionary protection B – Mandatory protection B1, B2 & B3 A – Verified protection; Formal Methods (A1) Each level indicates it covers all specification at lower levels well B3 covers B1, B2, C1, C2 and D specifications D MacIntyre INFO6010 125
C1 – Discretionary Security Protection Separate user from data Have an authentication method Access control to data C2 – Controlled Access Protection More detailed access control Audit function B1 – Labeled Security Objects have classification and clearance labels D MacIntyre INFO6010 126
B2 – Structured Protection Subjects and objects require labels More stringent authentication methods Separate user and administrative functions No covert channels B3 – Security Domains More granularity for each protection mechanism Administrative role clearly defined
You've reached the end of your free preview.
Want to read all 154 pages?
- Fall '19
- Virtual memory, Central processing unit