Processing is halted if component of system fails n

Info icon This preview shows pages 5–8. Sign up to view the full content.

View Full Document Right Arrow Icon
– processing is halted if component of system fails n Fail Soft (resilient) – non critical processing is halted if component of system fails n Failover – switching to duplicate or “hot” backup n Cold Start – when the TCB and software may be inconsistent and outside intervention is required Assurance n Degree of confidence in satisfaction of security needs Evaluation Criteria n Trusted Computer Security Evaluation Criteria – (TCSEC) was developed in 1985 by National Computer Security Center (NCSC) TCSEC Provides the following: n Basis for establishing security requirements in the acquisition specifications n Standard of security services that should be provided by the vendor n Means to measure trustworthiness of an information system TCSEC is the Orange Book – part of rainbow series
Image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
n Basic control objectives of Orange Book: n Security Policy n Assurance n Accountability Orange Book Addresses : n Confidentiality n NOT Integrity n It looks specifically at the operating system and not other issues Levels D – Minimal Protection C – Discretionary Protection – (C1 and C2) B – Mandatory Protection – (B1, B2, and B3) A – Verified protection, formal methods (A1) Trusted Network Interpretation (TNI)– Red Book n Addresses confidentiality and integrity in trusted computer/communications network systems Trusted Database Management System Interpretation – (TDI) n Addresses trusted database management systems European Information Technology Security Evaluation Criteria (ITSEC) n Addresses confidentiality and integrity and availability n Target of Evaluation (TOE) – system to be evaluated n TOE must have a security target – including security enforcing mechanisms and security policy n Separately evaluates functionality and assurance n Ten Functionality Classes - F n Eight Assurance Levels - Q n Seven Levels of Correctness – E n Eight basic security functions n Listed as F-X, E European ITSEC TCSEC F-C1, E1 C1 F-C2, E2 C2 F-B1, E3 B1 F-B2, E4 B2 F-B3, E5 B3 F-B3, E6 A1 Other Classes of ITSEC address high integrity and high availability Common Criteria n TCSEC, ITSEC and Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) have evolved into one common criteria n Common Criteria defines Protection Profile that specifies the security requirements and protections of the product to be evaluated. n Organized around TCB entities n Physical and logical controls n Start up and recovery n Reference mediation n Privileged States Certification and Accreditation
Image of page 6
n Formal methods to ensure that appropriate safeguards are in place and functioning per the specifications n Must be regularly checked after a defined period of time Certification – evaluation of technical and non-technical security features to establish how the design meets the security requirements Accreditation – A formal declaration by a Designated Approving Authority (DAA) where a system is approved to operate in a security mode US Defense and Government Accreditation and Certification Standards
Image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern