{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Processing is halted if component of system fails n

Info iconThis preview shows pages 5–8. Sign up to view the full content.

View Full Document Right Arrow Icon
– processing is halted if component of system fails n Fail Soft (resilient) – non critical processing is halted if component of system fails n Failover – switching to duplicate or “hot” backup n Cold Start – when the TCB and software may be inconsistent and outside intervention is required Assurance n Degree of confidence in satisfaction of security needs Evaluation Criteria n Trusted Computer Security Evaluation Criteria – (TCSEC) was developed in 1985 by National Computer Security Center (NCSC) TCSEC Provides the following: n Basis for establishing security requirements in the acquisition specifications n Standard of security services that should be provided by the vendor n Means to measure trustworthiness of an information system TCSEC is the Orange Book – part of rainbow series
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
n Basic control objectives of Orange Book: n Security Policy n Assurance n Accountability Orange Book Addresses : n Confidentiality n NOT Integrity n It looks specifically at the operating system and not other issues Levels D – Minimal Protection C – Discretionary Protection – (C1 and C2) B – Mandatory Protection – (B1, B2, and B3) A – Verified protection, formal methods (A1) Trusted Network Interpretation (TNI)– Red Book n Addresses confidentiality and integrity in trusted computer/communications network systems Trusted Database Management System Interpretation – (TDI) n Addresses trusted database management systems European Information Technology Security Evaluation Criteria (ITSEC) n Addresses confidentiality and integrity and availability n Target of Evaluation (TOE) – system to be evaluated n TOE must have a security target – including security enforcing mechanisms and security policy n Separately evaluates functionality and assurance n Ten Functionality Classes - F n Eight Assurance Levels - Q n Seven Levels of Correctness – E n Eight basic security functions n Listed as F-X, E European ITSEC TCSEC F-C1, E1 C1 F-C2, E2 C2 F-B1, E3 B1 F-B2, E4 B2 F-B3, E5 B3 F-B3, E6 A1 Other Classes of ITSEC address high integrity and high availability Common Criteria n TCSEC, ITSEC and Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) have evolved into one common criteria n Common Criteria defines Protection Profile that specifies the security requirements and protections of the product to be evaluated. n Organized around TCB entities n Physical and logical controls n Start up and recovery n Reference mediation n Privileged States Certification and Accreditation
Background image of page 6
n Formal methods to ensure that appropriate safeguards are in place and functioning per the specifications n Must be regularly checked after a defined period of time Certification – evaluation of technical and non-technical security features to establish how the design meets the security requirements Accreditation – A formal declaration by a Designated Approving Authority (DAA) where a system is approved to operate in a security mode US Defense and Government Accreditation and Certification Standards
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}