ISO/IEC 15408 - Common Criteria for Information Technology SecurityEvaluation. Technical Report CCIB-98-026, May 1998.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....components. In general, rapid production of software in a time to market driven economy discourages the application of these techniques. Two detrimental effects enabled by low We define COTS components to be either unevaluated by independent third parties, or evaluated below Class B2 EAL5. [13, 3] The evaluation classes below Class B2 and EAL5 do not require either substantial configuration management or code inspection for malicious artifacts during evaluation, and components in these classes are considered to be low assurance. 11] integrity production techniques are incorrect ....

....entry into the system. subversion. Various approaches exist for ensuring these characteristics. The primary approaches are (1) post development testing; 2) abstract process certification such as the Capability Maturity Model [2, 15] and ISO 9001 [1] and (3) rigorous engineering processes [3, 13]. There is ample evidence that testing alone is insufficient to ensure against malicious artifices [8] The abstract certification approaches are not specifictohigh assurance or high integrity (although they can be used to manage a rigorous engineering approach) so they are not discussed ....

ISO/IEC 15408 - Common Criteria for Information Technology Security Evaluation. Technical Report CCIB-98-026, May 1998.

....maximum transfer unit of packets. 4.4 Unmodified Pentiums: VMM Security Concerns To be a high assurance secure computing system, security policies are correctly enforced, even under hostile attack. Examples of such systems are at least TCSEC Class B2 or an equivalent level in the Common Criteria [1]. The systems protection mechanisms must be structured and well defined. When dealing with highly sensitive information, labels are needed to order information into equivalence classes. Also, for environments where users are also categorized into equivalence classes based on clearances or other ....

ISO/IEC 15408 - Common Criteria for Information Technology Security Evaluation. Technical Report CCIB-98-026, May 1998.

....an accomplice executing at a lower sensitivity level can locate and reveal the information. An effective approach to object reuse must be developed for systems enforcing either identitybased or label based policies. Both the Trusted Computer System Evaluation Criteria [19] and the Common Criteria [2] stipulate mechanisms to ensure that storage objects are voided prior to reuse. As part of the Naval Postgraduate School (NPS) Multilevel Secure Local Area Network (MLS LAN) project [16] we have investigated object reuse in client PCs which may be used by a sequence of users who may negotiate ....

ISO/IEC 15408 - Common Criteria for Information Technology Security Evaluation. Technical Report CCIB-98-026, May 1998.

No context found.

ISO/IEC 15408 - Common Criteria for Information Technology Security Evaluation. Technical Report CCIB-98-026, May 1998.

No context found.

ISO/IEC 15408 - Common Criteria for Information Technology SecurityEvaluation. Technical Report CCIB-98-026, May 1998.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC