Department of Defense. Trusted Computer System Evaluation Criteria (TCSEC), December 1985.  Home/Search   Document Not in Database   Summary   Related Articles   Check

.... of information assurance (IA) as follows: 1 First generation IA technologies sought to provide protection, i.e. preventing an attacker from getting through a boundary estab 4 Figure 1 Information Assurance Technology Generations lished to insulate applications from malicious behavior [1, 29, 27]. Despite significant e#ort and progress in mechanisms for protection, however, intrusions still occur. 2 Second generation IA technologies focused on intrusion detection, attempting to identify successful intrusions and alert system administrators to remedy the situation [9, 15, 10] Evaluations ....

US Department of Defense. Trusted Computer System Evaluation Criteria (Orange Book), December 1985. DoD 5200.28-STD.

....the above mentioned message rate of 630 messages second and a message size of 40 bytes we have a time window of 110 hours using a 10 GBytes disk. Under normal operation the time window is much larger, because the message rate is well below its maximum. Trusted path. According to the Orange Book [21] a trusted path is the path from the user to the TCB. Depending on the user interface the TCB must include the window manager or the console driver. Recent literature generalizes the notion of a trusted path to any communication mechanism within the system. To trust a communication path it is ....

Department of Defense. Trusted computer system evaluation criteria (Orange Book). DOD 5200.28-STD, Dec. 1985.

....trustworthy that other machines that might be available. Because users neither can encrypt nor decrypt without assistance, it is necessary to trust some part(s) of a system in order to interact securely with others. The part(s) one chooses to trust becomes the Trusted Computing Base, or just TCB [35]. A somewhat imprecise description of what a TCB is can be those components that can betray the user, without the user noticing before it is too late [85] It is important to know exactly what constitutes the TCB, as elements outside of 1.1 Problem statement 9 it normally can not inflict as ....

DEPARTMENT OF DEFENSE. DoD 5200.28-STD: Department of defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC), 1985.

....portals (Sec. 2.2) The microkernel runs without any protection and therefore must be trusted. Furthermore, a few Java components must also be trusted: the code verifier, the code translator, and some hardware dependent components (Sec. 2. 7) These elements are the minimal trusted computing base [19] of our architecture. 2.1 Domains The unit of protection and resource management is called a domain. All domains, except DomainZero, contain 100 Java code. DomainZero contains all the native code of the JX microkernel. It is the only domain that can not be terminated. There are two ways how ....

Department of Defense. Trusted computer system evaluation criteria (Orange Book). DOD 5200.28-STD, Dec. 1985.

....Lack of standards (or ignorance of standards) may also posses a serious problem. Two similar biometric systems from two di#erent vendors are not likely to interoperate at present. 4. Possible classification of biometric systems Classifications help to compare systems. The famous Orange Book [2] divided systems into four categories (A D) with additional subcategories. All the security features (such as access control or auditing) get attention. The higher security level the more sophisticated protection is required. But the higher levels also have more stringent assurance ....

Department of Defense (1985). Trusted Computer System Evaluation Criteria.

....the problem. One approach, which sets its goal at attack prevention, defines security policies identifying what needs protection and then attempts to implement that protection in hardware and software. This approach has lead to the development of what is known as a trusted comput ing base (TCB)[16]. Another approach, which is primarily concerned about attack detection and situational awareness, has lead to the development of various intrusion detection systems (IDS) Neither of these approaches is perfect. The TCB is trusted not to violate the security policy itself, and, in most systems, ....

US Department of Defense. Trusted Computer System Evaluation Criteria (Orange Book), 1985. DoD 5200.28-STD.

....with the problem. One approach, which sets its goal at attack prevention, defines security policies identifying what needs protection and then attempts to implement that protection in hardware and software. This approach has lead to the development of what is known as a trusted computing base (TCB)[13]. Another approach, which is primarily concerned about attack detection and situational awareness, has lead to the development of various intrusion detection systems (IDS) Neither of these approaches is perfect. The TCB is trusted not to violate the security policy itself, and, in most systems, ....

US Department of Defense. Trusted Computer System Evaluation Criteria (Orange Book), 1985. DoD 5200.28-STD.

....more importantly the meaning of its contents, before the data can be used for detecting system misuse. Some data sources that are usually available on UNIX systems are the syslog facility, the user login logout records (wtmp) network packet traces, and a kernel system call audit trail facility [44]. Different versions and implementations of UNIX may have additional sources of data such as process accounting or quota systems. 2.1 The syslog facility as an IDS data source The syslog facility provides a mechanism to transmit text messages to a system configured location (terminal, line ....

....implementation focussed on local host data sources. 2.4 Kernel audit data A more comprehensive and reliable data source is kernel audit data. Most modern operating systems provide a system call level logging facility (often in order to comply with the U. S. Government s requirements for auditing [44, 45]) Unfortunately, when these audit systems were implemented, interacting with intrusion detection systems was not a concern for the vendors. Price s analysis of the audit subsystems present in a variety of UNIX platforms indicated that there were major shortcomings in almost all kernel audit ....

U.S. Department of Defense. Trusted Computer Systems Evaluation Criteria. Technical Report CSC-STD-001-83, DoD Computer Security Center, Fort Meade, MD, August 1983.

....contrasts them to related work, and mentions future research topics. 2 Background 2. 1 Multilevel security Multilevel security has a long tradition in military environments and is an important requirement in the TCSEC (Trusted Computer System Evaluation Criteria) for the A and B security classes [24]. Subjects and objects of a system are assigned security classes (e.g. high and low ) with a specific order (high low) A well known MLS model is the Bell LaPadula model [4] republished in [3] The two most prominent rules are No read up and No write down which state that a low level ....

Department of Defense. Trusted Computer System Evaluation Criteria. National Security Center, Dec. 1985. DoD 5200.28-STD.

....users, this level of policy will be responsible for restricting access to memory, disks and the network to enforce this policy. This level of policy is usually enforced by the kernel on each Information Appliance 1.2. 3 Mechanisms Most secure operating systems rely on a trusted code base (TCB) [23]: a code base that is completely trusted and responsible for enforcing a given security policy. This approach, when implemented on a single processor, received substantial criticism by Proctor[58] who argues that a cost effective TCB without covert channels does not exist. Sterne and Benson [76] ....

Department of Defense. DoD 5200.28-STD: Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC), 1985.

....Metrology and the Monty Hall Problem Bennet S. Yee April 2, 2001 Abstract Evaluating computing systems and classifying them by the security properties they provide is not new [13, 14]. Other researchers [8, 9] have pointed out the diculty of evaluating security and the apparent binary nature of security given discoveries of system vulnerability. Here, I compare the role of security evaluations with that of cryptographic security parameters, and relate the diculty of arriving ....

....Before we try to gure out what new security ratings might mean and how to use security ratings, we should look at some existing systems of security ratings. Here, we look at two important security evaluation standards: Trusted Computer System Evaluation Criteria ( Orange Book ) ratings [13] and Security Requirements for Cryptographic Modules (FIPS 140 1) 14] The Common Criteria [7] does not mandate security requirements per se, but attempts to standardize the process of evaluating the evidence supporting security claims. It is largely orthogonal to the subject of security metrics ....

[Article contains additional citation context not shown here]

U. S. Department of Defense, Computer Security Center. Trusted computer system evaluation criteria, December 1985.

....native code (Sec. 2.5) A domain can communicate with another domain by using portals (Sec. 2.3) The protection of the architecture is solely based upon the JX core, the code verifier, the code translator, and hardware dependent components (Sec. 3) These elements are the trusted computing base [7] of our architecture. 2.1 Domains A domain is the unit of protection, resource management, and typing. Protection. Components in one domain trust each other. One of our aims is code reusability between different system configurations. A component should be able to run in a separate domain, but ....

Department of Defense. Trusted computer system evaluation criteria. DOD Standard 5200.28, Dec. 1985

....level of trust. 1.1 Evaluation Process Overview The Department of Defense Computer Security Center was established within the NSA in January 1981 to encourage the widespread availability of trusted computer systems for use by facilities processing classified or other sensitive information. In August 1985, the name of the organization was changed to the National Computer Security Center (NCSC) The Trusted Computer System Evaluation Criteria (TCSEC) was written in order to assist in assessing the degree of trust one places in a given computer system. The TCSEC states the specific requirements a ....

U.S. Department of Defense, Trusted Computer System Evaluation Criteria, DOD5200.28-STD. Washington, December 1985.

....dynamically added to the kernel. Modules then export an interface that can be called by users. Such systems rely on safe languages (e.g. Modula 3 [19] compile time analysis and dynamic reference checks for safety. Prominent examples include SPIN [3] and VINO [22] Providing a trusted path [24, 17] mechanism, such as a protected procedure call [8] or IPC. Extensions execute as user tasks, using the standard system protection mechanisms for safety. Clients invoke extensions via the trusted path. For example, Amoeba [18] used a client server model with an IPC based trusted path. An ....

US Department of Defence. Trusted Computer System Evaluation Criteria, 1986. DoD 5200.28-STD.

....to run a policy server on a MLS platform If an organization does not have to run the policy server on a MLS platform, it may save hardware and maintenance costs. We believe the policy server can be run on a singlelevel platform with modest trust. This trust is a little different from the TCSEC [1] multilevel trust in the sense that a designer does not have to worry about covert channels and so on. The reasons for single level platform are as follows: Since policy servers are not actually located at classification boundaries, MLS platforms do not add any additional value over ....

Department of Defense, "Trusted computer system evaluation criteria," DoD5200.28-STD, 1985.

.... and software fault tolerance have the common goal to provide reliable software for computer systems [Tur86, Dob86] A special concern is malicious logic, which is defined as: Hardware, software, or firmware that is intentionally included in a system for the purpose of causing loss or harm [DOD85]. The loss or harm here is experienced by the user, since either incorrect service, or no service at all is delivered. Examples of malicious logic are Trojan horses, trap doors, and computer viruses. The deliberate nature of these threats leads us to classify malicious logic as deliberate design ....

U. S. Department of Defense. Trusted Computer System Evaluation Criteria. DoD Doc. 5200.28-STD. December 1985.

No context found.

Department of Defense, Trusted Computer System Evaluation Criteria, DoD 5200.28-STD, December 1985.

No context found.

Department of Defense. Trusted Computer System Evaluation Criteria (TCSEC), December 1985.

No context found.

U.S. Department of Defense. Trusted computer systems evaluation criteria, August 1983.

No context found.

Department of Defense. Trusted Computer System Evaluation Criteria (Orange Book). Technical Report DoD 5200.28-STD, Department of Defense, Dec. 1985.

No context found.

Department of Defense, Trusted Computer System Evaluation Criteria, DOD 5200.28-STD, December 1985.

No context found.

U.S. Department of Defense Computer Security Center. Trusted Computer System Evaluation Criteria (The Orange Book), Dec. 1985.

No context found.

U.S. Department of Defense. Trusted Computer System Evaluation Criteria, Dec. 1985. DoD 5200.28-STD.

No context found.

U.S. Department of Defense, Trusted Computer Systems Evaluation Criteria, DOD 5200.28--STD, Dec. 1985.

No context found.

U.S. Department of Defense, DoD 5200.28-STD: Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC), 1985.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC