National Computer Security Center, Trusted Computer System Evaluation Criteria. DOD 5200.28STD, National Computer Security Center, 9800 Savage Road, Fort George G. Meade, MD 207556000. 1985.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....In practice, a typical access matrix is large and sparse, and it is difficult to store, manage, and understand such a matrix directly. Therefore, various access control policies have been developed. Discretionary Access Control(DAC) In the Trusted Computer System Evaluation Criteria (TCSEC) [44], two types of access control policies are specified: discretionary access controls (DAC) and mandatory access controls (MAC) As defined in the TCSEC, DAC is A means of restricting access to objects based on the identity of subjects and or groups to which they belong. The controls are ....

National Computer Security Center, U.S. Department of Defense, Trusted Computer System Evaluation Criteria, DOD 5200.28-STD, 1985. http://csrc.nist.gov/publications/history/dod85.pdf

....USTAT, is discussed. Section V discusses both the benefits and costs associated with STAT, comparing its functionality to three comparable intrusion 1 In general, the term security relevant is left open to inte pretation. With respect to the Trusted Computer Systems Evaluation Criteria (TCSEC) [24], a security relevant event is defined as any event that attempts to change the security state of the system (e.g. changing the security level of a user or changing a user s password) detection tools that are presented in section II. Section VI discusses the future directions of this project. ....

National Computer Security Center, Trusted Computer System Evaluation Criteria, DoD, DoD 5200.28-STD, December 1985.

....of the 80x86 protection mechanisms and a penetration testing ef fort. Sections 5 and 6 review related work and discuss our plans. 2 Background A high assurance secure computing system (such as one intended to satisfy the requirements of the Trusted Computer System Evaluation Criteria (TC SEC) [Ncsc85] at B2 or above) nmst be able to enforce security policies correctly and reliably, even while under hostile attack. Future versions of the system developed in accordance with appropriate configuration management procedures nmst continue to enforce those policies reliably. Moreover, the protection ....

National Computer Security Center, Trusted Computer System Evaluation Criteria, DoD, DoD 5200.28-STD, December 1985.

....In practice, a typical access matrix is large and sparse, and it is difficult to store, manage, and understand such a matrix directly. Therefore, various access control policies have been developed. Discretionary Access Control(DAC) In the Trusted Computer System Evaluation Criteria (TCSEC) [44], two types of access control policies are specified: discretionary access controls (DAC) and mandatory access controls (MAC) As defined in the TCSEC, DAC is A means of restricting access to objects based on the identity of subjects and or groups to which they belong. The controls are ....

National Computer Security Center, U.S. Department of Defense, Trusted Computer System Evaluation Criteria, DOD 5200.28-STD, 1985. http://csrc.nist.gov/publications/history/dod85.pdf

.... with the operation of the system in its defined environment and the safeguards (countermeasures) used to counteract vulnerabilities System Security Requirements describes the security requirements mandated by the level of trust targeted for the system and the relevant standards and directives [6, 10, 34] System Test Plan presents a set of steps to prove satisfaction of each security requirement System Test Procedures presents a set of operational instructions to execute the steps identified in the test plan System Test Report presents the results of the execution of the test ....

....acks over L ACK 5.12: Show that Pump implementation implements algorithm 5.10: Base L ACK rate on moving average of past H ACK times slowing as buffer grows; service inputs over L MSG only after ack nak over L ACK DemonstratedBy Pump algorithm [28 Sec. 3. 5] Statemate specification [34] SatisfiedBy 5.13: Verify according to testability analysis DemonstratedBy Formal Verdi specification Test highly testable code Using EVES, prove lowly testable code 5.9: Slow arrival rate down to match H ACK rate as function of buffer length 5.7: Limit probability that Pump s ....

[Article contains additional citation context not shown here]

National Computer Security Center, Ft. Meade, MD. DoD 5200.28-STD, Trusted Computer System Evaluation Criteria, December 1985.

....weaknesses. ports the accreditation decision to allow the computer to process classified information in an operational environment. Trusted product evaluation is the computer security certification of the product against the criteria of the Trusted Computer System Evaluation Criteria (TCSEC) [1]. Trusted system certification 2 , on the other hand, comprises several technical and procedural certifications, including a technical computer security certification. The outcome of the trusted system certification influences the criteria for other certifications, such as administrative ....

....trusted systems. This paper proposes an informal but comprehensive approach that can be used by project managers, designers, and implementors of a system and can provide the accreditor with the risks of using the system. We want to clarify our use of the terms trusted product 2 In the TCSEC[1], this is called a certification evaluation. and trusted system. We have adopted the definitions of product and system from the European community s Information Technology Security Evaluation Criteria (ITSEC) 2] According to the ITSEC, a system is a specific installation with a particular ....

National Computer Security Center, Ft. Meade, MD, DoD 5200.28-STD, Trusted Computer System Evaluation Criteria, December 1985.

....as BSM. The BSM is designed to be compliant with the NCSC requirements for a system at the C2 classification, but at the time this document was prepared there was no information available about the evaluation of the BSM package. The criteria for the C2 classification are given in the Orange Book [Tcse85]. The BSM provides improved security features for the standard UNIX operating systems. The following add on features are part of the BSM: shadow password files, object reuse, device allocation deallocation and audit collection Shadow password files add further protection to encrypted passwords by ....

National Computer Security Center, Trusted Computer System Evaluation Criteria, DoD, DoD 5200.28-STD, Dec. 1985.

....and is unaware of the existence of clients at other sensitivity levels. 3.2. TCB Modularization and Minimization One of the key difficulties in building a high assurance X is to modularize and minimize the TCB to conform to the architectural requirements of for B3 evaluation under the TCSEC[NC 85]. The TX implementation addresses this requirement through the creation of a small number of trusted modules, each with limited functionality and a specific role in supporting the system operation. Modularization of the TX TCB takes two forms; at the architectural level, the system is divided into ....

National Computer Security Center, Trusted Computer Systems Evaluation Criteria, DoD 5200.28--STD, Fort Meade, MD, (December, 1985).

....an interdisciplinary approach and few research groups have both the breadth and depth of expertise necessary to conduct such investigation. It may also be because the traditional focus of research has primarily been in military systems computer security, which focuses on issues of confidentiality [22, 23]. Thus, there has been less support for research in the area of designing security tools and techniques for everyday use on commercial and educational computing platforms than on military systems. 2 COAST Goals and Recent Research The COAST (Computer Operations, Audit, and Security Technology) ....

National Computer Security Center. Trusted computer system evaluation criteria. Technical Report DoD 5200.28-STD, U.S. Department of Defense, 1985.

....techniques become available, conventional refinement techniques, such as those for CSP, can be used to develop secure systems. These techniques must be augmented with an analysis of information flows introduced during refinement, similar to to the covert channel analysis required by the TCSEC [19]. This analysis has yet to be performed for the ECA. 4. The choice of abstractions is critical to the coherence of the assurance argument. One of the biggest lessons that we learned about the overall ECA development process is that, with respect to independent system certification, coherence of ....

National Computer Security Center, Ft. Meade, MD. DoD 5200.28-STD, Trusted Computer System Evaluation Criteria, December 1985.

No context found.

National Computer Security Center, Trusted Computer System Evaluation Criteria. DOD 5200.28STD, National Computer Security Center, 9800 Savage Road, Fort George G. Meade, MD 207556000. 1985.

No context found.

National Computer Security Center, "Trusted Computer System Evaluation Criteria", DoD 5200.28-STD, CSC-STD-00183, NCSC, December 1985.

.... of the National Security Agency s Trusted Product Evalua tion Program (TPEP) The Trusted Product Evaluation Program was established to evaluate commercial products used in classified computing environments against the requirements defined within the Trusted Computer Systems Evaluation Criteria [Ncsc85]. A target assurance rating is assigned to a product under evaluation based on its security features, developmental controls, and the degree of analysis to which its security architecture is subjected. Because the preponderance of products in or being considered for TPEP evaluation use 80x86 ....

National Computer Security Center, Trusted Computer System Evaluation Criteria, DoD, DoD 5200.28-STD, December 1985.

....experience with standard architectures and formal methods. We found both of these approaches to be unsatisfactory solutions to our problem. The collected experience approach is best exemplified by the Department of Defense s Trusted Computing System Evaluation Criteria (the rainbow books ) [DoD83]. These documents represent years of experience with certain standard security architectures, all variations on the Trusted Computing Base model. But the Legion Security Model discards the notion that the operating system can be trusted, and therefore undermines the most basic assumptions ....

....those that could not. This decomposition would permit security verification to focus on only the TCB itself, and would allow users to develop application 8 software without concern that they (or other applications) might impact system security. The Trusted Computing System Evaluation Criteria [DoD83] (dubbed the rainbow books because of their many colored covers) represent years of collected experience and expertise with various instantiations of this model. This information ranged from practical, implementation level issues to formal models and their realization. The major risk areas were ....

[Article contains additional citation context not shown here]

National Computer Security Center, Ft. Meade, MD, DoD 5200.28-STD, Trusted Computer System Evaluation Criteria, December 1985.

....secure machines employed in military settings, including compartmented mode workstations. The results of this research is usually of little use in real world computing environments. This is because the traditional focus of such research has primarily been focused on issues of confidentiality [Nat85, Nat88] keeping information secret) rather than on related issues such as availability and integrity. 6 Thus, there has been little support for research in the area of designing security tools and techniques for everyday use on commercial and educational computing platforms. Furthermore, as ....

National Computer Security Center. Trusted computer system evaluation criteria. Technical Report DoD 5200.28-STD, U.S. Department of Defense, 1985.

....that paper was published security has changed greatly. The continuing increased reliance on networks and the World Wide Web has continued to change the focus of security from securing individual computers and operating systems to ensuring the connections between them. The demise of the Orange Book [Nat85] has left the security community without an overriding paradigm governing research and practice, and so the types of solutions proposed and implemented have become much more diverse. These new techniques have also tended to focus on more lightweight security devices rather than the traditional A1 ....

National Computer Security Center. Trusted Computer System Evaluation Criteria, December 26 1985. DoD 5200-STD.

No context found.

National Computer Security Center, Ft. Meade, MD. DoD 5200.28-STD, Trusted Computer System Evaluation Criteria, December 1985.

....sufficiently accurate physical simulation of the true, abstract machine. Edsger W. Dijkstra A Discipline of Programming 1976 1 Introduction A system must satisfy strict assurance requirements for successful evaluation at the B3 class of the Trusted Computer System Evaluation Criteria (TCSEC) [9]. Many of these requirements are essentially requirements on process or on documentation. Unlike many other areas, TCSEC requirements are a job of selling to an uncertain buyer: TCSEC evaluation is a matter of convincing a responsible team of evaluators that the system can be trusted to manage ....

....mapping between the TCB implementation and the DTLS. The TCB implementation (i.e. in hardware, firmware, and software) shall be informally shown to be consistent with the DTLS. The elements of the DTLS shall be shown, using informal techniques, to correspond to the elements of the TCB. [9] 4.1 Overview This section acts as a catalog of tools and techniques for performing the mapping. It covers a variety of techniques that are useful in achieving the goal of demonstrating that the code of the system TCB performs exactly and only the functions required by the DTLS. The purpose of ....

National Computer Security Center, Ft. Meade, MD. DoD 5200.28-STD, Trusted Computer System Evaluation Criteria, December 1985.

....One can then make the inference that F 21A s are based at Tinian. A non military example is the ability to infer that a patient has a particular disease based on knowledge of the treatment that is being applied. With the publication of the Trusted Database Interpretation of DoD 5200.28 STD (National Computer Security Center, 1985)(National Computer Security Center, 1991) a major step has been taken to provide protection for large amounts of data stored in databases. While the ability to provide discretionary and mandatory access control (at least at the higher evaluation levels) is an important step forward in providing ....

....F 21A s are based at Tinian. A non military example is the ability to infer that a patient has a particular disease based on knowledge of the treatment that is being applied. With the publication of the Trusted Database Interpretation of DoD 5200.28 STD (National Computer Security Center, 1985) National Computer Security Center, 1991) a major step has been taken to provide protection for large amounts of data stored in databases. While the ability to provide discretionary and mandatory access control (at least at the higher evaluation levels) is an important step forward in providing protection for the database, it is ....

National Computer Security Center (1985). Trusted Computer System Evaluation Criteria. Unitd States Department of Defense. DoD 5200.28.STD.

....literature on Windows NT or its security design. However, there is one evaluation performed by the NSA, and the corresponding report has been issued by the National Computer Security Center (NCSC) 12] The evaluation is mostly based on the design of the system as defined in the Orange Book [18]. We have, on the other hand, studied the operational security of Windows NT using penetration experiments. These may reveal vulnerabilities in the design, implementation as well as in the installation. Other penetration experiments have been carried out at the Department of Computer Engineering ....

Trusted Computer System Evaluation Criteria (Orange Book). National Computer Security Center, Department of Defense, No DOD 5200.28.STD, 1985.

....secure machines employed in military settings, including compartmented mode workstations. The results of this research is usually of little use in real world computing environments. This is because the traditional focus of such research has primarily been focused on issues of confidentiality [28, 29] (keeping information secret) rather than on related issues such as availability and integrity. 9 Thus, there has been little support for research in the area of designing security tools and techniques for everyday use on commercial and educational computing platforms. Furthermore, as more ....

National Computer Security Center. Trusted computer system evaluation criteria. Technical Report DoD 5200.28-STD, U.S. Department of Defense, 1985.

....convinced industry that there is a real need for computer security products. Industry responded with the development of new products that are beginning to populate the Evaluated Products List (EPL) especially at the lower trust classes of the Trusted Computer System Evaluation Criteria (TCSEC) [1]. Widely publicized penetrations of Government computers also encouraged widespread interest in computer security. The computer security community is challenged to produce systems that pro Presented at MILCOM 92, San Diego CA, October 1992 tect classified information, that satisfy critical ....

National Computer Security Center, Ft. Meade, MD, DoD 5200.28-STD, Trusted Computer System Evaluation Criteria, December 1985.

....Control System, allowing a problem detected in the formal verificatio o be corrected in the SACS implementation. 2.6. Security Policy Generally accepted practice for developing trusted systems requires the statement of a security f policy that describes the security properties of the system [NSA, 1985; Tavilla, 1986; Bell, 1988] A ormal model defining the meaning of the security policy in terms of mathematical logic can then be e r constructed. Confidence is gained in the security of the system by showing that it implements th equirements of the model. When a formal top level specification of ....

NSA [1985] National Security Agency, Trusted Computer System Evaluation Criteria," Dod 5200.28N STD.

No context found.

Trusted Computer System Evaluation Criteria (DoD 5200.28-STD) National Computer Security Center, 26 December 1985.

No context found.

Trusted Computer System Evaluation Criteria (Rainbow Series: Orange Book), US Department of Defense, DOD-5200.28-STD

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC