Blakley, B., and D. Kienzle, "Some Weaknesses of the TCB Model," Proceedings of the 1997 IEEE Symposium on Security and Privacy, Oakland, California, October 1997, pp.3-5.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....vocabulary. But there are indications that the TCB model is losing its appeal. At a recent debate at the Security and Privacy Forum, almost half of the audience agreed with Wulf s assertion that the TCB is fundamentally flawed and should no longer be used to justify security architectures [Wul95, BK97]. Even the sponsors of the rainbow books have moved away from the TCB in their endorsement of the Common Criteria [CC96] The latter are not architecturally specific, but rather provide guidelines for the construction of architecturally specific evaluation criteria. Instead of providing absolute ....

Blakley, B., and D. Kienzle, "Some Weaknesses of the TCB Model," Proceedings of the 1997 IEEE Symposium on Security and Privacy, Oakland, California, October 1997, pp.3-5.

....COTS components whose potential accesses are articulated as a flow policy. It is not necessary for these components to have an explicit access control mechanism; the flow policy represents the access limitations that we believe the software effectively upholds. Thus, in the sense of [1], every component in the system can be regarded as contributing to the overall trusted computing base. In our framework we can distinguish the merit of each component s contribution. This gives rise to a paradigm for analyzing security of secure non secure components: 1. Identify suitable ....

B Blakley and D.M. Kienzle. Some weaknesses of the TCB model. In IEEE Symposium on Security and Privacy. IEEE CS Press, May 1997.

....the IEEE Symposium on Security and Privacy held a debate concerning the effectiveness of the Reference Monitor Concept in modern system development environments. The contest was won, by a large margin by those claiming that this abstraction continues to be an effective model for secure systems [15, 3, 20]. The Reference Monitor Concept as a Unifying Principle in Computer Security Education 3 Monitor Concept The answer is simple. It is a paradigm that we know works. Is an educational program based upon the Reference Monitor Concept relevant One might argue that market factors in computing ....

Blakley, B., and Kienzle, D. M. Some Weaknesses of the TCB Model. In Proceedings of the IEEE Symposium on Security and Privacy, pp 3-5, Oakland, CA, May 1997, IEEE Computer Society Press.

....com 2 mercial OS vendors to choose to not use TCB ideas, or at best pay lip service to them by deploying trusted systems that are too large to formally verify. This has generated enough controversy to be the subject of a formal debate at the 1997 IEEE Symposium on Security and Privacy [ 2, 14,19]. If formal verification is not feasible, developers that care somewhat about security strive to minimize security bugs with a variety of debugging and bug minimization techniques, such as strict coding practices, red teaming, and fault injection. Resorting to debugging techniques does not ....

B. Blakley and D.M. Kienzle. Some Weaknesses of the TCB Model. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 1997.

....made by a central authority called reference monitor. The idea is that access requests go through a trusted system component that decides if they should be allowed. The authority can, for example, be an operating system or a database manager. The reference monitor concept cannot easily be adapted [20, 7, 25] to the highly distributed systems built around today s data communications networks [16, 26] In the network, a virtually unlimited number of local authorities can set up and administer access to their own resources. Furthermore, from each host s viewpoint, the network can be divided into areas ....

B. Blakley and D. M. Kienzle. Some weaknesses of the TCB model. In Proc. 1997 IEEE Symposium on Security and Privacy, pages 35, Oakland, CA, May 1997. IEEE Computer Society Press.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC