Please enable JavaScript.
Coggle requires JavaScript to display documents.
Evaluation Model (Trusted Computer System Evaluation Criteria (TCSEC) (TCS…
Evaluation Model
Trusted Computer System Evaluation Criteria (TCSEC)
aka "Orange Book"
Storage/Retrieval of Classified
DoD Standard
TCS
Must meet certain criteria
Security Kernel in Ring 0
Implements the Reference Monitor
Ref Monitor lives at border of Kernel
Cannot be bypassed
Controls all access
Cannot be altered; protected from modification
Can be verified and testeda
Refers to security policy
Security Policy in Ring 0
Security Log
Categories
A Verified
A1: Highest level of security
B Mandatory
B1 Labeled
Classification
Categories
B2 Structured
Separate operator and administrator
Covert Channel Analysis
Covert Storage
Covert Timing
B3 Secure Domains
Separate operator, sys admin, and sec admin
Covert Timing Channels ID'ed and Analyzed
Introduced Trusted System Recovery Procedures
C Discretionary Access Control
C1 Discretionary Secure Protection
Only weak protection mehanisms
Introduces system auditing
C2 Contolled Access Protection
Strict logon / media cleansing
D failed
Sys failed to meet criteria
Protects Confidentiality
ISO 15408
The Common Criteria or "CC"
Protection Profile (PP)
Specific functional and assurance requirements
Applies to product categories rather than indiv. products
Target of Evaluation (TOE)
Specific product or system being evaluated
Security Target (ST)
Written by vendor or developer
explain functional and assurance specifications of product
how they meet CC or PP reqs
Evaluation Assurance Level (EAL)
Combined rating of functional and assurance evaluation
CC EAL Ratings
0
Inadequate assurance
1
Functionally tested
2
Structurally Tested
3
etc
4
5
6
7
Information Technology Evaluation Criteria (ITSEC)
Adds Integrity and Availabiltiy to confidentiality provided by TCSEC
Security Targets
Documented security features
Security Objectives
Why is functionality wanted?
Statements about sys environment
Assumptions
Security Functions (F)
What is actually done?
Rational for security functions
Require security mechanisms
Security Assurance (E)
How is it done?
Level of assurance required in TOE
Trusted Network Interpretation
aka "Red Book"
DoS Prevention
Communications Integrity
Compromise Protection
Certification and Accreditation
Certification
Performs an examination
Comprehensive evaluation of technical and nontechnical security features of IS
Accreditation
Official Management decision to operate system
Not permanent
Recertification and accreditation must occur
Anytime system changes occur
After defined period
Provide security level assurance