Trusted Computer Systems

Trusted Computer Systems

Information system security is the application of managerial and administrative procedures and technical and physical safeguards to ensure not only the confidentiality, integrity and availability of information which is processed by an information system, but also of the information system itself, together with its environment. Such procedures and safeguards not only need to deter and delay improper access to information systems, they must also ensure that any improper access is detected; that is, individuals have to be made accountable for their actions. [Secman 3 - 103]

Evaluation Concepts and Relationships

Types of Secure Computing Systems

Evaluation Process

Risk Analysis and Selection of Mode of Operation

Rating           Info Sensitivity                          User Clearance                 
0                Unclassified                              Uncleared                      
1                Restricted                                Restricted                     
2                Restricted (categories) Confidential      Confidential                   
3                Confidential (categories) Secret          Secret                         
4                Secret (1+ categories)                    Top Secret                     
5                Secret (2+ categories) Top Secret         Top Secret                     
6                Top Secret (1+ categories)                Top Secret - 1 category        
7                Top Secret (2+ categories)                Top Secret - many categories   

Risk       Security Mode                   Min Class Open Env   Min Class Closed     
Index                                                           Env                  
0          dedicated                       none                 none                 
0          system high                     C2                   C2                   
1          limited access, controlled,     B1                   B1                   
           compartmented, multi-level                                                
2          limited access, controlled,     B2                   B2                   
           compartmented, multi-level                                                
3          controlled,       multi-level   B3                   B3                   
4          multi-level                     A1                   B3                   
5          multi-level                     beyond A1            A1                   
>=6        multi-level                     beyond A1            beyond A1            

Phases in Security Evaluation

Defining Security Requirements
Threat Analysis
Theoretical Evaluation
Practical Testing
Examination of the Source Code
Penetration

TCSEC standard

       Class                             Description                      
         D           Minimal Protection                                   
        C1           Discretionary Security Protection                    
        C2           Controlled Access Protection                         
        B1           Labelled Security Protection                         
        B2           Structured Protection                                
        B3           Security Domains                                     
        A1           Verified Design                                      

ITSEC standard

Assurance

Functionality

Common Criteria

Functional Class Set

Assurance Levels

AL0
unassured
AL1
tested
AL2
structurally tested
AL3
methodically tested & checked
AL4
methodically tested & reviewed
AL5
semiformal design
AL6
semiformal verified design
AL7
formally verified design

SECMAN standards


[1] follow with Ward, MInfSci 91 thesis - Fig 7 p39
[2] follow with Ward, MInfSci 91 thesis - Table 3 p41
[CSC Info]
Lawrie.Brown@adfa.oz.au / 31-May-96