THE ORANGE BOOK Ravi Sandhu

Slides:



Advertisements
Similar presentations
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
Advertisements

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA.
INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.
THE ORANGE BOOK Ravi Sandhu ORANGE BOOK CLASSES A1Verified Design B3Security Domains B2Structured Protection B1Labeled Security Protection.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
Inside the Orange Book SYCS 653 Fall 2010 Lecture 12 Notes Wayne Patterson.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #18-1 Chapter 18: Evaluating Systems Goals Trusted Computer System Evaluation.
4/28/20151 Computer Security Security Evaluation.
CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.
CS526Topic 22: TCSEC and Common Criteria 1 Information Security CS 526 Topic 22: TCSEC and Common Criteria.
Chapter 6 Security Kernels.
1 The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It? Ravi Sandhu Executive Director and Endowed Professor February 21,
Secure Operating Systems Lesson 10: SCOMP. Where are we?  Multics is busy being explored, which is kind of cool…  But Multics wasn’t the end of custom.
Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.
Secure Operating Systems Lesson 0x11h: Systems Assurance.
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Information Systems Security Security Architecture Domain #5.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Principles of Information System Security: Text and Cases
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 20 October 28, 2004.
Evaluating Systems Information Assurance Fall 2010.
ISA 562 Internet Security Theory & Practice
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.
CSCE 727 Awareness and Training Secure System Development and Monitoring.
Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.
Additional Security Tools Lesson 15. Skills Matrix.
Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.
Security Administration II Trusted Systems Social Context.
Chapter 7 Securing Commercial Operating Systems. Chapter Overview Retrofitting Security into a Commercial OS History of Retrofitting Commercial OS's Commercial.
Software Production Chapter 2: Identifying Software Development Activities.
Trusted OS Design and Evaluation CS432 - Security in Computing Copyright © 2005, 2010 by Scott Orr and the Trustees of Indiana University.
Domain 6 Security Architecture and Models Domain Objective The objective of this domain is to understand: security models in terms of confidentiality,
CSCE 548 Secure Software Development Security Operations.
ISA 400 Management of Information Security
Trusted Operating Systems
Archictecture for MultiLevel Database Systems Jeevandeep Samanta.
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
Chapter 19: Building Systems with Assurance Dr. Wayne Summers Department of Computer Science Columbus State University
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
Dr. Jeff Teo Class 4 July 2, Deliverables Lecture on Trusted Computing: Evolution and Direction Review of students’ blogs and assignments Summarize.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
Chapter 8: Principles of Security Models, Design, and Capabilities
Design and Implementation MAC in Security Operating System CAI Yi, ZHENG Zhi-rong, SHEN Chang-xiang Presented By, Venkateshwarlu Jangili. 1.
Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK
CSCE 727 Awareness and Training Secure System Development and Monitoring.
Chap5: Designing Trusted Operating Systems.  What makes an operating system “secure”? Or “trustworthy”?  How are trusted systems designed, and which.
Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 5: Security Architecture and Models.
1 Security Architecture and Designs  Security Architecture Description and benefits  Definition of Trusted Computing Base (TCB)  System level and Enterprise.
CSCE 548 Secure System Standards Risk Management.
Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.
TCSEC: The Orange Book.
Access Control Model SAM-5.
Seog Park Sogang University
Official levels of Computer Security
Chapter 19: Building Systems with Assurance
Security Modeling Jagdish S. Gangolly School of Business
Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)
Module 2 OBJECTIVE 14: Compare various security mechanisms.
Application-Centric Security
Institute for Cyber Security
Presentation transcript:

THE ORANGE BOOK Ravi Sandhu

ORANGE BOOK CLASSES HIGH SECURITY A1 Verified Design B3 Security Domains B2 Structured Protection B1 Labeled Security Protection C2 Controlled Access Protection C1 Discretionary Security Protection Minimal Protection NO SECURITY

ORANGE BOOK CRITERIA SECURITY POLICY ACCOUNTABILITY ASSURANCE DOCUMENTATION

SECURITY POLICY C1 C2 B1 B2 B3 A1 Discretionary Access Control + + nc nc + nc Object Reuse 0 + nc nc nc nc Labels 0 0 + + nc nc Label Integrity 0 0 + nc nc nc Exportation of Labeled Information 0 0 + nc nc nc Labeling Human-Readable Output 0 0 + nc nc nc Mandatory Access Control 0 0 + + nc nc Subject Sensitivity Labels 0 0 0 + nc nc Device Labels 0 0 0 + nc nc no requirement added requirement nc no change

ACCOUNTABILITY C1 C2 B1 B2 B3 A1 Identification and Authentication + + + nc nc nc Audit 0 + + + + nc Trusted Path 0 0 0 + + nc no requirement added requirement nc no change

ASSURANCE C1 C2 B1 B2 B3 A1 System Architecture + + + + + nc System Integrity + nc nc nc nc nc Security Testing + + + + + + Design Specification and Verification 0 0 + + + + Covert Channel Analysis 0 0 0 + + + Trusted Facility Management 0 0 0 + + nc Configuration Management 0 0 0 + nc + Trusted Recovery 0 0 0 0 + nc Trusted Distribution 0 0 0 0 0 + no requirement added requirement nc no change

DOCUMENTATION C1 C2 B1 B2 B3 A1 Security Features User's Guide + nc nc nc nc nc Trusted Facility Manual + + + + + nc Test Documentation + nc nc + nc + Design Documentation + nc + + + + no requirement added requirement nc no change

COVERT CHANNEL ANALYSIS B1 No requirement B2 Covert storage channels B3 Covert channels (i.e. storage and timing channels) A1 Formal methods

SYSTEM ARCHITECTURE C1 The TCB shall maintain a domain for its own execution that protects it from tampering C2 The TCB shall isolate the resources to be protected B1 The TCB shall maintain process isolation B2 The TCB shall be internally structured into well-defined largely independent modules B3 The TCB shall incorporate significant use of layering, abstraction and data hiding A1 No change

DESIGN SPECIFICATION AND VERIFICATION C2 No requirement B1 Informal or formal model of the security policy B2 Formal model of the security policy that is proven consistent with its axioms DTLS (descriptive top-level specification) of the TCB B3 A convincing argument shall be given that the DTLS is consistent with the model A1 FTLS (formal top-level specification) of the TCB A combination of formal and informal techniques shall be used to show that the FTLS is consistent with the model A convincing argument shall be given that the DTLS is consistent with the model

ORANGE BOOK CLASSES UNOFFICIAL VIEW C1, C2 Simple enhancement of existing systems. No breakage of applications B1 Relatively simple enhancement of existing systems. Will break some applications. B2 Relatively major enhancement of existing systems. Will break many applications. B3 Failed A1 A1 Top down design and implementation of a new system from scratch

NCSC RAINBOW SERIES SELECTED TITLES Orange Trusted Computer System Evaluation Criteria Yellow Guidance for Applying the Orange Book Red Trusted Network Interpretation Lavender Trusted Database Interpretation

ORANGE BOOK CRITICISMS Mixes various levels of abstraction in a single document Does not address integrity of data Combines functionality and assurance in a single linear rating scale

FUNCTIONALITY VS ASSURANCE functionality is multi-dimensional assurance has a linear progression