TCSEC

From Free net encyclopedia

The TCSEC was issued by the United States National Computer Security Center (NCSC, an arm of the NSA) as "Trusted Computer System Evaluation Criteria", DOD standard 5200.28-STD in December 1985 superseding CSC-STD-00l-83.

The TCSEC (frequently referred to as “The Orange Book”) is the centerpiece of the “Rainbow Series”. The TCSEC has largely been superseded by the Common Criteria with the security criteria evolving into PPs and assurances into EALs.


Contents

[edit]

The fundamental requirements of computer security

  • Policy
    • Security Policy - There must be an explicit and well-defined security policy enforced by the system.
    • Marking - Access control labels must be associated with objects.
  • Accountability
    • Identification - Individual subjects must be identified.
    • Accountability - Audit information must be selectively kept and protected so that actions affecting security can be traced to the responsible party.
  • Assurance
    • Assurance - The computer system must contain hardware/software mechanisms that can be independently evaluated to provide sufficient assurance that the system enforces requirements 1 through 4 above.
    • Continuous Protection - The trusted mechanisms that enforce these basic requirements must be continuously protected against tampering and/or unauthorized changes.


The TCSEC defines four divisions (D, C, B, A) in ascending hierarchical order which each division representing a significant difference in trust one can place on a so evaluated system. Additionally divisions B and C are broken into a series of hierarchical subdivisions called classes. Within each class the three aforementioned fundamental requirement sets are addressed with the addition of a Documentation set. This documentation set addresses the development, deployment, and management of the system rather than its capabilities.

[edit]

The divisions and classes

(Each class expands or modifies as indicated the requirements of the immediately prior class.)

  • D — Minimal Protection
    • Reserved for those systems that have been evaluated but that fail to meet the requirements for a higher evaluation class.
  • C — Discretionary Protection
    • C1 — Discretionary Security Protection
      • separation of users and data
      • DAC capable of enforcing access limitations on an individual basis
    • C2 — Controlled Access Protection
      • more finely grained DAC
      • individual accountability through login procedures
      • audit trails
      • resource isolation
  • B — Mandatory Protection
    • B1 — Labeled Security Protection
      • informal statement of the security policy model
      • data sensitivity labels
      • MAC over select subjects and objects
      • label exportation capabilities
      • all discovered flaws must be removed or otherwise mitigated
    • B2 — Structured Protection
      • clearly defined and documented formal security policy model
      • discretionary and mandatory access control enforcement be extended to all subjects and objects
      • covert storage channels are analyzed for occurrence and bandwidth
      • carefully structured into protection-critical and non-protection-critical elements
      • design and implementation enable more comprehensive testing and review
      • authentication mechanisms are strengthened
      • trusted facility management is provided administrator and operator segregation
      • strict configuration management controls are imposed
    • B3 — Security Domains
      • satisfies reference monitor requirements
      • structured to exclude code not essential to security policy enforcement
      • significant system engineering directed toward minimizing complexity
      • a security administrator is supported
      • audit security-relevant events
      • automated imminent intrusion detection, notification, and response
      • trusted system recovery procedures
      • covert timing channels are analyzed for occurrence and bandwidth
  • A — Verified Protection
    • A1 — Verified Design
      • functionally identical to B3
      • formal design and verification techniques including a formal top-level specification
      • formal management and distribution procedures
[edit]

Matching classes to environmental requirements

Army Regulation 380-19 is an example of a guide to determining which system class should be used in a given situation.

[edit]

See also

de:Trusted Computer System Evaluation Criteria fr:Trusted Computer System Evaluation Criteria

Retrieved from "http://www.netipedia.com/index.php/TCSEC"