Notes 20110328 CIS 6650 Computer Security - Matthew

From SnOwy - Ed's Wiki Notebook

TCSEC

• difference between different level of security
• we need a common language ...
  • measurement -- degree of trust, "more secure"?
  • guidance -- manufacturers
  • acquisition
• trusted computer system evaluation criteria (TCSEC)
  • "The Orange Book"
• DoD standard
• obsoleted by the Common Criteria (2005)
• Orange Book -- too abstract, not enough detail
  • rainbow series
  • more than 35 books
  • Red: Network
  • Lavender: Database
  • Green: Passwords
• Orange Book
  • Secure system vs trusted system
• Security policy
  • protect, manage, distribute information
  • subjects -- users, programs
  • objects -- files, sockets
• labels
  • integrity, sensitivity, {export, devices}
• ...