Presentation is loading. Please wait.

Presentation is loading. Please wait.

S.S. Yau CSE465-591 Fall 2006 1 Classified Systems.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "S.S. Yau CSE465-591 Fall 2006 1 Classified Systems."— Presentation transcript:

1 S.S. Yau CSE465-591 Fall 2006 1 Classified Systems

2 S.S. Yau 2CSE465-591 Fall 2006 Classified Systems Early 1980s: DoD is concerned about the confidentiality of classified information on computers with multiple users (time sharing systems) Early 1980s: DoD is concerned about the confidentiality of classified information on computers with multiple users (time sharing systems) Mid 80s to mid 90s: Mid 80s to mid 90s: The Orange Book (or TCSEC): standard reference for computer security for DoD The Orange Book (or TCSEC): standard reference for computer security for DoD The Red Book: covering Trusted Network Interpretation (TNI) of the Orange Book The Red Book: covering Trusted Network Interpretation (TNI) of the Orange Book The whole “rainbow series” The whole “rainbow series” http://www.iwar.org.uk/comsec/resources/standards/rai nbow/rainbow.html http://www.iwar.org.uk/comsec/resources/standards/rai nbow/rainbow.html http://www.iwar.org.uk/comsec/resources/standards/rai nbow/rainbow.html http://www.iwar.org.uk/comsec/resources/standards/rai nbow/rainbow.html

3 S.S. Yau 3CSE465-591 Fall 2006 DoD Classification Scheme Data classification based on need for confidentiality Data classification based on need for confidentiality Levels based on potential damage if compromised, and defines treatment rules Levels based on potential damage if compromised, and defines treatment rules Top secret Top secret Secret Secret Confidential Confidential Unclassified Unclassified Unclassified includes Unclassified includes Sensitive But Unclassified (SBU); e. g., medical, salary, performance review data Sensitive But Unclassified (SBU); e. g., medical, salary, performance review data For Official Use Only (FOUO). Not subject to release under the Freedom of Information Act (FOIA). May include company proprietary information. For Official Use Only (FOUO). Not subject to release under the Freedom of Information Act (FOIA). May include company proprietary information.

4 S.S. Yau 4CSE465-591 Fall 2006 Classified Information Management Accountability for classified data Accountability for classified data Declassification/Downgrade Declassification/Downgrade Sanitization/Purging Sanitization/Purging Destruction Destruction

5 S.S. Yau 5CSE465-591 Fall 2006 References M. Merkow, J. Breithaupt, Information Security: Principles and Practices, Prentice Hall, August 2005, ISBN 0131547291 M. Merkow, J. Breithaupt, Information Security: Principles and Practices, Prentice Hall, August 2005, ISBN 0131547291 Matt Bishop, Introduction to Computer Security, Addison-Wesley, 2004, ISBN: 0321247442 Matt Bishop, Introduction to Computer Security, Addison-Wesley, 2004, ISBN: 0321247442 Matt Bishop, Computer Security: Art and Science, Addison- Wesley, 2002, ISBN: 0201440997 Matt Bishop, Computer Security: Art and Science, Addison- Wesley, 2002, ISBN: 0201440997

Download ppt "S.S. Yau CSE465-591 Fall 2006 1 Classified Systems."

Similar presentations

FOIA Exemption 1 & E.O Classified National Security Information

FOIA Exemption 1 & E.O Classified National Security Information
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.

TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
Lecture 8 Access Control (cont)

Lecture 8 Access Control (cont)
Special systems: MLS Multilevel security [“Red book” US-DOD 1987] Considers the assurance risk when composing multilevel secure systems evaluated under.

Special systems: MLS Multilevel security [“Red book” US-DOD 1987] Considers the assurance risk when composing multilevel secure systems evaluated under.
CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.
Department of the Navy Information Security Program

Department of the Navy Information Security Program
Evaluation, Assurance, Classified Systems Dr. William Hery CS 996 Spring 2004.

Evaluation, Assurance, Classified Systems Dr. William Hery CS 996 Spring 2004.
Section One: Classification System Overview Note: All classified markings contained within this presentation are for training purposes only.

Section One: Classification System Overview Note: All classified markings contained within this presentation are for training purposes only.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 10 – Trusted Computing.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 10 – Trusted Computing.
Controlled Unclassified Information (CUI). Unclassified Information Public Domain: information that does not qualify for status of CUI -- suitable for.

Controlled Unclassified Information (CUI). Unclassified Information Public Domain: information that does not qualify for status of CUI -- suitable for.
DDBMS Security - Bakul Gada.

DDBMS Security - Bakul Gada.
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.

Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.
Evaluation, Assurance, Classified Systems Dr. William Hery CS 996 Spring 2005.

Evaluation, Assurance, Classified Systems Dr. William Hery CS 996 Spring 2005.
Confidentiality Policies  Overview  What is a confidentiality model  Bell-LaPadula Model  General idea  Informal description of rules  Formal description.

Confidentiality Policies  Overview  What is a confidentiality model  Bell-LaPadula Model  General idea  Informal description of rules  Formal description.
S.S. Yau 1CSE465-591 Fall 2006 Administrative Security Procedural Controls.

S.S. Yau 1CSE Fall 2006 Administrative Security Procedural Controls.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Stephen S. Yau CSE 465-591, Fall 2006 1 Evaluating Systems for Functionality and Assurance.

Stephen S. Yau CSE , Fall Evaluating Systems for Functionality and Assurance.
Stephen S. Yau 1CSE 465-591, Fall 2006 Firewalls.

Stephen S. Yau 1CSE , Fall 2006 Firewalls.

Similar presentations

Ads by Google