Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 4-03 THE ORANGE BOOK Ravi Sandhu. 2 4-03 ORANGE BOOK CLASSES A1Verified Design B3Security Domains B2Structured Protection B1Labeled Security Protection.

Similar presentations


Presentation on theme: "1 4-03 THE ORANGE BOOK Ravi Sandhu. 2 4-03 ORANGE BOOK CLASSES A1Verified Design B3Security Domains B2Structured Protection B1Labeled Security Protection."— Presentation transcript:

1 THE ORANGE BOOK Ravi Sandhu

2 ORANGE BOOK CLASSES A1Verified Design B3Security Domains B2Structured Protection B1Labeled Security Protection C2Controlled Access Protection C1Discretionary Security Protection DMinimal Protection NO SECURITY HIGH SECURITY

3 ORANGE BOOK CRITERIA SECURITY POLICY ACCOUNTABILITY ASSURANCE DOCUMENTATION

4 SECURITY POLICY C1 C2 B1 B2 B3A1 Discretionary Access Control++ncnc+nc Object Reuse0+ncncnc nc Labels00++nc nc Label Integrity00+ncnc nc Exportation of Labeled Information00+ncnc nc Labeling Human-Readable Output00+ncnc nc Mandatory Access Control00++nc nc Subject Sensitivity Labels 000+nc nc Device Labels000+nc nc 0no requirement +added requirement ncno change

5 ACCOUNTABILITY C1 C2 B1 B2 B3A1 Identification and Authentication+++ncnc nc Audit0++++nc Trusted Path000++nc 0no requirement +added requirement ncno change

6 ASSURANCE C1 C2 B1 B2 B3A1 System Architecture+++++nc System Integrity+ncncncnc nc Security Testing Design Specification and Verification Covert Channel Analysis Trusted Facility Management000++nc Configuration Management000+nc + Trusted Recovery0000+nc Trusted Distribution no requirement +added requirement ncno change

7 DOCUMENTATION C1 C2 B1 B2 B3A1 Security Features User's Guide+ncncncnc nc Trusted Facility Manual+++++nc Test Documentation+ncnc+nc + Design Documentation+nc++++ 0no requirement +added requirement ncno change

8 COVERT CHANNEL ANALYSIS B1No requirement B2Covert storage channels B3Covert channels (i.e. storage and timing channels) A1Formal methods

9 SYSTEM ARCHITECTURE C1The TCB shall maintain a domain for its own execution that protects it from tampering C2The TCB shall isolate the resources to be protected B1The TCB shall maintain process isolation B2The TCB shall be internally structured into well-defined largely independent modules B3The TCB shall incorporate significant use of layering, abstraction and data hiding A1No change

10 DESIGN SPECIFICATION AND VERIFICATION C2No requirement B1Informal or formal model of the security policy B2Formal model of the security policy that is proven consistent with its axioms DTLS (descriptive top-level specification) of the TCB B3A convincing argument shall be given that the DTLS is consistent with the model A1FTLS (formal top-level specification) of the TCB A combination of formal and informal techniques shall be used to show that the FTLS is consistent with the model A convincing argument shall be given that the DTLS is consistent with the model

11 ORANGE BOOK CLASSES UNOFFICIAL VIEW C1, C2Simple enhancement of existing systems. No breakage of applications B1Relatively simple enhancement of existing systems. Will break some applications. B2Relatively major enhancement of existing systems. Will break many applications. B3Failed A1 A1Top down design and implementation of a new system from scratch

12 NCSC RAINBOW SERIES SELECTED TITLES OrangeTrusted Computer System Evaluation Criteria YellowGuidance for Applying the Orange Book RedTrusted Network Interpretation LavenderTrusted Database Interpretation

13 ORANGE BOOK CRITICISMS Mixes various levels of abstraction in a single document Does not address integrity of data Combines functionality and assurance in a single linear rating scale

14 FUNCTIONALITY VS ASSURANCE functionality is multi- dimensional assurance has a linear progression


Download ppt "1 4-03 THE ORANGE BOOK Ravi Sandhu. 2 4-03 ORANGE BOOK CLASSES A1Verified Design B3Security Domains B2Structured Protection B1Labeled Security Protection."

Similar presentations


Ads by Google