Presentation is loading. Please wait.

Presentation is loading. Please wait.

THE ORANGE BOOK Ravi Sandhu

Published byJulian Fields Modified over 5 years ago

Similar presentations

Presentation on theme: "THE ORANGE BOOK Ravi Sandhu"— Presentation transcript:

1 THE ORANGE BOOK Ravi Sandhu

2 ORANGE BOOK CLASSES HIGH SECURITY A1 Verified Design
B3 Security Domains B2 Structured Protection B1 Labeled Security Protection C2 Controlled Access Protection C1 Discretionary Security Protection Minimal Protection NO SECURITY

3 ORANGE BOOK CRITERIA SECURITY POLICY ACCOUNTABILITY ASSURANCE
DOCUMENTATION

4 SECURITY POLICY C1 C2 B1 B2 B3 A1
Discretionary Access Control + + nc nc + nc Object Reuse 0 + nc nc nc nc Labels nc nc Label Integrity nc nc nc Exportation of Labeled Information nc nc nc Labeling Human-Readable Output nc nc nc Mandatory Access Control nc nc Subject Sensitivity Labels nc nc Device Labels nc nc no requirement added requirement nc no change

5 ACCOUNTABILITY C1 C2 B1 B2 B3 A1
Identification and Authentication nc nc nc Audit nc Trusted Path nc no requirement added requirement nc no change

6 ASSURANCE C1 C2 B1 B2 B3 A1 System Architecture + + + + + nc
System Integrity + nc nc nc nc nc Security Testing Design Specification and Verification Covert Channel Analysis Trusted Facility Management nc Configuration Management nc + Trusted Recovery nc Trusted Distribution no requirement added requirement nc no change

7 DOCUMENTATION C1 C2 B1 B2 B3 A1 Security Features User's Guide + nc nc nc nc nc Trusted Facility Manual nc Test Documentation + nc nc + nc + Design Documentation + nc no requirement added requirement nc no change

8 COVERT CHANNEL ANALYSIS
B1 No requirement B2 Covert storage channels B3 Covert channels (i.e. storage and timing channels) A1 Formal methods

9 SYSTEM ARCHITECTURE C1 The TCB shall maintain a domain for its own execution that protects it from tampering C2 The TCB shall isolate the resources to be protected B1 The TCB shall maintain process isolation B2 The TCB shall be internally structured into well-defined largely independent modules B3 The TCB shall incorporate significant use of layering, abstraction and data hiding A1 No change

10 DESIGN SPECIFICATION AND VERIFICATION
C2 No requirement B1 Informal or formal model of the security policy B2 Formal model of the security policy that is proven consistent with its axioms DTLS (descriptive top-level specification) of the TCB B3 A convincing argument shall be given that the DTLS is consistent with the model A1 FTLS (formal top-level specification) of the TCB A combination of formal and informal techniques shall be used to show that the FTLS is consistent with the model A convincing argument shall be given that the DTLS is consistent with the model

11 ORANGE BOOK CLASSES UNOFFICIAL VIEW
C1, C2 Simple enhancement of existing systems. No breakage of applications B1 Relatively simple enhancement of existing systems. Will break some applications. B2 Relatively major enhancement of existing systems. Will break many applications. B3 Failed A1 A1 Top down design and implementation of a new system from scratch

12 NCSC RAINBOW SERIES SELECTED TITLES
Orange Trusted Computer System Evaluation Criteria Yellow Guidance for Applying the Orange Book Red Trusted Network Interpretation Lavender Trusted Database Interpretation

13 ORANGE BOOK CRITICISMS
Mixes various levels of abstraction in a single document Does not address integrity of data Combines functionality and assurance in a single linear rating scale

14 FUNCTIONALITY VS ASSURANCE
functionality is multi-dimensional assurance has a linear progression

Download ppt "THE ORANGE BOOK Ravi Sandhu"

Similar presentations

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA.

Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA.
INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.

INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.
1 4-03 THE ORANGE BOOK Ravi Sandhu. 2 4-03 ORANGE BOOK CLASSES A1Verified Design B3Security Domains B2Structured Protection B1Labeled Security Protection.

THE ORANGE BOOK Ravi Sandhu ORANGE BOOK CLASSES A1Verified Design B3Security Domains B2Structured Protection B1Labeled Security Protection.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.

TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
Inside the Orange Book SYCS 653 Fall 2010 Lecture 12 Notes Wayne Patterson.

Inside the Orange Book SYCS 653 Fall 2010 Lecture 12 Notes Wayne Patterson.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #18-1 Chapter 18: Evaluating Systems Goals Trusted Computer System Evaluation.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #18-1 Chapter 18: Evaluating Systems Goals Trusted Computer System Evaluation.
4/28/20151 Computer Security Security Evaluation.

4/28/20151 Computer Security Security Evaluation.
CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.
CS526Topic 22: TCSEC and Common Criteria 1 Information Security CS 526 Topic 22: TCSEC and Common Criteria.

CS526Topic 22: TCSEC and Common Criteria 1 Information Security CS 526 Topic 22: TCSEC and Common Criteria.
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
1 The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It? Ravi Sandhu Executive Director and Endowed Professor February 21,

1 The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It? Ravi Sandhu Executive Director and Endowed Professor February 21,
Secure Operating Systems Lesson 10: SCOMP. Where are we?  Multics is busy being explored, which is kind of cool…  But Multics wasn’t the end of custom.

Secure Operating Systems Lesson 10: SCOMP. Where are we?  Multics is busy being explored, which is kind of cool…  But Multics wasn’t the end of custom.
Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.

Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.
Secure Operating Systems Lesson 0x11h: Systems Assurance.

Secure Operating Systems Lesson 0x11h: Systems Assurance.
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.

1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

Similar presentations

Ads by Google