Trusted Computer System Evaluation Criteria
TCSEC ( T rusted C omputer S ystem E valuation C riteria ; generally regarded as the Orange Book called) was one of the US out due -Regierung standard for the evaluation and certification of the security of computer systems .
In 1983 the Department of Defense (DoD) Computer Security Center (CSC) published its first evaluation criteria . The work was named Department of Defense Trusted Computer System Evaluation Criteria . Two years later, after a few minor changes, the book became the DoD standard TCSEC (DoD 5200.28-STD). TCSEC was mainly used in the USA , in Canada CTCPEC had been widespread since 1989 . In West Germany, France and Great Britain, first of all, own criteria were developed around 1989, for example the ITSK . In 1990 Germany, France, the Netherlands and Great Britain introduced a common standard, the Information Technology Security Evaluation Criteria (ITSEC). All of these standards were incorporated into a new, international standard in 1996, the Common Criteria .
content
TCSEC categorizes the security of computer systems into a hierarchical system with four main levels: A, B, C and D.
Most Unix systems meet C1, but can easily be configured so that C2 is also fulfilled.
TCSEC | meaning | ITSK | ||
---|---|---|---|---|
D. | insecure system | not suitable | ||
C. | simple protection with user login . | |||
C1 | Login required Discretionary Access Control , this can also be a group account. Cooperative users are assumed. For example the HRU (Access Control Matrix) model. | F1 | medium strength | |
C2 | requires an individual login with password and authentication mechanism . Data from different users are separated from each other, security-relevant processes are logged . ( Controlled Access Protection ) | F2 | ||
B. | Access rights according to protection level , security model | |||
B1 | Informal security model, data (especially exported) in protection levels ( labeled security protection ) and mandatory access control . For example Bell-LaPadula . | F3 | strong | |
B2 | formal model ( security policy ) of the security system, well-defined interface ( structured protection ) and a covert channels analysis | F4 | ||
B3 | additionally requires reference monitor property and clarity of the system, as well as secure mechanisms for logging and for the rollback of damage. ( security domains ) | F5 | very strong | |
A. | like B3, but the overall system must be formally verifiable , i.e. mathematically provable . |
See also
- Technicolor Rainbow (also called Rainbow Series )
- Common Criteria
- ITSEC
credentials
- ^ Richard A. Kemmerer: Computer Security. (PDF; 135 kB) 2001, accessed on June 13, 2013 (English).