The US Army Great Plains Regional Medical Command (GPRMC) has a requirement to conform to Department of Defense (DoD) and Army security policies for the Virtual Radiology Environment (VRE) Project. Within the DoD, security policy is defined as the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security policy in the DoD is described by the Trusted Computer System Evaluation Criteria (TCSEC), Army Regulation (AR) 380-19, Defense Information Infrastructure Common Operating Environment (DII COE), Military Health Services System Automated Information Systems Security Policy Manual, and National Computer Security Center-TG-005, “Trusted Network Interpretation.” These documents were used to develop a security policy that defines information protection requirements that are made with respect to those laws, rules, and practices that are required to protect the information stored and processed in the VREProject. The goal of the security policy is to provide, for a C2-level of information protection while also satisfying the functional needs of the GPRMC’s user community. This report summarizes the security policy for the VRE and defines the CORBA security services that satisfy the policy. In the VRE...
The Center for Information Systems Security Studies and Research (CISR) is working on a project known as the Trusted Computing Exemplar (TCX). This project is developing a high assurance computing component that will be evaluated at the Common Criteria (CC) Evaluation Assurance Level 7 (EAL7). The processes, documentation, source code, and other evidence to support the evaluation will be openly shared. Documentation is a substantial part of this evidence. Although the CC does state documentation requirements for each EAL, related requirements are often spread across multiple families, and no summarization of documentation requirements is provided. Therefore it was necessary to study the CC carefully to determine such requirements for EAL7. A long list of required documents was developed. However, the TCX project found that when starting from scratch there are particular documents, described herein, that are precursors to serious design work. In addition, it was learned that interpretations of the CC, and the occasional terminology translation were required.
Fonte: International Common Criteria Conference 2010Publicador: International Common Criteria Conference 2010
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
The need for highly robust enterprise-level architectures that implement multi-domain information protection mechanisms is widespread and growing, especially in the context of cloud computing which promotes dynamicity, scalability and collaboration across domains and organizations.
The Monterey Security Architecture (MYSEA) addresses this need by integrating cloud computing functionality with the strong security properties required by a highly robust multi-domain system. The MYSEA architecture combines highly trustworthy multilevel secure servers and special-purpose multi-domain authentication components to provide centralized cross-domain security policy enforcement. Users can continue to use commodity workstations and familiar web-based applications for collaboration and access to data across domains. MYSEA�s security features include strong cross-domain access controls, protection of system assets (data and services) with different security classifications, resource isolation, service replication and dynamic control of Quality of Security Service attributes.
The MYSEA cloud is oriented towards the Cloud Software as a Service (SaaS) model and supports many characteristics associated with cloud computing, including broad network access...
The objective of this thesis is to analyze the mandatory access control (MAC) features of two commercial multilevel trusted database management systems (DBMS): Trusted ORACLE 7 and Informix-OnLine/Secure 5.0. We are attempting to determine how the problem of multilevel sharing of information is addressed in each multilevel secure DBMS. Commercially available documentation is used to examine the mandatory access controls enforced on labeled subjects and labeled objects and to compare them to the Class B1 requirements for MAC and labeling set forth in the Trusted Computer System-Evaluation Criteria (TCSEC). A decomposition of the TCSEC requirements for MAC and labeling is mapped to the DBMS documentation to determine if the Class B1 requirements are met by each DBMS. With the TCSEC mapping as a reference, the interface features in support of MAC are analyzed and compared between the products. This analysis shows that each DBMS uses different schema objects and privilege sets to enforce its mandatory security policy. The MAC mechanism of each product is based on the Bell-LaPadula security model, extended to prohibit the writeup of data from lower level subjects to higher level objects. Each DBMS allows traditional trusted subjects to writedown data. When special privileges are granted to users...
Computer Science; Research on the ability of the Telescript language and execution mechanism to enforce controlled access protection on mobile agents moving in and across distributed computer networks has not been published. Nor has General Magic, the creator of the language, conducted security testing on their product. This thesis investigates whether the mobile agents and execution mechanism proposed by General Magic in its Telescript(TM) language meet the Class C2 Controlled Access Protection criteria as promulgated in the Department of Defense Trusted Computer System Evaluation Criteria (TCSEC). This was done by conducting an analysis of the documentation provided by General Magic in their Telescript Development Kit (TDK) and Active Web Tools (AWT). The results of this thesis show that the mobile agents and execution mechanism of the Telescript(TM) language do not meet the criteria for TCSEC Class C2 Controlled Access Protection. In particular, the criteria for object reuse, system architecture, system integrity, security testing and security documentation are not met. However, discretionary access control (DAC) can be enforced using a user-defined security policy and the requirements for identification and authentication (I&A) and audit are satisfied.
Approved for public release, distribution unlimited; The primary purpose of this thesis is to provide an analysis for each of the specific security requirements established for the Joint Maritime Command Information System (JMCIS) Sensitive Compartment Information (SCI) local area network. The development of JMCIS and its importance within the interoperability arena of Department of Defense (DoD) Command, Control, Communications, Computers, and Intelligence (C4I) systems is discussed. A description of the components for the SCI local area network and supporting computer security principles is presented. The author employs the criteria established in the Trusted Computer System Evaluation Criteria (TCSEC) and other authoritative sources to evaluate and interpret the security requirements under the broad category of Technical (Computer) Security Requirements for the JMCIS SCI local area network. The results of the analysis support the JMCIS SCI local area network developer's selected security requirements.; U.S. Navy (USN) author
Approved for public release; distribution is unlimited.; With the progression of computer systems to local and wide area networks, the scope of computer security has increased dramatically over the past two decades. Now, more than ever, the use of trusted systems is needed to ensure the secrecy, integrity, and availability of computer resources. However, attaining the levels of trust required has been difficult for a variety of reasons. This paper provides an in-depth look at the government's Trusted Computer System Evaluation Criteria (TCSEC) and its current applicability. An analysis of a military network running Windows NT version 3.51 as the network operating system is provided as a case study. The paper concludes with a discussion of the advantages and disadvantages of the TCSEC criterion. Although products have been certified as meeting the various class requirements, existing problems are preventing the attainment of trusted system from becoming a reality for many government organizations; http://archive.org/details/ensuringc2levelo00luca; Lieutenant, United States Navy
Approved for public release; distribution is unlimited; Computer Supported Collaborative Work (CSCW) is a topic of considerable academic inquiry and rapid commercial development. Meeting Room Systems, Conferencing System, Co-authoring and Argumentation Systems, Message Systems and Autonomous Agents which support group collaboration currently exist; however, Department of Defense (DoD) computer security requirements as they impact CSCW system design has received little attention. This thesis describes CSCW systems and relates group dynamic issues to predict the form of the sophisticated CSCW which will probably become commonplace in the future. Next the Trusted Computer security Evaluation criteria (TCSEC) with which all DoD systems must comply are synopsized. An extension of the Bell-LaPadula model underlying the TCSEC requirements is proposed which would allow 'Functionally Trusted CSCW' (FT-CSCW), CSCW which would meet many but not all of the TCSEC requirements. Possible first order (efficiency) effects of FT-CSCW, including the effect of sparse group domains, the breakdown of compartmentation, and organizational stratification are discussed. Second order (social) effects are also discussed, as are possible FT-CSCW problems (unstable group membership...