280 likes | 442 Views
TCSEC: The Orange Book. TCSEC Purpose. Establish best practices Requirements for assessing the effectiveness of security controls Measure computing resource security Evaluate, classify, and select systems considered for computing resources. TCSEC: Purpose.
E N D
TCSEC Purpose • Establish best practices • Requirements for assessing the effectiveness of security controls • Measure computing resource security • Evaluate, classify, and select systems considered for computing resources
TCSEC: Purpose • Guidance – provides guidance on how to design a trusted computing system along with their associated data and services • Metrics – provides a metric (classification) for determining the level of trust assigned to a computing system.
Orange Book: Metrics • Measurement of a system's security is quantified using a classification system. • The Classes are: • D • C1 & C2 • B1, B2, B3 • A1 • A is more secure than D • 2 is more secure than 1.
Orange Book: Metrics • The rating system is hierarchical • D applies to any system that fails to meet any of the higher level security classes. • The other levels have increasing security requirements. • A1 systems would be rare.
Disclaimer • An A1 system is not 100% secure. • The risk level is expected to be lower compared to the other levels
Metrics: C1 • Identification and authentication (user id & password) • DAC – (Discretionary Access Controls) • capable of enforcing access controls • Example: Basic Unix/Linux OS, user, group, other.
Metrics: C2 • C1 plus • Audit trails • System documentation and user manuals.
Metrics B1 • C2 plus • Discovered weaknesses must be mitigated
Metrics B2 • B1 plus • Security policy must be defined and documented • Access controls for all subjects and objects
Metrics: B3 • B2 plus • Automated imminent intrusion detection, notification and response.
Metrics: A1 • B3 + • System is capable of secure distribution (can be transported and delivered to a client with the assurance of being secure)
Orange Book Security Criteria • Security Policy • Accountability • Assurance • Documentation
1. Security Policy • The set of rules and practices that regulate how an organization manages, protects, and distributes information.
1. Security Policy • The policy is organized into subjects and objects. • Subjects act upon objects • Subjects – processes and users. • Objects – data, directories, hardware, applications • A well defined access control model determines if a subject can be permitted access to an object.
Security Policy Top secret, secret, classified, non-classified Need-to-know, job division, job rotation, NDA, etc.
2. Accountability • The responsibilities of all who come in contact with the system must be well defined. • Identification (… the process to identify a user) • Auditing (...accumulating and reviewing log information and all actions can be traced to a subject) • Organizational chart • Job description contract, AUP, NDA, SLA
3. Assurance • The reasonable expectation that the security policy of a trusted system has been implemented correctly and works as intended. • Assurance is organized into • Operational assurance • Life-cycle assurance
3a. Organizational Assurance • Security policy is maintained in the overall design and operation of the system. • Example: Users of the system have an assurance that access controls are enforced
3b. Life-cycle Assurance • Insuring the system continues to meet the security requirements over the lifetime of the system. • Updates to the software and hardware must be considered • The expectation that the system remains operational (is available) over its lifetime • Sustainability-cycle
4. Documentation Requirements • Security Features User's Guide • Trusted Facility Manual • Test Documentation • Design Documentation
Documentation: Security Features User's Guide • Aimed at the ordinary (non-privileged) users. • General usage policy • *Instructions on how to effectively use the system • Description of relevant security features
Documentation: Trusted Facility Manual • Aimed at the S.A. Staff • How the system is configured and maintained • Includes the day-to-day required activities • Backups • Reviewing security logs
Documentation: Test Documentation • Instructions on how to test the required security mechanisms
Documentation: Design Documentation • Define the boundaries of the system • A complete description of the hardware and software. • Complete system design specifications • Description of access controls
The Orange Book • The Orange book has been superseded by the Common Criteria