On The Insider: Britney's Bikini-Clad Top 10
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 42 of 54:
Next »
« Previous
You should do some research, this is old stuff!
From the days when the Rainbow Series was the standard:

The DoD security categories range from D (Minimal Protection) to A (Verified Protection).
D - Minimal Protection
Any system that does not comply to any other category, or has failed to receive a higher classification. D-level certification is very rare.
C - Discretionary Protection
Discretionary protection applies to Trusted Computer Bases (TCBs) with optional object (i.e. file, directory, devices etc.) protection.
C1 - Discretionary Security Protection

* Discretionary Access Control, for example Access Control Lists (ACLs), User/Group/World protection.
* Usually for users who are all on the same security level.
* Username and Password protection and secure authorisations database (ADB).
* Protected operating system and system operations mode.
* Periodic integrity checking of TCB.
* Tested security mechanisms with no obvious bypasses.
* Documentation for User Security.
* Documentation for Systems Administration Security.
* Documentation for Security Testing.
* TCB design documentation.
* Typically for users on the same security level
* C1 certification is rare. Example systems are earlier versions of Unix, IBM RACF.

C2 - Controlled Access Protection
As C1, plus

* Object protection can be on a single-user basis, e.g. through an ACL or Trustee database.
* Authorisation for access may only be assigned by authorised users.
* Object reuse protection (i.e. to avoid reallocation of secure deleted objects).
* Mandatory identification and authorisation procedures for users, e.g. Username/Password.
* Full auditing of security events (i.e. date/time, event, user, success/failure, terminal ID)
* Protected system mode of operation.
* Added protection for authorisation and audit data.
* Documentation as C1 plus information on examining audit information.
* This is one of the most common certifications. Example Operating Systems are: VMS, IBM OS/400, Windows NT, Novell NetWare 4.11, Oracle 7, DG AOS/VS II.

B - Mandatory Protection
Division B specifies that the TCB protection systems should be mandatory, not discretionary.
B1 - Labelled Security Protection
As C2 plus:

* Mandatory security and access labelling of all objects, e.g. files, processes, devices etc.
* Label integrity checking (e.g. maintenance of sensitivity labels when data is exported).
* Auditing of labelled objects.
* Mandatory access control for all operations.
* Ability to specify security level printed on human-readable output (e.g. printers).
* Ability to specify security level on any machine-readable output.
* Enhanced auditing.
* Enhanced protection of Operating System.
* Improved documentation.
* Example OSes are: HP-UX BLS, Cray Research Trusted Unicos 8.0, Digital SEVMS, Harris CS/SX, SGI Trusted IRIX.

B2 - Structured Protection
As B1 plus:

* Notification of security level changes affecting interactive users.
* Hierarchical device labels.
* Mandatory access over all objects and devices.
* Trusted path communications between user and system.
* Tracking down of covert storage channels.
* Tighter system operations mode into multilevel independent units.
* Covert channel analysis.
* Improved security testing.
* Formal models of TCB.
* Version, update and patch analysis and auditing.
* Example systems are: Honeywell Multics, Cryptek VSLAN, Trusted XENIX.

B3 - Security Domains
As B2 plus:

* ACLs additionally based on groups and identifiers.
* Trusted path access and authentication.
* Automatic security analysis.
* TCB models more formal.
* Auditing of security auditing events.
* Trusted recovery after system down and relevant documentation.
* Zero design flaws in TCB, and minimum implementation flaws.
* The only B3-certified OS is Getronics/Wang Federal XTS-300.

A - Verified Protection
Division A is the highest security division.
A1 - Verified Protection
As B3 plus:

* Formal methods and proof of integrity of TCB.
* These are the only A1-certified systems: Boeing MLS LAN, Gemini Trusted Network Processor, Honeywell SCOMP.

A2 and above
Provision is made for security levels higher than A2, although these have not yet been formally defined. No OSes are rated above A1.
Posted by: B.O.F.H.   Posted on: 02/21/05 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Well DUH !!!  realitycheck101 | 02/18/05
MS is the only  michael-t | 02/18/05
The conspiracy is unmasked!  jimmyjoebobalooba | 02/19/05
I will take it under advisement. - NT  osreinstall | 02/19/05
U R Funny  FilledOut | 02/18/05
I'm not a MS fan, but...  doh123 | 02/18/05
What he is saying is Microsoft needs to fix  bjbrock | 02/18/05
What makes you think that isn't happening?  jimmyjoebobalooba | 02/19/05
Still waiting for that Win3.1 patch  FilledOut | 02/20/05
IMO it's pretty obvious  alterego_z | 02/18/05
MS found a new revenue stream  AmusedAtItAll | 02/18/05
Who the heck is Neil MacDonald...  Real World | 02/18/05
We are a 2000 shop and  Arrg | 02/18/05
Just don't forget  FilledOut | 02/20/05
ie 7 only for xp  jjanks | 02/18/05
This will change..  Jeff Spicoli | 02/19/05
Isn't 50% of the Windows using population on 98 or ME still?  jvahabzadeh | 02/22/05
Gartner is silly  samp_z | 02/18/05
Problem here is...  DragonBRockin | 02/18/05
MS is making more mistakes  mgombos@... | 02/19/05
I agree with...  KOS-MOS | 02/19/05
I disagree with "I agree with" (but only partly)  jimmyjoebobalooba | 02/19/05
ummm.. yeh.  jimmyjoebobalooba | 02/19/05
Someone is living in a dream world...  No_Ax_to_Grind | 02/19/05
Axe obviously never heard of safety critical systems  whisperycat | 02/19/05
Sorry, they fail too.  No_Ax_to_Grind | 02/21/05
Yes but..  Jeff Spicoli | 02/19/05
Ok, assume a "near perfect" system.  No_Ax_to_Grind | 02/21/05
Of course there is  Richard Flude | 02/20/05
So, show me...  No_Ax_to_Grind | 02/21/05
say you can drive to work or take the metro train  hipparchus2000 | 02/21/05
Were trying to make some sort of point?  No_Ax_to_Grind | 02/21/05
Yes No_Ax, We Know You're Living In Neverland  itanalyst | 02/21/05
Edumacation for AX  Nullifidian | 02/21/05
Mainframes are never hacked?  No_Ax_to_Grind | 02/21/05
it doesn't matter IF they are hacked or not, it's how often they are hacked  hipparchus2000 | 02/21/05
4get replying to the AX using logic  Nullifidian | 02/21/05
No that was your silly statement.  No_Ax_to_Grind | 02/21/05
perfectly secure systems?  Nullifidian | 02/22/05
Ummm, all it takes is once.  No_Ax_to_Grind | 02/21/05
everyones a fool but you...  Nullifidian | 02/22/05
You should do some research, this is old stuff!  B.O.F.H. | 02/21/05
no such thing as secure software...? Actually there is  hipparchus2000 | 02/21/05
You need reading lessons.  No_Ax_to_Grind | 02/21/05
Internet Explorer 7.0 from scratch  Grayson Peddie | 02/19/05
Or pay for attacks  Martin Marvinski | 02/19/05
IE6  jsjag1 | 02/21/05
Not Possible  Mack DaNife | 02/21/05
Ah...yes. You're right.  Grayson Peddie | 02/21/05
Another idiot think tank  osreinstall | 02/19/05
white list for executables  Grayson Peddie | 02/19/05
Re: white list for executables  Anti_Zealot | 02/21/05
And nobody will hack the list?  gordon@... | 02/21/05
It wont be hard  osreinstall | 02/21/05

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement
  • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
  • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
  • Smart People The best and worst moves in the management and strategy trenches. Learn More