Ncsc-Tg-022 Library No. 5-236,061 Version 1

By Gallagher, Patrick R., Jr.

Book Id: WPLBN0000696361
Format Type: PDF eBook:
File Size: 0.1 MB
Reproduction Date: 2005

Title:	Ncsc-Tg-022 Library No. 5-236,061 Version 1
Author:	Gallagher, Patrick R., Jr.
Volume:
Language:	English
Subject:	Technology., Reference materials, Technology and literature
Collections:	Techonology eBook Collection
Historic Publication Date:
Publisher:


Citation APA MLA Chicago R. Gallagher, Jr, B. P. (n.d.). Ncsc-Tg-022 Library No. 5-236,061 Version 1. Retrieved from http://self.gutenberg.org/

Description
Technical Reference Publication

Excerpt
Introduction: The principal goal of the National Computer Security Center (NCSC) is to encourage the widespread availability of trusted computer systems. In support of this goal the NCSC created a metric, the DoD Trusted Computer System Evaluation Criteria (TCSEC) [17], against which computer systems could be evaluated. The TCSEC was originally published on 15 August 1983 as CSC-STD-001-83. In December 1985 the Department of Defense adopted it, with a few changes, as a Department of Defense Standard, DoD 5200.28-STD. DoD Directive 5200.28, Security Requirements for Automatic Information Systems (AISs) [10], requires the Department of Defense to use the TCSEC. The TCSEC is the standard used for evaluating the effectiveness of security controls built into DoD AISs. The TCSEC is divided into four divisions: D, C, B, and A. These divisions are ordered in a hierarchical manner. The TCSEC reserves the highest division (A) for systems providing the best available level of assurance.

Table of Contents
TABLE OF CONTENTS FOREWORD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ACKNOWLEDGMENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.0 INTRODUCTION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.1 Background. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3 Scope. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.4 Control Objective . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.5 Document Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.0 FAILURES, DISCONTINUITIES, AND RECOVERY . . . . . . . . . . . . . . . . . . . . . . . . 2.1 State-Transition (Action) Failures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.2 TCB Failures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.3 Media Failures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.4 Discontinuity of Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.0 PROPERTIES OF TRUSTED RECOVERY. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.1 Secure States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2 Secure State Transitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.0 DESIGN APPROACHES FOR TRUSTED RECOVERY . . . . . . . . . . . . . . . . . . . . . . 4.1 Responsibility for Trusted Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2 Some Practical Difficulties with Current Formalisms . . . . . . . . . . . . . . . . . . . . . . 4.3 Summary of Current Approaches to Recovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3.1 Types of System Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3.2 Current Approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3.3 Implementation of Atomic State Transitions . . . . . . . . . . . . . . . . . . . . . . . 4.3.3.1 Shadowing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3.3.2 Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3.3.3 Logging and Shadowing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3.4 Recovery with Non-Atomic State Transitions . . . . . . . . . . . . . . . . . . . . . . 4.3.4.1 Sources of Inconsistency--A Generic Example . . . . . . . . . . . . . . 4.3.4.2 Non-Atomic TCB Primitives . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3.4.3 ldempotency of Recovery Procedures . . . . . . . . . . . . . . . . . . . . . 4.3.4.4 Recovery With Non-Atomic System Primitives . . . . . . . . . . . . . 4.4 Design Options for Trusted Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.0 IMPACT OF OTHER TCSEC REQUIREMENTS ON TRUSTED RECOVERY . . 5.1 Operational Assurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2 Life-Cycle Assurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2.1 Security Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2.2 Design Specification and Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2.3 Configuration Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2.4 Trusted Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3 Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .