IT-Security Evaluation Criteria
IT-Security Evaluation Criteria
IT-Security Evaluation Criteria
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Summary of TCSEC- <strong>Security</strong> Classes:<br />
Division C: Discretionary Protection:<br />
Division D/ Class D: Minimal Protection:<br />
- unrated, no security characteristics required<br />
Class C1: Discretionary <strong>Security</strong> Protection:<br />
- for cooperating users processing at the same level of security<br />
- discretionary access controls (DAC): users can protect their own data and<br />
keep other users from accidentally reading or destroying their data<br />
- identification and authentication<br />
- penetration testing<br />
-<br />
Example: MVS/RACF<br />
Tillämpad datasäkerhet (DAVC17) – <strong>Security</strong> <strong>Evaluation</strong> <strong>Criteria</strong> Simone Fischer-Hübner 5<br />
Tillämpad datasäkerhet (DAVC17) – <strong>Security</strong> <strong>Evaluation</strong> <strong>Criteria</strong> Simone Fischer-Hübner 6<br />
C2: Controlled Access Protection:<br />
Features of C1 +:<br />
- more finely grained DAC:<br />
protection must be implementable at the degree of a single user<br />
- auditing<br />
- object reuse<br />
Examples: VAX VMS, MVS/ACF, Windows NT<br />
Division B: Mandatory Protection<br />
Class B1: Labelled <strong>Security</strong> Protection:<br />
Features of C2 +:<br />
- informal statement of security model<br />
- security labelling<br />
- mandatory access control (MAC) policy of the Bell LaPadula model<br />
- thorough analysis and testing of design documentation,<br />
source code, object code,<br />
- removal of security related flaws<br />
Examples: Trusted Solaris CMW 1.1, Trusted Oracle 7, Unix System V/MLS<br />
Tillämpad datasäkerhet (DAVC17) – <strong>Security</strong> <strong>Evaluation</strong> <strong>Criteria</strong> Simone Fischer-Hübner 7<br />
Tillämpad datasäkerhet (DAVC17) – <strong>Security</strong> <strong>Evaluation</strong> <strong>Criteria</strong> Simone Fischer-Hübner 8