I. Describe the Trusted Computer System Evaluation Criteria (TCSEC). Point out that it is an older Department
Question:
I. Describe the Trusted Computer System Evaluation Criteria (TCSEC). Point out that it is an older Department of Defense (DoD) standard that defines the criteria for assessing the access controls in a computer system. This is also known as the "Orange Book" and is the cornerstone of a larger series of documents that were used to determine access controls for systems within the department.
II. Identify that the use of TCSEC is reliant on a trusted computing base (TCB) for a security policy to be enforceable.
III. Recall that TCB is made up of the hardware and software that has been implemented to provide security for a particular information system (usually includes the operating system kernel and a specified set of security utilities).
IV. Point out that one of the biggest challenges in TCB is the existence of covert channels. Mention that TCSEC defines two kinds of covert channels: storage channels and timing channels.
Step by Step Answer:
Principles Of Information Security
ISBN: 9780357506431
7th Edition
Authors: Michael E. Whitman, Herbert J. Mattord