The Orange Book (TCSEC) Flashcards
What is TCSEC?
TCSEC is a standard for assessing the effectiveness of computer security controls built into a system. It defines 6 different evaluation classes which both contain functional and assurance requirements.
TCSEC focuses on the BLP security model and also considers integrity. Availability is not considered.
What are the functional requirements of TCSEC?
The functional requirements of TCSEC are:
- There should be discretionary access control (access based on identities of subjects and objects)
- There should be mandatory access control (the simple and *- properties must be respected).
- Object reuse (address the threats of attackers gathering information from reusable objects).
- Labels (which enable enforcement of mandatory access control).
- Identification and authentication (requirements that ensures that users identify themselves and are authenticated by the system).
- Trusted path (trusted communication between users and the TBC, i.e., parts of a system critical for its security).
- Audit (there must be an audit mechanism and audit data must be protected).
What are the special operational requirements of the functional requirements if TCSEC?
These special operational requirements are:
- Trusted facility management: separation of duty between administrator and operator roles.
- Trusted recovery procedure to ensure secure recovery after failure.
- System integrity requirements.
What are the assurance requirements of TCSEC?
These requirements are:
- System architecture requirements mandating modularity and minimizing complexity.
- Design specification and verification requirements.
- Testing requirements for assessing the extent to which the system is conforming to the security requirements. Testing requirements could be mandatory pentesting of services exposed to the internet.
- Vulnerability assessment for detecting exploitable vulnerabilities, e.g., using a pentest.
- Product documentation and internal documentation requirements.
- Configuration management and trusted distribution requirements.
What are the overall categories of the TCSEC evaluation classes?
There are four overall categories of the evaluation classes. These are:
D - Minimal protection
C - Discretionary protection
B - Mandatory protection
A - Verified design
What are the TCSEC evaluation classes?
The classes are:
C1 - This class requires identification and authentication, discretionary access control, testing, and documentation.
C2 - This level requires object reuse requirements and auditing. This class is also known as OS baseline assurance.
B1 - This level requires mandatory access control, security labels, an informal model of the security policy, and more stringent testing.
B2 - This level requires mandatory access control for all objects, a trusted path for login, principle of least privilege, covert channel analysis, configuration management, and a formal model for the security policy.
B3 - This model requires full reference validation, design requirements, and everything must be documented.
A1 - This model is the same as B3 only it uses formal model for covert channel analysis, design specification and verification, trusted distributions, and increased test and design documentation.
What are the 4 main evaluation phases in TCSEC?
The phases are:
- Application
- Technical review
- Evaluation (consists of design analysis, test analysis, and final review)
- Rating Maintenance Program (?)
What are the main critics of TCSEC?
Firstly, TCSEC is only recognized by the US government. It is also only focusing on operating systems so it is not applicable for many other applications, e.g., a database management system.
