7.3.1. Example: DoD TCSEC Classification

7.3.1. Example: DoD TCSEC Classification
Prev	7.3. Security Subsystem Implementation	Next

Security klasifikace ... Trusted Computer System Evaluation Criteria (TCSEC or Orange Book), the Canadian Trusted Computer Product Evaluation Criteria (CTCPEC), and the Information Technology Security Evaluation Criteria (ITSEC). The goal of these documents is to specify a standard set of criteria for evaluating the security capabilities of systems.

DoD TCSEC Level D: Systems that fail to meet requirements of any higher class.

Level C1: Provides separation of users and data and access control on individual basis so that users can prevent other users from accidentaly accessing or deleting their data.

Level C2: In addition requires auditing of security related events.

Level B1: In addition requires informal statement of the security policy model and no errors with respect to that statement.

Level B2: In addition requires formal statement of the security policy model and no covert channels.

Level B3: In addition requires testability of the formal statement of the security policy model.

Level A1: In addition requires verifiability of the formal statement of the security policy model on the architecture level and verifiability of the informal statement of the security policy model on the implementation level.

Ze stránky http://www.radium.ncsc.mil/tpep/epl/epl-by-class.html existují v roce 2000 tyto secure systémy:

A1 žádný operační systém, žádná aplikace, dva routery od Boeing a Gemini Computers.

B3 operační systémy XTS-200 a XTS-300 od Wang Federal (binárně kompatibilní s UNIX System V na Intel platformách, ale aby měl B3, musí mít speciální hardware, používá security a integrity levels ala Bell, LaPadula, Biba), žádná aplikace, žádný router.

B2 operační systémy Trusted XENIX 3.0 a 4.0 od Trusted Information Systems (binárně kompatibilní s IBM XENIX), žádná aplikace, router DiamondLAN od Cryptek Secure Communications.

B1 operační systémy UTS/MLS od Amdahl Corporation, CA-ACF2 MVS od Computer Associates, SEVMS VAX 6 od DEC, ULTRIX MLS+ od DEC, CX/SX 6 od Harris Computer Systems, HP-UX BLS 9 od HP, Trusted IRIX/B od SGI, OS1100/2200 od Unisys, aplikace INFORMIX/Secure 5 od Informixu, Trusted Oracle 7 od Oracle, Secure SQL 11 od SyBase, routery ...

C2 operační systémy AOS/VS 2 od Data General, OpenVMS VAX 6 od DEC, OS/400 na AS/400 od IBM, Windows NT 4 od Microsoftu, Guardian 90 od Tandem, aplikace Microsoft SQL2000 8 ...

C1 se již nevyhodnocuje.

Seznam obsahuje pouze komerčně dostupné systémy, navíc se zhruba od roku 2000 již nepoužívá, ale stále je známý a proto zasluhuje zmínku.