Security and ARchitecture - PRACTICE

The trusted computer System Evaluation Criteria

4 - classification rankings:

A = verified protection

B = Mandatory protection

C = discretionary protection

D = minimal security

• Developed by Department of Defense - evaluate the security and assurance an OS provides
• ORANGE book in the rainbow series

mechanism that enforces the consistent security classification of an object.

covert channel - using a path that was not intended for communication transmission

system-high - system mode - when all users have a security clearance or authorization to access the information but not necessarily a need to know for all the information processed on the system.

• firmware - loaded onto read-only memory (ROM) chips novolatile storae area
• Non-votaile - when the computer is turned off the data is still there.

Multiprogramming - when an OS and CPU can execute more than one program at a time.

the processes can commit a resource and the OS has less control over when the process releases than in multi-processing

Type of RAM that holds data in memory that is accessed freqeuntly by CPU

• different subject will use the same media.
• If it contains sensitive information that data should be properly erased before another subject can haveaccess to it.

• The control unit determines when data instructions can be sent on to the CPU for processing.
• Data is held in registers until its turn to have the access to the CPU.

The ALU is a component of the CPU that peforms mathematical and logical operations.

Reference Monitor holds the rules tha to utline how subjects can acces objects an the security kernel enforces these rules.

enforces rule: subjects must have proper authority to access objects

takes the best of TCSEC and ITSEC

more useful to measure - used globally

If the system starts up in secure state - it will remain in secure state - shuts down in secure state