Page 92 - DCAP516_COMPUTER_SECURITY
P. 92
Computer Security
Notes 7.8 Summary
A trusted system connotes one that meets the intended security requirements, is of high
enough quality, and justifies the user’s confidence in that quality. That is , trust is perceived
by the system’s receiver or user, not by its developer, designer, or manufacturer. It is
important to realize that there can be degrees of trust; unlike security, trust is not a
dichotomy.
A trusted Operating System is one that provides the following facilities in a consistent and
effective way
Memory protection
File protection
General object access control
User authentication
Assurance criteria are specified to enable evaluation. It was originally motivated by military
applications, but now is much wider. Common examples are Orange Book (Trusted
Computer System Evaluation Criteria) and Common Criteria.
Common Criteria or CC is an international standard (ISO/IEC 15408) for computer security
certification. It is currently in version 3.1. Common Criteria is a framework in which
computer system users can specify their security functional and assurance requirements,
vendors can then implement and/or make claims about the security attributes of their
products, and testing laboratories can evaluate the products to determine if they actually
meet the claims.
7.9 Keywords
Audit Policy: The audit policy should specify what events are to be logged for later analysis.
Trusted System: A trusted system connotes one that meets the intended security requirements,
is of high enough quality, and justifies the user’s confidence in that quality.
7.10 Review Questions
1. What do you mean by a trusted system?
2. What are trusted operating system?
3. Explain the various security features of a trusted operating system.
4. Discuss, “Assurance in trusted operating system”.
5. Write short notes on the following:
(a) Trusted Computing Base
(b) Kernalized base
(c) Orange Book
Answers: Self Assessment
1. True 2. True
3. False 4. False
86 LOVELY PROFESSIONAL UNIVERSITY
