Criteria for the security of computer systems

Criteria for the security of computer systems were first developed in 1983 by the US Department of Defense. They are definitions of requirements for hardware, software and special software called "Criteria for assessing the security of computer systems", which have received the unofficial name "Orange Book".

Criteria for the security of computer systems were first developed in 1983 by the US Department of Defense

Criteria for the security of computer systems assume three categories of security requirements: security policy, audit (monitoring of actions), correctness. Within these categories, six basic criteria for the security of computer systems are formulated.

  1. Security Policy. A computer system must support an explicitly defined security policy. The ability of entities to access objects should be determined based on their identification and a set of access control rules. Where possible, Mandatory Access Control should be used to effectively demarcate access to the amount of information of varying degrees of confidentiality. There are two types of security policies: Discrete (discretionary) and Mandatory. The basis of discrete security policy is discretionary access control, which is determined by two properties: all subjects and objects must be identified; The access rights of the subject to the object are determined on the basis of a certain set of rules. To the merits of a discrete security policy can be attributed relatively simple implementation of appropriate mechanisms for protecting information. This is due to the fact that most of the currently used computer systems provide a discrete security policy.
  2. Tags. Each access object in the computer system must have a security label, used as the initial information for performing access control procedures.
  3. Identification and Authentication. All subjects must have unique identifiers. Access of the subject to the resources of the computer system should be based on the results of identification and authentication of their identifiers (authentication). Identifiers and authentication data must be protected from unauthorized access, modification and destruction.
  4. Registration and accounting. To determine the degree of responsibility of users for actions in the system, all events occurring in it, which are important for maintaining confidentiality and integrity of information, should be monitored and registered in the protected object (log file). The registration system should analyze the overall flow of events and distinguish from it only those events that affect security. Access to the audit object for viewing should only be allowed to a special group of users - auditors. The record should only be allowed to the subject personifying the system.
  5. Control of the correct functioning of the protection. All security products that provide a security policy must be under the control of means that verify the correctness of their functioning and be independent of them.
  6. Continuity of protection. All protective equipment must be protected against unauthorized use or shutdown. Protection must be permanent and continuous in any mode of operation of the system, protection and computer system. This requirement should extend to the entire life cycle of the computer system.

Tools