Trusted products evaluation

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Trusted products evaluation

Full text

Pdf (4.09 MB)

Source

Communications of the ACM archive
Volume 35 , Issue 7 (July 1992) table of contents

Pages: 64 - 76

Year of Publication: 1992

ISSN:0001-0782

Author

Santosh Chokhani

MITRE Corp., McLean, VA

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 8, Downloads (12 Months): 44, Citation Count: 9

Additional Information:

references cited by index terms review

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/129902.129907 What is a DOI?

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Bell, D.E. and LaPadula, LJ. Secure Computer Systems: Unified Exposition and Multics Interpretation. MITRE Corporation, MTR-2997, 1976.
	2	Biba, K.J. Integrity Considerations for Secure Computer Systems. MITRE Corporation, MTR-3153, June 1975.
	3	Chokhani, S. and Wagner, G. System Architecture Requirements in Trusted Computing Bases. MITRE Working Paper 89W262, August 1989.
	4	Cummings, ET., Fullman, D.A., Goldstein, M.J., Gosselin, M.J., Picciotto, J., Woodward, J.P.L. and Wynn, J. Compartmented mode workstation: Results through prototyping. In Proceedings of 1987 IEEE Symposium on Security and Privacy, (April 1987).
	5	Dorothy Elizabeth Rob Denning, Cryptography and Data Security, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1982
	6	Department of Defense. Password Management Guidelines. CSC-STD- 002-85, April 1985.
	7	Department of Defense. Trusted Computer System Evaluation Criteria. DOD 5200.28-STD, December 1985.
	8	R. S. Fabry, Capability-based addressing, Communications of the ACM, v.17 n.7, p.403-412, July 1974 [doi>10.1145/361011.361070]
	9	Leslie Lamport, Latex: a document preparation system, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1989
	10	Butler W. Lampson, A note on the confinement problem, Communications of the ACM, v.16 n.10, p.613-615, Oct. 1973 [doi>10.1145/362375.362389]
	11	Millen, J.K. An example of a formal flow violation. In Proceedings of the 1EEE Computer Society 2d International Computer Software and Applications Conference. (November, 1978).
	12	Jerome H. Saltzer, Protection and the control of information sharing in multics, Communications of the ACM, v.17 n.7, p.388-402, July 1974 [doi>10.1145/361011.361067]
	13	Saltzer, J.H. and Schroeder, M.D. The protection of and control of information sharing in computer systems. In Proceedings of the IEEE 63, 9 (September 1975).
	14	Saydjari, O.S., Beckman, J.M. and Leaman, J.R. LOCK Trak: Navigating Uncharted Space. In Proceedings of 1989 1EEE Computer Society Symposium on Security and Privacy, May 1989.
	15	Michael D. Schroeder , Jerome H. Saltzer, A hardware architecture for implementing protection rings, Communications of the ACM, v.15 n.3, p.157-170, March 1972 [doi>10.1145/361268.361275]
	16	Saydjari, O.S., Beckman, J.M. and Leaman, J.R. LOCKing Computers Securely. In Proceedings of the lOth National Computer Security Conference, (October 1987).
	17	Ken Thompson, Reflections on trusting trust, Communications of the ACM, v.27 n.8, p.761-763, Aug 1984 [doi>10.1145/358198.358210]
	18	National Computer Security Center. Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria. NCSCV-TG-005 Version 1, July 1987.
	19	National Computer Security Center. A Guide to Understanding Discretionary Access Control in Trusted Systems. NCSC-TG-003 Version 1, September 1987.
	20	National Computer Security Center. A Guide to Understanding Configuration Management in Trusted Systems. NCSC-TG-006 Version 1, March 1988.
	21	National Computer Security Center. A Guide to Understanding Audit in Trusted Systems. NCSC-TG-001 Version 2, June 1988.
	22	National Computer Security Center. Computer Security Subsystem Interpretation. NCSC-TG-009 Version 1, September 1988.
	23	National Computer Security Center. A Guide to Understanding Design Documentation in Trusted Systems. NCSC-TG-007 Version 1, October 1988.
	24	National Computer Security Center. Guidelines for Formal Verification Systems. NCSC-TG-014 Version 1, April 1989.
	25	National Computer Security Center. Rating Maintenance Phase-- Program Document. NCSC-TG-013 Version 1, June 1989.
	26	National Computer Security Center. Trusted UNIX Working Group (TRUS1X) Rationale for Selecting Access Control List Features for the UNIX System. NCSC-TG-020-A Version 1, August 1989.
	27	National Computer Security Center. A Guide to Understanding Trusted Facility Management. NCSC-TG-015 Version 1, October 1989.
	28	National Computer Security Center. Trusted Product Evaluation Questionnaire. NCSC-TG-019 Version 1, October 1989.
	29	National Security Agency. Information Systems Security Products and Services Catalog. Issued Quarterly, April 1990 and successors.

CITED BY 9

	Hank M. Kluepfel, Securing a global village and its resources: baseline security for interconnected signaling system #7 telecommunications networks, Proceedings of the 1st ACM conference on Computer and communications security, p.195-212, November 03-05, 1993, Fairfax, Virginia, United States
	Richard E. Smith, Cost profile of a highly assured, secure operating system, ACM Transactions on Information and System Security (TISSEC), v.4 n.1, p.72-101, Feb. 2001
	Dorothy E. Denning, A new paradigm for trusted systems, Proceedings on the 1992-1993 workshop on New security paradigms, p.36-41, August 1993, Little Compton, Rhode Island, United States
	Elisa Bertino , Claudio Bettini , Pierangela Samarati, A temporal authorization model, Proceedings of the 2nd ACM Conference on Computer and communications security, p.126-135, November 1994, Fairfax, Virginia, United States
	H. M. Gladney, Access control for large collections, ACM Transactions on Information Systems (TOIS), v.15 n.2, p.154-194, April 1997
	HweeHwa Pang , Arpit Jain , Krithi Ramamritham , Kian-Lee Tan, Verifying completeness of relational query results in data publishing, Proceedings of the 2005 ACM SIGMOD international conference on Management of data, June 14-16, 2005, Baltimore, Maryland
	E. V. Krishnamurthy , A. McGuffin, On the design and administration of secure database transactions, ACM SIGSAC Review, v.10 n.2-3, p.63-70, Spring/Summer 1992
	Mikko T. Siponen, A paradigmatic analysis of conventional approaches for developing and managing secure IS, Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge, June 11-13, 2001, Paris, France
	Hweehwa Pang , Kian-Lee Tan, Verifying Completeness of Relational Query Answers from Online Servers, ACM Transactions on Information and System Security (TISSEC), v.11 n.2, p.1-50, March 2008

INDEX TERMS

Primary Classification:
D. Software
D.4 OPERATING SYSTEMS

Additional Classification:
D. Software
D.2 SOFTWARE ENGINEERING
D.2.0 General
Subjects: Protection mechanisms
D.2.9 Management
Subjects: Software quality assurance (SQA)

H. Information Systems
H.2 DATABASE MANAGEMENT
H.2.0 General
Subjects: Security, integrity, and protection**

K. Computing Milieux
K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS

General Terms:
Security, Standardization

Keywords:
TCSEC, covert channel analysis, integrity, security, trust

REVIEW

"Jonathan K. Millen : Reviewer"

Commercial computer system products acquired by the US government to handle classified or other sensitive information must meet a security standard known as the “Orange Book.” Products are evaluated by the National Comp more...

Adobe Acrobat

QuickTime

Windows Media Player

Real Player