Successful acquisition of certifiable application systems (or: How not to shake hands with the tar baby)

Author

Froscher, J.N. ; McDermott, J.P. ; Payne, C.N. ; Lubbes, H.O.

Author_Institution

Center for Secure Inf. Technol., Naval Res. Lab., Washington, DC, USA

fYear

1990

fDate

3-7 Dec 1990

Firstpage

414

Lastpage

422

Abstract

The authors have investigated how to certify the trustworthiness of application systems built to satisfy stringent security requirements and have undertaken the certification analysis of two command and control systems targeted at the B3 class of the DoD Trusted Computer System Evaluation Criteria (TCSEC). Based on these experiences, the authors have gained many insights into the certification and procurement of trusted application systems. Certifying a trusted application system in a contractual environment presents both technical and programmatic challenges. The procurement policy must to some extent take into account the certification approach. This paper documents some of the lessons learned during the authors´ investigations

Keywords

command and control systems; fault tolerant computing; security of data; B3 class; DoD Trusted Computer System Evaluation Criteria; certifiable application systems; certification analysis; command and control systems; contractual environment; procurement policy; security requirements; systems acquisition; trustworthiness; Application software; Certification; Command and control systems; Computer security; Information security; Information technology; Military computing; National security; Pediatrics; Procurement;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Applications Conference, 1990., Proceedings of the Sixth Annual

Conference_Location

Tucson, AZ

Print_ISBN

0-8186-2105-2

Type

conf

DOI

10.1109/CSAC.1990.143817

Filename

143817