Abstract :
The author urges the thorough review and rapid adoption of the Trusted Critical Computer Systems Evaluation Criteria (TCCSEC) provided to the US Air Force. The TCCSEC is a modification to the Orange Book (TCSEC). The author notes that those who know and use the Orange Book should find it easy to understand and adapt to the following changes comprised by the TCCSEC: the idea of criticality replaces the corresponding idea of sensitivity throughout the document; the Biba model replaces Bell-LaPadula in mandatory access, object reuse, and convert channels; the use of integrity and assurance of service detection mechanisms and recovery within a prespecified critical time defined for functions and resources; and the specification of malicious code mechanisms, including change protection, enhanced audit, and restriction of code, user, and system operations beyond normal
Keywords :
data integrity; Orange Book; TCCSEC; Trusted Critical Computer Systems Evaluation Criteria; change protection; convert channels; enhanced audit; mandatory access; object reuse; recovery; service detection mechanisms; Access control; Authentication; Books; Costs; Logic; Military computing; Object detection; Protection; Software safety; Subcontracting;
