• DocumentCode
    86041
  • Title

    The Birth and Death of the Orange Book

  • Author

    Lipner, Steven B.

  • Volume
    37
  • Issue
    2
  • fYear
    2015
  • fDate
    Apr.-June 2015
  • Firstpage
    19
  • Lastpage
    31
  • Abstract
    This article traces the origins of US government-sponsored computer security research and the path that led from a focus on government-funded research and system development to a focus on the evaluation of commercial products. That path led to the creation of the Trusted Computer System Evaluation Criteria (TCSEC), or Orange Book. The TCSEC placed great emphasis on requirements for mandatory security controls and high assurance, and the resulting TCSEC evaluation process was time-consuming and costly for commercial vendors and emphasized product features not valued by customers. As a result, vendor commitment to evaluations waned. The TCSEC was eventually supplanted by the international Common Criteria, which after almost 15 years, have moved to a model based on more straightforward requirements and a more deterministic evaluation process.
  • Keywords
    government policies; security of data; trusted computing; Orange Book; TCSEC evaluation process; US government-sponsored computer security research; commercial product evaluation; government-funded research and system development; international common criteria; trusted computer system evaluation criteria; Computer security; Operating systems; Research and development; US Department of Defense; Common Criteria; Orange Book; TCSEC; access controls; computer security; history of computing; information flow controls; security kernels;
  • fLanguage
    English
  • Journal_Title
    Annals of the History of Computing, IEEE
  • Publisher
    ieee
  • ISSN
    1058-6180
  • Type

    jour

  • DOI
    10.1109/MAHC.2015.27
  • Filename
    7116444
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=86041