资料下载
信息安全评估研究
手托初梦
分享资料个
介绍了信息安全评估的定义、标准及其发展,重点讨论了可信计算机系统评估准则中机构化保护级评估标准安全策略中的自主访问控制、客体重用、标记(标记完整性和标记信息的输出)和强制访问控制;责任中的身份鉴别和审计;保证中的操作保证(系统结构、系统完整性、隐蔽信道分析和可信设施管理)和生命周期保障(安全测试、设计说明书和检验以及配置管理);文档中的安全特征用户指南、可信设施指南、测试文档和设计文档。最后,将机构化保护级与信息技术安全评估通用准则中的测试级5进行了比较分析.
This paper introduces the definition, standard and development on evaluation of information security; emphasis on Class of B2 in TCSEC, especially the security policy of B2, such as discretionary access control, object reuse, Labels (label integrity and exportation of labeled information) and mandatory access control. this paper also studies and analyses the other requirements for class B2, such as identification and authentication in the requirement of accountability; operational assurance (system architecture, system integrity, covert channel analysis and trusted facility management) and life-cycle assurance (security testing, design specification and verification and configuration management) in the requirement of assurance; security features user’s guide, trusted facility manual, test documentation and design documentation in the requirement of documentation. in the end of this paper, we study and comparatively analyses the class of B2 with the class of EAL5 in CC.
声明:本文内容及配图由入驻作者撰写或者入驻合作网站授权转载。文章观点仅代表作者本人,不代表电子发烧友网立场。文章及其配图仅供工程师学习之用,如有内容侵权或者其他违规问题,请联系本站处理。 举报投诉
- 相关下载
- 相关文章
