Division D Minimal Protection

Division C Discretionary Protection

C1 Discretionary Security Protection
Identification and authentication
Separation of users and data
Discretionary protection of resources
C2 Controlled Access Protection
More finely grained DAC
Individual accountability through login procedures
Object reuse
Protect audit trail
Resource isolation
Required System Documentation and user manuals.

Division B Mandatory Protection

B1 Labeled Protection
Labels and mandatory access control
Process isolation in system architecture
Design specifications and verification
Device labels
Informal statement of the security policy model
Data sensitivity labels
Mandatory Access Control (MAC) over select subjects and objects
Label exportation capabilities
All discovered flaws must be removed or otherwise mitigated
Design specifications and verification
B2 Structured Protection -Config Mgt*
Device labels and subject sensitivity labels
Trusted path
Separation of operator and administrator functions*
Covert channel analysis
Security policy model clearly defined and formally documented
DAC and MAC enforcement extended to all subjects and objects
Covert storage channels are analyzed for occurrence and bandwidth
Carefully structured into protection-critical and non-protection-critical elements
Design and implementation enable more comprehensive testing and review
Authentication mechanisms are strengthened
Trusted facility management is provided with administrator and operator segregation
Strict configuration management controls are imposed
B3 Security Domains
Security administrator role defined*
Trusted recovery*
Monitor events and notify security personnel
Satisfies reference monitor requirements
Structured to exclude code not essential to security policy enforcement
Significant system engineering directed toward minimizing complexity
Security administrator role defined
Audit security-relevant events
Automated imminent intrusion detection, notification, and response
Trusted system recovery procedures
Covert timing channels are analyzed for occurrence and bandwidth
An example of such a system is the XTS-300, a precursor to the XTS-400

Division A Verified Protection (very few)

A1 Verified Design
Formal methods of design and testing
Functionally identical to B3
Formal design and verification techniques including a formal top-level specification
Formal management and distribution procedures

Bell-LaPadula (MAC)
Biba (Integrity)
NO WRITE DOWN
NO WRITE UP
NO READ UP
NO READ DOWN
USER<=File to write USER =>File to Write

Clark-Wilson
Integrity
Separation of Duties
App Authentication
1. Least Privelege
2. Separation of Duty
3. Rotation of duties

Column
Atribute
Degree
CAD / CRT
Cardinality
Rows
Tuple

Concept
Exposure Factor
Singel Loss Expectancy
Annualized Rate of Occurance (ARO)
Annualized Loss of Expectancy (ALE)

Formula
% of Loss caused by threat
Asset Value x Exposure Factor (EF)
Frequency of threat occurance per year
Single Loss Expectancy (SLE) x
Away
Pizza
Sausage
Take
Not
Do
Please

EAL 1 Functionally tested

EAL 2 Structurally tested
EAL 3 Methodically tested and checked
EAL 4 Methodically designed, tested, and reviewed
EAL 5 Semiformally designed and tested
EAL 6 Semiformally verified design and tested
EAL 7 Formally verified design and tested
EAL measures how the needs are met
Protection Profiles describe objectives, and the environmental, functional, and assurance level expectations
Target of Evaluation (TOE) Product proposed to provide the needed security solution
Security Target Written by vendor explaining mechanisms that meet security and assurance requirements
Evaluated Products List EPL- list of evaluated products
Threat Agents Can Exploit A Vulnerability Resulting in A Risk
Virus
Lack of antivirus software
Virus Infection
Hacker
services running on a server Unauthorized access to information
Fire
Lack of fire extinguishers
System malfunction
CANONS
Protect society, the commonwealth, and the infrastructure
Act honorably, honestly, justly, responsibly, and legally
Provide diligent and competent service to principals

A
Priest
Saw
Ten
Nuns
Doing
Pushups

Confidentiality
Integrity
Availability
CIA / DAD
Disclosure
Alteration
Destruction

OSI
Application
Presentation
Session
Transport
Network
Datalink
Physical

TCP/IP
Application

Transport
Internet
Network Interface

Advance and protect the profession