Configuration management evaluation guidance for high robustness systems

Download
Author
Gross, Michael E.
Date
2004-03Advisor
Irvine, Cynthia
Levin, Tim
Second Reader
Irvine, Nelson
Metadata
Show full item recordAbstract
Configuration Management (CM) plays a vital role in the development of trusted computing systems. The Common Criteria (CC) provides a framework for performing Information Technology (IT) security evaluations of these systems and further emphasizes CM's role in the development and evaluation process by specifying a minimum set of CM qualities for each Evaluated Assurance Level (EAL). As an evaluation guide, the Common Methodology for Information Technology Security Evaluation, Part 2: Evaluation Methodology (CEM), recommends a set of minimum CM guidelines which can be used by evaluators in the performance of a CM evaluation at the lower Evaluated Assurance Levels. Evaluators and developers will quickly note the CEM's lack of recommended CM guidelines at the higher assurance levels. Thorough study of the listed references supports the hypothesis for this work: Configuration Management guidelines are useful in the evaluation of trusted computing systems. As an assurance mechanism, complete CM guidance helps users of high assurance products obtain a degree of confidence the system security requirements operate as intended and do not contain clandestine code. Complete CM guidance provides evaluators with a "completed assurance scale" and ensures only authorized changes were made to the TOE during development. Useful CM guidelines at the higher assurance levels (EAL5, 6, and 7) will help developers and evaluators ensure products meet the minimum requirements needed for high assurance systems.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
The Trusted Computing Exemplar Project
Irvine, Cynthia E.; Levin, Timothy E.; Nguyen, Thuy D.; Dinolt, G. W. (IEEE, 2004-06-00);We describe the Trusted Computing Exemplar project, which is producing an openly distributed worked example of how high assurance trusted computing components can be built. The TCX project encompasses four related activities: ... -
The Trusted Computing Exemplar Project
Irvine, Cynthia E.; Levin, Timothy E.; Nguyen, Thuy D.; Dinolt, George W. (2004-06);We describe the Trusted Computing Exemplar project, which is producing an openly distributed worked example of how high assurance trusted computing components can be built. The TCX project encompasses four related activities: ... -
TCX Project: High Assurance for Secure Embedded Systems
Nguyen, Thuy D.; Levin, Timothy E.; Irvine, Cynthia E. (Naval Postgraduate School (U.S) Department of Computer Science, 2005-03-00);An overview of the Trusted Computing Exemplar (TCX) research project and its accomplishments to date are presented. The TCX project is constructing a separation kernel that will be high assurance and suitable for use in ...