Naval Postgraduate School
Dudley Knox Library
NPS Dudley Knox Library
View Item 
  •   Calhoun Home
  • Faculty and Researchers
  • Faculty and Researchers' Publications
  • View Item
  •   Calhoun Home
  • Faculty and Researchers
  • Faculty and Researchers' Publications
  • View Item
  • How to search in Calhoun
  • My Accounts
  • Ask a Librarian
JavaScript is disabled for your browser. Some features of this site may not work without it.

Browse

All of CalhounCollectionsThis Collection

My Account

LoginRegister

Statistics

Most Popular ItemsStatistics by CountryMost Popular Authors

Assurance Considerations for a Highly Robust TOE

Thumbnail
Download
Icon07paper_ICCC.pdf (908.9Kb)
Download Record
Download to EndNote/RefMan (RIS)
Download to BibTex
Author
Nguyen, Thuy D.
Irvine, Cynthia E.
Levin, Timothy E.
McEvilley, Michael
Date
2007-09-01
Metadata
Show full item record
Abstract
The U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness (SKPP) is undergoing evaluation. During its authoring process, new extended functional and assurance requirements were introduced to resolve assurance issues associated with TOE hardware, trusted initialization and trusted recovery. For high robustness, domain separation and self-protection are architectural assurances only realistically achieved with hardware support. Since the Common Criteria does not include requirements for establishing assurance in security-relevant hardware mechanisms, a new Platform Assurance class was introduced. It provides a framework to determine the security relevance of commercially-available hardware based on its interfaces to software and to establish trust in those hardware mechanisms deemed security-relevant. Requirements for TOE initialization behavior and for establishing trust in that behavior are not prescribed in the CC Version 2.3. Although CC Version 3.1 does define secure initialization assurances, they are not sufficient for high robustness. A new Trusted Initialization assurance family was introduced to require a TOE initialization function that reliably establishes the TSF in an initial secure state, verifies TSF integrity during initialization, handles failures during initialization, does not arbitrarily interact with the TSF following TOE initialization, provides self-protection during initialization, and addresses the threat that the TSF is initialized by other components executing on the TOE.Existing trusted recovery requirements emphasize the means of failure handling (i.e., manual versus automated) instead of protecting against further compromise during a recovery from an insecure state to a secure state. Extended trusted recovery requirements were introduced to require the TSF to attempt self-recovery to a secure state when the TSF detects that it is in an insecure state. To avoid ambiguity, the TOE developer must enumerate pair-wise recovery conditions and their associated actions and provide appropriate evidence that secure state results from the identified action.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
URI
http://hdl.handle.net/10945/7149
Collections
  • Center for Cybersecurity and Cyber Operations (C3O) Papers
  • Faculty and Researchers' Publications

Related items

Showing items related by title, author, creator and subject.

  • Thumbnail

    A Note on High Robustness Requirements for Separation Kernels 

    Levin, Timothy E.; Irvine, Cynthia E.; Nguyen, Thuy D. (International Common Criteria Conference (ICCC 05), September 28-29, 2005., 2005-09-28);
    The development of a protection profile for high-robustness separation kernels requires explicit modifications of several Common Criteria requirements as well as extrapolation from existing (e.g., medium assurance) guidance ...
  • Thumbnail

    Design and implementation of an audit subsystem for a separation kernel 

    Toh, Boon Pin (Monterey, California. Naval Postgraduate School, 2010-12);
    A separation kernel can be used as the foundation of a high assurance system that enforces mandatory security policies. The contexts in which such separation kernels might be used include support for a distributed trusted ...
  • Thumbnail

    IPSec-based dynamic security services for the MYSEA environment 

    Horn, John F. (Monterey, California. Naval Postgraduate School, 2005-06);
    It is recognized that security services in information-processing systems require access to finite resources in the execution of their duties. In response to the changing threats faced by a system and/or the availability ...
NPS Dudley Knox LibraryDUDLEY KNOX LIBRARY
Feedback

411 Dyer Rd. Bldg. 339
Monterey, CA 93943
circdesk@nps.edu
(831) 656-2947
DSN 756-2947

    Federal Depository Library      


Start Your Research

Research Guides
Academic Writing
Ask a Librarian
Copyright at NPS
Graduate Writing Center
How to Cite
Library Liaisons
Research Tools
Thesis Processing Office

Find & Download

Databases List
Articles, Books & More
NPS Theses
NPS Faculty Publications: Calhoun
Journal Titles
Course Reserves

Use the Library

My Accounts
Request Article or Book
Borrow, Renew, Return
Tech Help
Remote Access
Workshops & Tours

For Faculty & Researchers
For International Students
For Alumni

Print, Copy, Scan, Fax
Rooms & Study Spaces
Floor Map
Computers & Software
Adapters, Lockers & More

Collections

NPS Archive: Calhoun
Restricted Resources
Special Collections & Archives
Federal Depository
Homeland Security Digital Library

About

Hours
Library Staff
About Us
Special Exhibits
Policies
Our Affiliates
Visit Us

NPS-Licensed Resources—Terms & Conditions
Copyright Notice

Naval Postgraduate School

Naval Postgraduate School
1 University Circle, Monterey, CA 93943
Driving Directions | Campus Map

This is an official U.S. Navy Website |  Please read our Privacy Policy Notice  |  FOIA |  Section 508 |  No FEAR Act |  Whistleblower Protection |  Copyright and Accessibility |  Contact Webmaster

Export search results

The export option will allow you to export the current search results of the entered query to a file. Different formats are available for download. To export the items, click on the button corresponding with the preferred download format.

A logged-in user can export up to 15000 items. If you're not logged in, you can export no more than 500 items.

To select a subset of the search results, click "Selective Export" button and make a selection of the items you want to export. The amount of items that can be exported at once is similarly restricted as the full export.

After making a selection, click one of the export format buttons. The amount of items that will be exported is indicated in the bubble next to export format.