Title :
Symbol security condition considered harmful
Author :
Schaefer, Marvin
Author_Institution :
Trusted Inf. Syst. Inc., Glenwood, MD, USA
Abstract :
The author identifies. interprets, and examines the requirements in the Department of Defense trusted computer system evaluation criteria (TCSEC) for the application of formal methods to the system design. The requirements are placed in their historical context to trace their origin. The TCSEC is found to have eliminated some widely-accepted, and critical, security assurance and analysis processes from its trust requirements. It is concluded that despite the flaws and omissions that occur in the published TCSEC, formal design verification is still of some potential value. However, use should not be considered to be an end in itself and may be harmful if applied as such
Keywords :
security of data; software engineering; Department of Defense trusted computer system evaluation criteria; TCSEC; formal design verification; formal methods; security analysis; security assurance; symbol security condition; system design; Application software; Computer errors; Computer security; Design engineering; Error correction; Information security; Information systems; National security; System analysis and design; Testing;
Conference_Titel :
Security and Privacy, 1989. Proceedings., 1989 IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-1939-2
DOI :
10.1109/SECPRI.1989.36275
