On models for a trusted application system

Author

Payne, C.N. ; Froscher, J.N. ; McDermott, J.P.

Author_Institution

Center for Secure Inf. Technol., Naval Res. Lab., Washington, DC, USA

fYear

1990

fDate

3-7 Dec 1990

Firstpage

58

Lastpage

67

Abstract

A trusted application system must support the processing needs of a specific operating environment. Its security policy includes many constraints that are specific to the application, so the trusted application system can be more difficult to develop and evaluate than a trusted product. One approach for reducing the development and evaluation effort for a trusted application system is to build the system on an evaluated product. Among other advantages, this approach may relieve the developer from demonstrating that the application´s trusted computing base enforces those application policies that are enforced by the evaluated product. The authors discuss their thoughts on modeling a trusted application system based on an evaluated product. They identify some lessons learned from experience in evaluating a trusted application system formal model and provide a set of guidelines for writing a formal model for a trusted application system based on an evaluated product

Keywords

programming; safety; security of data; TCB; application policies; evaluated product; formal model; processing needs; security policy; specific operating environment; trusted application system; trusted computing base; Application software; Command and control systems; Computer applications; Guidelines; Information security; Information systems; Information technology; Monitoring; Writing;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Applications Conference, 1990., Proceedings of the Sixth Annual

Conference_Location

Tucson, AZ

Print_ISBN

0-8186-2105-2

Type

conf

DOI

10.1109/CSAC.1990.143752

Filename

143752