Computer and Communications Security and Privacy: Hearings Before the Subcommittee on Transportation, Aviation, and Materials of the Committee on Science and Technology, U.S. House of Representatives, Ninety-eighth Congress, First Session, September 26; October 17, 24, 1983
United States. Congress. House. Committee on Science and Technology. Subcommittee on Transportation, Aviation, and Materials
U.S. Government Printing Office, 1983 - 546 pages
Other editions - View all
able abuse access control actions activities administrator ADP system agencies applications associated assure audit authorized believe CARNEY Center channels classified communications computer security computer systems concern crime Defense defined Department describe devices documentation effective electronic enforce established evaluation example Federal formal fraud functions GLICKMAN going Government hackers hardware identified implementation individual Integrity internal involved issue labels maintain McCLARY mechanisms named object Office operating passwords PATRICK personnel plans problem procedures protection question record requirements responsibility risk sector security level security policy sensitivity specific Standards statement technical telecommunications testing Thank things trusted unauthorized vulnerabilities
Page 373 - Object is defined as a passive entity that contains or receives information. Access to an object potentially implies access to the information it contains. Examples of objects are: records blocks, pages, segments, files, directories, directory trees, and programs, as well as bits, bytes, words, fields, processors, video displays, keyboards, clocks, printers, network nodes, etc.
Page 299 - A formal model of the security policy supported by the TCB shall be maintained over the life cycle of the ADP system that is proven and demonstrated to be consistent with its axioms.
Page 376 - Top-Level Specification (TLS) - A non-procedural description of system behavior at the most abstract level. Typically a functional specification that omits all implementation details. Trap Door - A hidden software or hardware mechanism that permits system protection mechanisms to be circumvented. It is activated in some non-apparent manner (eg, special "random
Page 229 - CVS's is maintained by the Institute for Computer Sciences and Technology (ICST) at the National Bureau of Standards' (NBS) located in Building 225, Room A266 at Gaithersburg, MD.
Page 357 - A descriptive top-level specification (DTLS) of the TCB shall be maintained that completely and accurately describes the TCB in terms of exceptions, error messages, and effects.
Page 372 - A mathematically precise statement of a security policy. To be adequately precise, such a model must represent the initial state of a system, the way in which the system progresses from one state to another, and a definition of a secure state of the system. To be acceptable as a basis for a TCB, the model must be supported by a formal proof that if the initial state of the system satisfies the definition of a secure...
Page 333 - need-to-know" or access controls beyond those normally provided for access to Confidential, Secret, or Top Secret information. Such a program may include, but is not limited to, special clearance, adjudication, or investigative requirements, special designations of officials authorized to determine "need-to-know," or special lists of persons determined to have a "need-to-know.
Page 307 - Sensitivity labels associated with each ADP system resource (eg, subject, storage object, ROM) that is directly or indirectly accessible by subjects external to the TCB shall be maintained by the TCB. These labels shall be used as the basis for mandatory access control decisions.
Page 375 - Security testing — a process used to determine that the security features of a system are implemented as designed and that they are adequate for a proposed application environment. This process includes hands-on functional testing, penetration testing, and verification. See also: Functional Testing, Penetration Testing, Verification.