|
A Guide to Understanding Trusted Distribution in Trusted Systems
CONTENTS
FOREWORD i
ACKNOWLEDGMENTS ii
1. INTRODUCTION 1
1.1 PURPOSE 1
1.2 SCOPE 2
1.3 CONTROL OBJECTIVE 2
2. OVERVIEW OF TRUSTED DISTRIBUTION 3
2.1 THREATS 3
2.2 PURPOSE OF TRUSTED DISTRIBUTION 5
2.3 LIFE-CYCLE ASSURANCE 6
2.3.1 Assurance for Different Types of Production 7
3. THE TCSEC REQUIREMENTS FOR TRUSTED DISTRIBUTION 9
4. IMPLEMENTATION METHODS 11
4.1 PROTECTIVE PACKAGING 12
4.1.1 Shrink Wrapping 13
4.1.2 Active Systems 14
4.1.3 Tamper-Resistant Seals 14
4.2 COURIERS 15
4.3 REGISTERED MAIL 16
4.4 MESSAGE AUTHENTICATION CODES 17
4.5 ENCRYPTION 18
4.6 SITE VALIDATION 18
4.6.1 Checksum Programs 19
4.6.2 Inventory 20
4.6.3 Engineering Inspection 21
5. SAMPLE IMPLEMENTATION 23
5.1 TRUSTED DISTRIBUTION OF HARDWARE, FIRMWARE, AND SOFTWARE 23
5.2 TRUSTED DISTRIBUTION OF DOCUMENTATION 23
6. SUMMARY OF TRUSTED DISTRIBUTION 25
GLOSSARY 27
REFERENCES 31
|
