华安信达
主页 安全服务 安全知识 安全论坛 关于我们

资源目录

 
 “彩虹系列”丛书:A GUIDE TO UNDERSTANDING TRUSTED FACILITY MANAGEMENT 英文目录

A GUIDE TO UNDERSTANDING TRUSTED FACILITY MANAGEMENT

TABLE OF CONTENTS
FOREWORD i
ACKNOWLEDGMENTS ii
PREFACE iii
1. INTRODUCTION 1
1.1. PURPOSE 1
1.2. SCOPE 2
1.3. CONTROL OBJECTIVES 3
2. SECURITY ADMINISTRATION - THE PROBLEM 4
3. TCSEC REQUIREMENTS FOR TRUSTED FACILITY MANAGEMENT 5
3.1. REQUIREMENTS FOR SECURITY CLASS B2 5
3.1.1. Security Policy 5
3.1.2. Accountability 5
3.1.3. Operational Assurance 5
3.1.3.1. System Architecture 5
3.1.3.2. Trusted Facility Management 6
3.1.4. Life-Cycle Assurance 6
3.1.4.1. Security Testing 6
3.1.4.2. Design Specification and Verification 6
3.1.4.3. Configuration Management 7
3.1.5. Documentation 7
3.1.5.1. Trusted Facility Manual 7
3.1.5.2. Test Documentation 8
3.1.5.3. Design Documentation 8
3.2. REQUIREMENTS FOR SECURITY CLASS B3 9
3.2.1. Security Policy 9
3.2.2. Accountability 9
3.2.3. Operational Assurance 9
3.2.3.1. System Architecture 9
3.2.3.2. Trusted Facility Management 9
3.2.3.3. Trusted Recovery 11
3.2.4. Life-Cycle Assurance 11
3.2.4.1. Security Testing 11
3.2.4.2. Design Specification and Verification 11
3.2.4.3. Configuration Management 11
3.2.5. Documentation 11
3.2.5.1. Trusted Facility Manual 11
3.2.5.2. Test Documentation 11
3.2.5.3. Design Documentation 11
3.3. REQUIREMENTS OF SECURITY CLASS A1 12
3.3.1. Additional Life-Cycle Assurance Requirements 12
3.3.1.1. Configuration Management 12
3.3.1.2. Trusted Distribution 12
4. SATISFYING THE TCSEC REQUIREMENTS 13
4.1. SEPARATION OF ADMINISTRATOR AND OPERATOR 13
4.1.1. Security-Relevant Functions of the System Administrator 16
4.1.2. Security-Relevant Functions of the Operator 17
4.2. SEPARATION OF SECURITY AND NONSECURITY-RELEVANT FUNCTIONS 17
4.3. IMPACT OF OTHER TCSEC REQUIREMENTS 19
5. SEPARATION OF OPERATOR'S AND ADMINISTRATOR'S ROLES 21
5.1. FUNCTIONS OF THE SECURITY ADMINISTRATOR 24
5.2. FUNCTIONS OF THE SECURE OPERATOR 30
5.3. FUNCTIONS OF THE ACCOUNT ADMINISTRATOR 31
5.4. FUNCTIONS OF THE AUDITOR 32
5.5. FUNCTIONS OF THE OPERATOR 36
5.6. FUNCTIONS OF THE SYSTEM PROGRAMMER 37
5.7. OTHER ROLES 38
5.8. RELATIONSHIP AMONG ADMINISTRATIVE ROLES 39
6. IMPACT OF OTHER TCSEC REQUIREMENTS 42
6.1. SECURITY POLICY 42
6.2. ACCOUNTABILITY 43
6.3. ASSURANCE 44
6.3.1. Operational Assurance 44
6.3.2. Life-Cycle Assurance 46
6.4. DOCUMENTATION 46
GLOSSARY 47
REFERENCES 58
 

 
©2003 华安信达(China CISSP)计算机系统安全咨询网