|
A Guide to Understanding Trusted Recovery in Trusted Systems
TABLE OF CONTENTS
FOREWORD
ACKNOWLEDGMENTS
1.0 INTRODUCTION
1.1 Background
1.2 Purpose
1.3 Scope
1.4 Control Objective
1.5 Document Overview
2.0 FAILURES, DISCONTINUITIES, AND RECOVERY
2.1 State-Transition (Action) Failures
2.2 TCB Failures
2.3 Media Failures
2.4 Discontinuity of Operation
3.0 PROPERTIES OF TRUSTED RECOVERY
3.1 Secure States
3.2 Secure State Transitions
4.0 DESIGN APPROACHES FOR TRUSTED RECOVERY
4.1 Responsibility for Trusted Recovery
4.2 Some Practical Difficulties with Current Formalisms
4.3 Summary of Current Approaches to Recovery
4.3.1 Types of System Recovery
4.3.2 Current Approaches
4.3.3 Implementation of Atomic State Transitions
4.3.3.1 Shadowing
4.3.3.2 Logging
4.3.3.3 Logging and Shadowing
4.3.4 Recovery with Non-Atomic State Transitions
4.3.4.1 Sources of Inconsistency--A Generic Example
4.3.4.2 Non-Atomic TCB Primitives
4.3.4.3 ldempotency of Recovery Procedures
4.3.4.4 Recovery With Non-Atomic System Primitives
4.4 Design Options for Trusted Recovery
5.0 IMPACT OF OTHER TCSEC REQUIREMENTS ON TRUSTED RECOVERY
5.1 Operational Assurance
5.2 Life-Cycle Assurance
5.2.1 Security Testing
5.2.2 Design Specification and Verification
5.2.3 Configuration Management
5.2.4 Trusted Distribution
5.3 Documentation
|
