The Orange Book is founded upon which security policy model?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
From the glossary of Computer Security Basics: The Bell-LaPadula model is the security policy model on which the Orange Book requirements are based.
From the Orange Book definition, "A formal state transition model of computer security policy that describes a set of access control rules.
In this formal model, the entities in a computer system are divided into abstract sets of subjects and objects.
The notion of secure state is defined and it is proven that each state transition preserves security by moving from secure state to secure state; thus, inductively proving the system is secure.
A system state is defined to be 'secure' if the only permitted access modes of subjects to objects are in accordance with a specific security policy.
In order to determine whether or not a specific access mode is allowed, the clearance of a subject is compared to the classification of the object and a determination is made as to whether the subject is authorized for the specific access mode." The Biba Model is an integrity model of computer security policy that describes a set of rules.
In this model, a subject may not depend on any object or other subject that is less trusted than itself.
The Clark Wilson Model is an integrity model for computer security policy designed for a commercial environment.
It addresses such concepts as nondiscretionary access control, privilege separation, and least privilege.
TEMPEST is a government program that prevents the compromising electrical and electromagnetic signals that emanate from computers and related equipment from being intercepted and deciphered.
Source: RUSSEL, Deborah & GANGEMI, G.T.
Sr., Computer Security Basics, O'Reilly, 1991
Also: U.S.
Department of Defense, Trusted Computer System Evaluation Criteria (Orange Book), DOD 5200.28-STD.
December 1985 (also available here).
The Orange Book, also known as the Trusted Computer System Evaluation Criteria (TCSEC), is a document that outlines the requirements for secure operating systems and computer systems. The Orange Book was developed by the U.S. Department of Defense in the 1980s, and it is considered to be one of the foundational documents for computer security.
The security policy model upon which the Orange Book is founded is the Bell-LaPadula Model. The Bell-LaPadula Model is a formal model for computer security that was developed in the early 1970s by David Bell and Leonard LaPadula. The model is based on the concept of information flow, and it is designed to prevent unauthorized access to information by enforcing a set of rules for accessing classified data.
The Bell-LaPadula Model is based on two security properties: confidentiality and integrity. Confidentiality is the property that ensures that sensitive information is not disclosed to unauthorized parties. Integrity is the property that ensures that information is not modified or tampered with by unauthorized parties.
The Bell-LaPadula Model defines a set of security rules for accessing data. These rules are known as the "Simple Security Property" and the "Star Property". The Simple Security Property states that a subject can only read data at the same or a lower security level than the subject's current security level. The Star Property states that a subject can only write data at the same or a higher security level than the subject's current security level.
In summary, the Bell-LaPadula Model is the security policy model upon which the Orange Book is founded. The model is designed to prevent unauthorized access to information by enforcing a set of rules for accessing classified data based on the concepts of confidentiality and integrity.