INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD

摘要: Abstract : For many years, the security research community has focused on confidentiality as security, an a solid analytical foundation for addressing issues evolved. Now it is recognized that integrity at least important in computer systems; also apparent not well understood. Control objectives, they apply to automated information systems, express fundamental requirements and serve guidance development of more specific systems evaluation criteria. Within department defense, control objectives contained Trusted Computer System Evaluation Criteria (TCSEC), DoD 5200. 28-STD, are primary concern product The TCSEC's scope currently confined address only protection information. This document intended extend TCSEC so therein, will computing resource integrity. provides new modified statements objective along with discussion rationale their inclusion or revision. basis Federal law policy revised discussed summary each used derivation revisions provided. be strawman foster further debate leading standard criteria encompasses both confidentiality.