A Guide to Understanding Security Testing and Test Documentation in Trusted Systems
DIANE Publishing, 1994 - 121 pages
Provides a set of good practices related to security testing and the development of test documentation. Written to help the vendor and evaluator community understand what deliverables are required for test documentation, as well as the level of detail required of security testing. Glossary. Diagrams and charts.
What people are saying - Write a review
We haven't found any reviews in the usual places.
Other editions - View all
access checks access control access privileges access-check dependency ADP system bandwidth classes C1 Computer Security coverage analysis covert channel creat cyclic test dependencies defined descriptor discretionary access discretionary access control DTLS environment initialization example execution Fail 1 Fail File at File file descriptor FTLS functional testing graph guideline Hardware Security Testing identify implementation code invokes isolation and noncircumventability kernel primitive login mandatory access mandatory access control mapping Named Pipes NCSC team object types outcomes performed protection mechanisms ring SCOMP SECRET/A Section Security Class security level security mechanisms security policy security testing requirements segment Succ Fail Succ Succ system integrity testing TCB interface TCB primitive TCB testing TCSEC Requirements test conditions test coverage test data test documentation test environment test operator test plans test procedures test program test results test team testing approach tests that detect UCLA Pascal user-level vendor verify Xenix
Page 113 - A means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject...
Page 112 - ... inductively proving that the system is secure. A system state is defined to be "secure" if the only permitted access modes of subjects to objects are in accordance with a specific security policy. In order to determine whether or not a specific access mode is allowed, the clearance of a subject is compared to the classification of the object and a determination is made as to whether the subject is authorized for the specific access mode.
Page 112 - Channel An information transfer path within a system. May also refer to the mechanism by which the path is effected.
Page 112 - A formal state transition model of computer security policy that describes a set of access control rules. In this formal model, the entities in a computer system are divided into abstract sets of subjects and objects. The notion of a secure state is defined and it is proven that each state transition preserves security by moving from secure state to secure state; thus, inductively proving that the system is secure. A system state is defined to be "secure" if the only permitted access modes of subjects...
Page 112 - A covert channel that involves the direct or indirect writing of a storage location by one process and the direct or indirect reading of the storage location by another process.
Page 113 - S1 is said to dominate security level $2 if the hierarchical classification of S1 is greater than or equal to that of S2 and the nonhierarchical categories of Si include all those of S2 as a subset.
Page 113 - The state that exists when computerized data are the same as those in the source documents and have not been exposed to accidental or malicious alteration or destruction. Data item. The expression of a particular fact of a data element; eg, "Blue" may be a data item of the data element named "Color of Eyes.