NCJ Number
89658
Date Published
1982
Length
131 pages
Annotation
This paper develops a comprehensive set of requirements, together with techniques for meeting them, which, when applied to a computer operating system, will serve as a basis for certifying that system as secure.
Abstract
It identifies the essential requirements and the vulnerabilities they are designed to shield and gives examples of various techniques to meet each requirement. Requirements are organized on three levels: security, installation, and technical. These requirements were developed by defining requirement criteria, considering system functions and types of threats, defining protection goals and elements, and surveying problem areas. Approximately 190 requirements are formulated, covering such areas as isolation, controlled access, identification, integrity, and surveillance. Diagrams, tables, and 121 references are supplied.