The concept of trusted computer system explains "GB17859 + CC"

1-1, according to the GB17859 standard, the main security function requirements of the third and fourth level credible computer information systems and the main differences between them are described.

The third level is the security mark protection level, the main security function requirements include: Autonomous access control, mandatory access control, tagging, identity identification, object reuse, audit, data integrity, etc. 7 items.

The fourth level is structured protection level, the main security function requirements include: Autonomous access control, mandatory access control, tagging, identity identification, object reuse, audit, data integrity, covert channel analysis, trusted path, such as 9 items.

The main difference between them is that the fourth level computer information System Trusted computing infrastructure is based on a well-defined formalized security policy model, which requires that the autonomous and mandatory access control in the tertiary system be extended to all subjects and objects. Also, consider covert passages. This level of computer information systems Trusted Computing base must be structured into key protection elements and non-critical protection elements. The interface of the trusted computing base of computer information system must also be clearly defined so that its design and implementation can withstand more thorough testing and more complete review. Enhanced identification mechanisms, support for system administrators and operators, provision of trusted facility management, and enhanced configuration management controls. The system has considerable anti-permeability capability.

1-2. Please describe and illustrate the concepts of Vulnerability (vulnerability), threat (threat) and risk (risk) and their related relationships in the CC standard.

Vulnerability: The weakness of an asset or group of assets that may be exploited by one or more threats.

Threats: Potential causes of unwanted events that can cause damage to the system or organization.

Risk: The vulnerability of a particular threat to the use of an asset or a group of assets, which could lead to the potential for damage or damage to these assets. Asset owners should analyze possible threats and determine which ones exist in their environment, and the result is risk.

The relationship between vulnerability, threat and risk.

The fragility of an asset may be exploited by the threat, thus creating the risk of an asset, a process that can be understood as a threat that increases the potential risk and thus poses a threat to the ultimate asset. Asset owners should analyze possible threats and determine which ones exist in their environment, and the result is risk. This analysis helps in the choice of countermeasures to address risks and reduce them to an acceptable level.

1-3, the basic concept of interpretation: Trusted computing base, reference monitor, access control, security functions and security assurance, security policy and security model.

Trusted Computing Base: The overall protection device in a computer system, including hardware, firmware, software and the composition responsible for enforcing the security policy. It establishes a basic protection environment and provides additional user services as required by a trusted computing system.

Reference Monitor: A component that monitors the authorized access relationship between the subject and the object.

Access control: The process of restricting access to the system's resources by authorized users, programs, processes, or other systems in the computer network.

Security Features: The main description of the implementation of the operating system security policies and security mechanisms to meet the evaluation criteria which level of functional requirements.

Security Assurance: It is through certain methods to ensure that the security functions provided by the operating system do meet the functional requirements identified.

Security Policy: Responses to security threats to the system, including laws, regulations, and implementation rules governing the management, protection, and dissemination of sensitive information.

Security model: A simple, abstract, and unambiguous description of the security requirements expressed by security policies, which provides a framework for the Association of Security Policy and security policy implementation mechanisms.

The concept of trusted computer system explains "GB17859 + CC"