[3400] in WWW Security List Archive
Re: Comparison of ITSEC scheme to Orange/Red book
daemon@ATHENA.MIT.EDU (Nicolas J. Hammond)
Tue Oct 29 10:26:02 1996
From: "Nicolas J. Hammond" <njhm@ns.njh.com>
In-Reply-To: <3274C940@monsmtp.lmcda.lmco.com> from "Hamilton, Ed @ OTT" at "Oct 28, 96 09:54:00 am"
To: ehamilt@lmcda.lmco.com (Hamilton, Ed @ OTT)
Date: Tue, 29 Oct 1996 07:18:23 -0500 (EST)
Cc: Www-Security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Hamilton, Ed @ OTT wrote ...
>
> Hi Jon,
>
> I do not pretend to be an expert in the subject, however, this is my
> read or the matter:
>
> ITSEC EAL levels do not specifically correlate to the Rainbow series books,
> nor were there any intention that they do.
>
> The ITSEC EAL levels are a starting point for assisting in the security
> level assessment of an object.
>
> Protection Profiles are what specifically designate what level of security
> an object requires. These protection profiles can be loosely translated
> into equivalent Rainbow series requirements. It is key to understand that
> Protection Profiles can specify requirements for different EAL levels. For
> example, CM may be specified at EAL 2, while Development may be specified at
> EAL 3.
>
> Now, getting back to your main question, I believe that E-2 is the level as
> which an equivalence to Discretionary Access Control is specified (I do not
> know what the specific E-2 Requirement is).
>
> As long as the protection profile that you are developing to does not go
> beyond the E-2 requirement for this item, you will be O.K., however, you
> must be aware of the Mandatory Access Control requirements as well, so that
> you will understand when you can not meet a specific protection profile.
>
> I hope that other will correct the errors in my ways,
The E corresponds to "Effectiveness" - in TCSEC terminology this is
"Assurance". Samples are "Formal Policy Model" (required at E4 and higher),
"Informal Detailed Design" (E2 and higher) etc.
The E has nothing to do with the capability of the systems - it's
all assurance/effectiveness.
An ITSEC evaluation usually has an E and F rating i.e. E2/F2.
The F corresponsds to "Functionality".
ITSEC F1, F2, F3, F4, F5 correspond with functionality in
the TCSEC C1, C2, B1, B2, B3/A1 respectively.
Note that TCSEC ratings e.g. B1 combine both functionality and assurance
so you can have systems, such as CMW systems, that have B3 features
but only B1 assurance so they are rated only at B1.
To answer the original question (which I had previously done
privately to the original author):
ITSEC F2 "Discretionary Access Control" is essentially identical to TCSEC C2
"Ability to control access to an object down to a single user"
--
Nicolas Hammond NJH Security Consulting, Inc.
njhm@njh.com 211 East Wesley Road
404 262 1633 Atlanta
404 812 1984 (Fax) GA 30305-3774
