The Center for Education and Research in Information Assurance and Security, or CERIAS, is the world's foremost University center for multidisciplinary research and education in areas of information security. Our areas of research include computer, network, and communications security as well as information assurance.

This site's design is only visible in a graphical browser that supports web standards, but its content is accessible to any browser or Internet device. (Why?)

Center for Education and Research in Information Assurance and Security

COAST Security Archive Logo Category Index: /pub/doc/trusted_systems


No Pointing!

This WWW page was generated automatically. Link makers should not point their links to this page. If you must, please make a link to the search entry point.

CHACS, Center for High Assurance Computing Systems (CHACS) Publications
Abstract: Publications from the Center for High Assurance Systems (CHACS). This is mirrored from the Navy site: chacs.itd.nrl.navy.mil.

Ronald Rivest, Butler Lampson, A Simple Distributed Security Infrastructure
Abstract: A simple distributed security infrastructure (SDSI) which combines a simple public-key infrastructure design with a means of defining groups and issuing group-membership certificates. SDSI's groups provide simple, clear terminology for defining access-control lists and security policies. SDSI's design emphasizes linked local name space rather than a hierarchical global name space

National Institute of Standards and Technology, Proceedings of an Invitational Workshop on Information Technology (IT) Assurance and Trustworthiness
Abstract: The purpose of the Invitational Workshop on Information Technology (IT) Assurance and Trustworthiness was to identify crucial issues on assurance in IT systems and to provide input into the development of policy guidance on determining the type and level of assurance appropriate in a given environment. The readers of these proceedings include those who handle sensitive information involving national security, privacy, commercial value, integrity, and availability. Existing IT security policy guidance is based on computer and communications architectures of the early 1980s. Technological changes since that time mandate a review and revision of policy guidance on assurance and trustworthiness, especially since the changes encompass such technologies as distributed systems, local area networks, the worldwide Internet, policy- enforcing applications, and public key cryptography.

National Computer Security Center, Guide to Understanding Audit in Trusted Systems
Abstract: The guidelines described in this document provide a set of good practices related to the use of auditing in automatic data processing systems employed for processing classified and other sensitive information.

National Computer Security Center, A Guide To Understanding Configuration Management In Trusted Systems
Abstract: The guidelines described in this document provide set of good practices related to configuration management in Automated Data Processing (ADP) systems employed for processing classified and other sensitive information.

National Computer Security Center, A Guide To Understanding Discretionary Access Control In Trusted Systems
Abstract: The guidelines defined in this document are intended to be used by computer hardware and software designers who are building systems with the intent of meeting the requirements of the Department of Defense Trusted Computer System Evaluation Criteria, DoD 5200.28-STD.

National Computer Security Center, The Trusted Product Evaluation Questionnaire
Abstract: The Trusted Product Evaluation Questionnaire is the latest in a series of technical documents that are being published by the National Computer Security Center under the Technical Guidelines Programs. It is the goal of the Technical Guidelines Program to assure that each process in the Trusted Product Evaluation Program and the features of the Department of Defense Trusted Computer Systems Evaluation Criteria will be discussed in detail and provide the proper interpretations with specific guidance.

National Computer Security Center, Guidelines For Formal Verification Systems
Abstract: The guidelines defined in this document are intended for vendors building formal specification and verification systems that trusted system developers may use in satisfying the requirements of the Department of Defense Trusted Computer System Evaluation Criteria (TCSEC), DoD 5200.28-STD, and the Trusted Network Interpretation of the TCSEC.

National Computer Security Center, A Guide to Understanding Trusted Distribution in Trusted Systems
Abstract: The specific guidelines in this document provide a set of good practices related to trusted distribution of the hardware, software, and firmware portions, both originals and updates, of automated data processing systems employed for processing classified and other sensitive information. This technical guideline has been written to help the vendor and evaluator community understand what trusted distribution is, why it is important, and how an effective trusted distribution system may be implemented to meet the requirements of the Trusted Computer Systems Evaluation Criteria.

National Computer Security Center, Guide To Understanding Trusted Facility Management
Abstract: "A Guide to Understanding Trusted Facility Management" is the latest in the series of technical guidelines that are being published by the National Computer Security Center. This technical guideline has been written to help the computer security manufacturers, system evaluators, accreditors, as well as end users understand what procedures, methods, and processes are required for trusted facility management at B2 through A1 classes of the TCSEC.

National Computer Security Center, Trusted network interpretation
Abstract: This document will be used for a period of at least one year after date of signature. During this period the NCSC will gain experience using the Trusted Network Interpretation in several network evaluations. In addition, the NCSC will conduct a series of tutorials and workshops to educate the community on the details of the Trusted Network Interpretation and receive feedback. After this trial period, necessary changes to the document will be made and a revised version issued.

National Computer Security Center, Trusted Product Security Evaluation Program
Abstract: This publication describes procedures for interacting with the National Security Agency's Information Security Organization as related to the Trusted Product Evaluation Program within the National Computer Security Center. It provides the information needed to submit a computer product for technical security evaluation and outlines the National Security Agency's responsibilities for positive, timely acknowledgements. This publication specifically covers the National Computer Security Center's relationship with vendors of proposed trusted computer products from the initial contact with the vendor through the completion of the security evaluation process and follow-on programs. Although more detailed instructions will be referenced in this publication, sufficient guidelines are established for any first-time user of the National Computer Security Center's services.

Brian Currah, MVS : Mainframe Virtual Security
Keywords: trusted systems, vulnerabilities
Abstract: Enterprises using IBM's premier operating system for System/390 mainframes may have a false sense of confidence regarding the vulnerability of corporate assets. The protection offered by widely used security products can be circumvented as a result of loopholes in add-on products

_____

O Built by Mark Crosbie and Ivan Krsul.

Security Archive Page Security Archive Homepage.

COAST Homepage COAST Project (CERIAS)Page.

Purdue CS Homepage Purdue CS Dept page.


security-archive@cerias.purdue.edu (COAST Security Archive)