The Community for Technology Leaders
Computer Security Applications Conference, Annual (2004)
Tucson, Arizona
Dec. 6, 2004 to Dec. 10, 2004
ISSN: 1063-9527
ISBN: 0-7695-2252-1
pp: 204-228
Marvin Schaefer , Books With a Past, LLC
ABSTRACT
This paper provides an introspective retrospective on the history and development of the United States Department of Defense Trusted Computer System Evaluation Criteria (TCSEC). Known to many as the Orange Book, the TCSEC contained a distillation of what many researchers considered to be the soundest proven principles and practices for achieving graded degrees of sensitive information protection on multiuser computing systems. While its seven stated evaluation classes were explicitly directed to standalone computer systems, many of its authors contended that its principles would stand as adequate guidance for the design, implementation, assurance, evaluation and certification of other classes of computing applications including database management systems and networks. The account is a personal reminiscence of the author, and concludes with a subjective assessment of the TCSEC's validity in the face of its successor evaluation criteria.
INDEX TERMS
null
CITATION
Marvin Schaefer, "If A1 is the Answer, What was the Question? An Edgy Na?f's Retrospective on Promulgating the Trusted Computer Systems Evaluation Criteria", Computer Security Applications Conference, Annual, vol. 00, no. , pp. 204-228, 2004, doi:10.1109/CSAC.2004.22
107 ms
(Ver )