The Birth and Death of the Orange Book

@article{Lipner2015TheBA,
  title={The Birth and Death of the Orange Book},
  author={Steven B. Lipner},
  journal={IEEE Annals of the History of Computing},
  year={2015},
  volume={37},
  pages={19-31}
}
  • S. Lipner
  • Published 2015
  • Computer Science
  • IEEE Annals of the History of Computing
This article traces the origins of US government-sponsored computer security research and the path that led from a focus on government-funded research and system development to a focus on the evaluation of commercial products. That path led to the creation of the Trusted Computer System Evaluation Criteria (TCSEC), or Orange Book. The TCSEC placed great emphasis on requirements for mandatory security controls and high assurance, and the resulting TCSEC evaluation process was time-consuming and… Expand
An Efficient Approach to Resolve Covert Channels
TLDR
A design that is based on the fact that it is impossible inside a system for any process to recognize any user, for whom other processes are invoked, in order to covertly communicate with him or her identities of all users are hidden is proposed. Expand
Role-based Access Control and BCHS
Web applications present an attractive attack surface in part since they are public front-ends to valuable data sources. Not only are these applications network-facing, they must also accept aExpand
Computer Security Discourse at RAND, SDC, and NSA (1958-1970)
  • T. Misa
  • Engineering, Computer Science
  • IEEE Annals of the History of Computing
  • 2016
TLDR
New evidence about two early multilevel access, time-sharing systems, SDC's Q-32 and NSA's RYE, and its security-related consequences for both the 1967 SJCC session and 1970 Ware Report are described. Expand
Design Dimensions for Software Certification: A Grounded Analysis
TLDR
This study compares two certification standards, Common Criteria and DO-178C, and collects insights from literature and from interviews with subject-matter experts to identify design options relevant to the design of standards, serving as a framework to guide the comparison, creation, and revision of certification standards and processes. Expand
Cybersecurity governance: a prehistory and its implications
Purpose The purpose of this paper is to understand the emerging challenges of cybersecurity governance by analyzing the internet’s early history. Design/methodology/approachExpand
Measuring Software Security from the Design of Software
TLDR
The general quality of the security metrics are not in a satisfying level that could be suitably used in daily engineering work flows, and need to be improved. Expand
Edge Cryptography and the Codevelopment of Computer Networks and Cybersecurity
TLDR
This study of the PLI is an entry into the historical relationship between cryptography and packet-switched computer networks. Expand
Security certification and labelling in Internet of Things
TLDR
This paper proposes a new approach for security certification in IoT, which addresses the identified limitations and links formal models to testing and certification. Expand
Moving from a 'human-as-problem" to a 'human-as-solution" cybersecurity mindset
TLDR
There is a need to reconsider the core assumptions and characterisations of the well-intentioned human’s role in the cybersecurity socio-technical system, and a new mindset is proposed i.e. “Cybersecurity, Differently”, based on recognition of the fact that the problem is actually the high complexity, interconnectedness and emergent qualities of socio- technical systems. Expand
Computer Security Discourse at RAND, SDC, and NSA (1958–1970)
The 1967 Spring Joint Computer Conference session organized by Willis Ware and the 1970 Ware Report are widely held by computer security practitioners and historians to have defined the field’sExpand
...
1
2
...

References

SHOWING 1-10 OF 57 REFERENCES
Mathematics, Technology, and Trust: Formal Verification, Computer Security, and the U.S. Military
TLDR
Differences between the cultures of communications security and computer security, the bureaucratic turf war over security, and the emergence and impact of the Department of Defense's Trusted Computer System Evaluation Criteria (the so-called Orange Book) are discussed. Expand
TRUSTED COMPUTER SYSTEMS
The DoD has established a Computer Security Initiative to foster the wide-spread availability of trusted computer systems. An essential element of theXnitiative is the identification of criteria andExpand
DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA
FOREWORD This publication, DoD 5200.28−STD, "Department of Defense Trusted Computer System Evaluation Criteria," is issued under the authority of an in accordance with DoD Directive 5200.28,Expand
INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD
Abstract : For many years, the security research community has focused on the confidentiality as security, an a solid analytical foundation for addressing confidentiality issues has evolved. Now itExpand
Non-Discretionery Controls for Commercial Applications
  • S. Lipner
  • Computer Science
  • 1982 IEEE Symposium on Security and Privacy
  • 1982
The lattice model of non-discretionary access control in a secure computer system was developed in the early Seventies[BIaP]. The model was motivated by the controls used by the Defense DepartmentExpand
Proposed Technical Evaluation Criteria for Trusted Computer Systems
TLDR
This report documents a proposed set of technical evaluation criteria for evaluating the internal protection mechanisms of computer systems, and represents one approach to how trusted systems might be evaluated. Expand
Security Controls for Computer Systems
Abstract : With the advent of resource-sharing computer systems that distribute the capabilities and components of the machine configuration among several users or several tasks, a new dimension hasExpand
Design and Certification Approach: Secure Communications Processor,
TLDR
It is asserted that the security controls for such secure systems must be designed into the computers themselves and the problems of designing and certifying the controls and the computer system are discussed. Expand
Introduction and overview of the multics system
TLDR
Multics (Multiplexed Information and Computing Service) is a comprehensive, general-purpose programming system which is being developed as a research project and will be implemented on the GE 645 computer. Expand
A security model for military message systems
TLDR
The message system application is introduced, the problems of using the Bell-LaPadula model in real applications are described, and the security model for a family of military message systems is formulated. Expand
...
1
2
3
4
5
...