Download
1 / 1
10 likes | 91 Views
Explore the High Assurance Development Framework and Techniques in this exemplary Trusted Computing resource. Learn about controlled information flow, static memory, and preventing unauthorized information flow. Trusted Development with a focus on security domains and trusted path extension. Discover how this system solves real-world problems on naval vessels. The provided source code and evaluation reports are valuable for developing secure systems.
E N D
Trusted Computing Exemplar (TCX) • Trusted Development • Separation microkernel with controlled information flow • Based on formal model • Simple verifiable implementation • Static memory, processes and schedule • Prevents unauthorized information flow between processes • Identified and bounded covert channels • Example of Hardware / Software analysis for secure systems • Extensible • Trusted Path Extension • Enables thin clients to connect to multiple levels of security domains • Allows use of untrusted application code in a trusted context • Solves real-world problem on board naval vessels • Example of trusted application development on a trusted foundation Disseminate Via Open Methodology • Provide Previously Unavailable Level of How-To for High Assurance • Document High Assurance Development Framework, Techniques and Social Model • Distribute in Open Web-based Format • Source code • High Assurance Development Framework • Plans, etc. • Evaluation Evidence and Reports Evaluate for High Assurance • Develop EAL-7 Microkernel Protection Profile • Subset of TSEC A1 Requirements • Common Criteria Models and Guidelines • Third Party Evaluation • Basis for subsequent layer 1 and layer 2 evaluations Trusted Path Extension Untrusted thin client Single or Multi-Level Application Servers
