Evaluating Security Properties of Computer Systems

Abstract

The Department of Defense has recently published Trusted Computer System Evaluation Criteria that provide the basis for evaluating the effectiveness of security controls built into computer systems. This paper summarizes basic security requirements and the technical criteria that are used to classify systems into eight hierarchical classes of enhanced security protection. These criteria are used in specifying security requirements during acquisition, guiding the design and development of trusted systems and evaluating systems used to process sensitive information.