Using Proven Reference Monitor Patterns for Security Evaluation

Artigo Acesso aberto Revisado por pares

Using Proven Reference Monitor Patterns for Security Evaluation

2016; Multidisciplinary Digital Publishing Institute; Volume: 7; Issue: 2 Linguagem: Inglês

10.3390/info7020023

ISSN

2078-2489

Autores

Mark Heckman, Roger R. Schell,

Tópico(s)

Information and Cyber Security

Resumo

The most effective approach to evaluating the security of complex systems is to deliberately construct the systems using security patterns specifically designed to make them evaluable. Just such an integrated set of security patterns was created decades ago based on the Reference Monitor abstraction. An associated systematic security engineering and evaluation methodology was codified as an engineering standard in the Trusted Computer System Evaluation Criteria (TCSEC). This paper explains how the TCSEC and its Trusted Network Interpretation (TNI) constitute a set of security patterns for large, complex and distributed systems and how those patterns have been repeatedly and successfully used to create and evaluate some of the most secure government and commercial systems ever developed.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Using Proven Reference Monitor Patterns for Security Evaluation