all right now, after talking about the security models Bella Padula, Bimba, Clark, Wilson, Brewer, Nash And then we also talked about the secure state model. We talked about the concept of a lattice, the information flow model, the noninterference model. I do believe you're going to see a reasonable amount of questions from those.
The next thing that we would look at is okay, so let's say I've used these models and I've built what I consider to be a secure system.
How do I now sell that system? And how do I convince you that it is a secure system? Well, I think about this lot. I just went through the joyful experience of purchasing a new car, which, basically, I meant I went to various dealerships and was able to evaluate took systems for test drive cars for test drive.
That's not as realistic with systems, though I can't necessarily say,
Well, let me put your system on my network for six months, and I'll know if it's secure, not that's obviously has too much potential for loss. So what's the other thing you do when you think about shopping for a car? You think about reading evaluation criteria. Maybe you go to Consumer Reports or some of the other independent third parties.
I'm not gonna call up Ford and say, Hey, do you guys make a good car?
Because, of course, the answer would be yes. So instead, what I'm gonna do is I'm going to go to 1/3 party auto during read a review. Well, that's exactly where we are now when we talk about security evaluation criteria.
Okay, so I'm a government agency, Let's say and I've got a system that I need to put on all my desk cops. I needed thio provide cryptographic support. I need it to provide an audit trail, be capable of supporting firewalls.
I need it. Toe, isolate out the security administrator role from the network admin.
You know, I could have all these different list of needs. How do I know which systems provide those? Service is for me, and the answer is just like buying a car. I go and I look at a neutral third party.
Now, these evaluation criteria these have evolved throughout the years, one of the first and certainly the best known of all the evaluation criteria for a long, long time was called the Orange Book that was its nickname. Its official name was trusted computer security evaluation criteria. And really, we haven't used this in 20 years,
but it is still testable, and it is still relevant,
and the reason it's still relevant is it's the basis for so many of the terms and so many of the concepts that we do use today.
So the trusted computer security evaluation criteria, which was referred to as the Orange Book because wait for it
it was orange. Yes, the cover was orange, and it was part of a series of books called The Rainbow Siri's and quite a Siri's. You know, if you tell me Rainbow, I'm thinking Red, orange, yellow, green, blue indigo, violet. They've got the hot peach book in this rainbow Siri's. They've got
three shades of purple, two shades of green. They've got Venice Blue. I don't even know what Venice Blue looks like,
but it's quite a next Ensign Siri's of books. You know, one point time. They would test you on what the Red Book Waas, which was trusted Network interpretation. It's about networks. Where's the Orange Book is about individual systems. They might test you on green or purple. They've really gotten away from the remaining books in The Rainbow, Siri's
and honestly, they're not really grilling you on the Orange Book anymore. Like I said, this is dated. We haven't used it in 20 years.
So what would I know about the Orange Book going into this exam? Well, I would understand its purpose. First of all, I would also understand the Orange Book was designed to address the confidentiality aspect of a system
so had nothing to do with availability. Had nothing to do with performance. Didn't even touch on integrity was all about. Is the system capable? And what mechanisms does it have to protect confidentiality?
So what would happen with the Orange Book is each system would receive a great A, B, C, D and A would be the most secure systems, and eight is referred to his verified protection. D is minimal security. I had to tell you the truth on this exam. If they're asking you what level blah, blah, blah,
it would be very unusual for the answer to be D, because that's of such
low security that it's hardly even considered security.
A systems were such high end system supply chain was verified. Delivery installation just upper upper end only a handful of those in the world when the Orange Book was popular. I think if they would ask you questions that they would likely come between B and C
now be is mandatory protection, See is discretionary I would know that. So I would know ACE verified. These mandatory sees discretionary D's minimal. I would also know that within each level of a B C D, they're also numeric boundaries. B one b two b three
The lower the number, the less security.
So, for instance, be one has the minimal security that's still under mandatory protection.
Be two is more secure. Be three is most secure of the bees.
C one It's less secure than see two. So I would understand that rating because if they do ask you questions, knowing what each of them are called and knowing that idea of the ranking should be enough. So, for instance, if I were to ask you, what does a B three system have? I'm sorry. Let me ask you this way.
What does a B two system have
that a B three system does not,
and the answer is nothing. Be three is more secure than B two. B three has everything. Be too has and then some. So that's one of those questions that's kind of designed to make you go. Oh, I didn't study all the differences between them.
Don't waste your time on that. You could spend a lot of time with every little security addition from see Want to see two. To be one. To be to you to be three. And you're wasting your time. It's not worth it for the number of questions you're gonna get on the exam. I don't know that. Honestly, I don't even know that you'd see any questions on this. And if so, I don't anticipate many at all.
Um, make sure you know that you remember from access the access control model. We talked about mandatory access control. Well, that was named in the B level of evaluation. Mandatory access. So you remember the mandatory access control model
uses labels. It allows us to differentiate between clearance and classification.
And if you had to guess what level the DAC discretionary access control model comes from, which you've been a guess
right, It's gonna be see. So the idea here is understanding. The overview of this is absolutely pertinent. It's absolutely relevant, but I would not get into any more depth.