firstly, there are the checks and procedures that can be implemented and enforced by software;
secondly, there is the testing and analysis of the programs to ensure that the checks are implemented correctly and completely. Further, one has to check that there are no other covert features anywhere in the programs within the computer system that would nullify any of the specified system defences.
Unable to display preview. Download preview PDF.
- 1.The Orange Book is the colloquial name for the “Department of Defence Computer System Evaluation Criteria”, Security Center, Fort George G. Meade, Maryland (DoD 5200.28-STD) Dec 1985 — The nickname arises from the book's orange colour.Google Scholar
- 2.A Decentralized Model for Information Flow Control, Myers A.C. and Liskov B., Proceedings of the ACM SOSP 16, October 1997: http://www.pmg.lcs.mit.edu/