RE: Security Policy methodologies

[Hal <hal () mrj com>]

Bert,
Abstract security architectures including notions of completness were the basis of the Orange Book and rainbow books. 
Roughly, a fundamentally secure model was described by the various "trusted system"  of the OB.
Security of  another types of systems was defined as a correspondance 
between the target architecture and one of the OB stand alone machines. 
A complete mapping (or less formally a correspondance) was necessary to 
demonstrate a secure design (since the TCSEC security model was secure [by definition]  and the 
mapping "sound"  then the target must also be secure .  This is a very interesting  headgame.
 I played around with applying this 
idea to the several firewall architectures described in Chapman. (It would be fun to 
see someone go through with that analysis. :)   
Dockmaster.ncsc.mil, may have more stuff on this. One word of caution, having precise definitions 
is the real problem and not the mappings. These "interps" were never easy to arrive at and very
intelligent people would argue about fine distinctions for months. Good luck. 





----------
From:   Bret Watson[SMTP:lists () bwa net]
Reply To:       Bret Watson
Sent:   Monday, December 29, 1997 1:55 PM
To:     firewall-wizards () nfr net
Subject:        Security Policy methodologies

I'm seeking information on any methodologies for developing Security Policies.

Basically, I'm developing a paper of utilising software engineering
techniques to abstract the process and to analyse the result for
completness. I need to know if this has been tried and what other methods
do people use to create the policy document?

I'll sumarise the results and post them to the list as well as posting the
url of the finished paper.

Yours,

Bret Watson
Technical Incursion Countermeasures 
Providing the means for your company's self-defense
consulting () bwa net                      http://www.ticm.com/
ph: (+61)(08) 9429 8898(UTC+8 hrs)      fax: (+61)(08) 9429 8800