TABLE OF CONTENTS About the DoD Computer Security Initiative ii About the Seminar ii Technical Program iii Welcoming Address, James Burrows Keynote Address, LtGen Lincoln D. Faurer 3 Trusted Computer System Technical Evaluation Criteria, Col Roger R: Schell 7 Commercial Product Evaluation - Part I , Mario Tinto 21 Commercial Product Evaluation - Part 2, Anne-Marie Claybrook 27 Computer Application Evaluation - Science Out of Art, Stephen F. Barnett 35 Research and Development in Support of Trusted Systems Evaluation, Hilda Faust Mathieu 41 Software Tools, James Tippett 51 Panel Session - Industry Reaction to the Trusted Computer System Evaluation Criteria, Daniel J. Edwards, Moderator 53 Information Protection in an Information-Intensive Society, Melville H. Klein 57 DoD Perspective on Computer Security, Stephen T. Walker 61 Computer Security Policies - Challenges and Prospects, Eugene Epperly 99 Computer Security Considerations in the Computer Life Cycle, LtCol Lawrence A. Noble 139 Non-Descretionary Controls for Commercial Applications, Steven B. Lipner 143 Computer Security and Integrity Technology, Dr. Dennis K. Branstad 153 The Computer Security and Risk Management Program, Dr. Stuart Katzke 157 Financial (Banking) View of Computer Security, M. Blake Greenlee 167 Cost-Benefit Impact Analysis of Computer Security Standards/Guidelines: A Base Case Framework, Dr. Marco Fiorello 177 Computer Security in the Retail Industry, John Pricz 203 Computer Security Evaluation and Certification, Zelia Ruthberg 207 Bizarre Bazaar: An Approach to Security Technology Transfer, Clark Weissman 217 Meeting Policy Requirements Using Object-Orientation Systems, Susan A. Rajunas 227 Multi-Level Security Today, Lester J. Fraim .233 An Update on Computer Security Activities at Digital, Andrew C. Goldstein 241 FIFTH SEMINAR DoD <;omputer .Security, Ifli~iative May 24-26, 1982 About the DoD Computer Security Initiative The Department of Defense Computer Security Initiative was established in 1978 by the Assistant Secretary of Defense for Communications, Command and Control and Intellig~nc¢. to achieve the widespread availability of trusted ADP systems for use within the DoD. In January 1981, a Computer Security Center was established in the Department of Defense. The Center is assuming responsibility for the activities of the Initiative. In the spirit of the Initiative; the Center is attempting to foster the development of trusted ADP systems through technology transfer ·efforts and to define reasonable ADP system evaluation procedures to be applied to government-developed and commerically developed trusted ADP systems. This semimir constitutes an t!ssential. element in the Ce~ter's Technology Transfer Program. In conjunction with the DoD Center, the National Bureau of Standards Institute for Computer Sciences and. Technology, through its Computer Security and Risk Management Standard's program, seeks new technology to satisfy Federal ADP security requirements. The. institute .then promulga~es acceptable and cost-effective technology in Federal Information Processing Standa~ds' and Guid~lines. The Institute assists the Department of Defense by transferring the interim results of its research being coqducted under the Computer Security Initi~tive. · . About the Seminar This seminar continues tht:: efforts initiated in previous seminars to promote awareness of the DoD Computer Security Program and to :present the developments and suc~:;esses in the trusted computer . operating systems area. The fifth in a continuing series, this' seminiu i~ the first to be co-sponsored by the DoD Computer Security Center. The program is directed toward the user of Computer 'Security products and includes presentations on the tangible results of efforts pursued by the Computer Security Center. Previous meetings have emphasized the theoretic3.l aspects of. computer security. This seminar emphasizes the practical aspects and the verification system/software analysis tools being used. · . The theme is· Evaluating Computer Security_:_ the process of studying imd analyzing the potential security products of manufacturers and government to determine their security attributes and their suitability as trusted systems. · The presentations in these proceedings are provided for your infdrmation. They sho~ld riot 'be interpreted as necessarily representing the official view or carrying any endorsement, either expressed or implied, of the Department of Defense or the United States Government. .! ii TECHNICAL PROGRAM General Theme: Evaluating Computer Security Monday, May 24 A.M. Theme - DoD Evaluation Criteria and Process. Session Chairman-Melville H. Klein, Director, DoD Computer Security Center. Welcoming Address James Burrows Director Institute for Computer Science and Technology National Bureau of Standards Keynote Address LtGen Lincoln D. Faurer Director National Security Agency Trusted Computer System Technical Evaluation Criteria Col Roger R. Schell Deputy Director DoD Computer Security Center Commercial Product Evaluation-Part l Mario Tinto Chief, Commercial Product Evaluations DoD Computer Security Center Commercial Product Evaluation-Part 2 Anne-Marie Claybrook Group Leader MITRE Corporation Computer Application Evaluation-Science Out of Art Stephen F. Barnett Chief, Applications Systems Evaluations DoD Computer Security Center P.M. Theme - Technical Support for the Evaluation Process. Session Chairman-Daniel J. Edwards, Chief, Standards and Products, DoD Computer Security Center. Research and Development in Support of Trusted Systems Evaluatio.ns Hilda Faust Mathieu Chief, Research and Development DoD Computer Security Center Software Tools James Tippett Chief, Technical Support DoD Computer Security Center Panel Session - Computer Industry Reaction to the Trusted System Evaluation Crite.ria. Daniel J. Edwards, Moderator. Panel Members Steven Lipner - Digital Equipment Corporation Terry Cureton - Control Data Corporation . Theodore M.P. Lee- UNIVAC Lester Fraim - Honeywell Federal Systems Division iii Leslie DeLashmutt - Data General Tuesdpy1 ti{qy 25 ·' · ,; A.M. Theme - DoD Perspective and.Poli~y Imp4cptiqn~. Session' Chairman-Marvin Schaefer, Chief Scientist, DoD Computer Security ctmter. · • · · . Information Protection in an Information-Intensive Sbc'iety Melville H. Klein . ,,_. Director DoD Computer Security Center DoD Perspective on Computer Security Stephen T. Walker Director, Information Systems ODUSD (C 3Il The Pentagon Computer Security Policies-Challenges and Prospects Eugene Epperly Computer Security Specialist Security Plans and Programs Directorate ODUSD (Policy) Computer Security Considerations in the Computer Life Cycle LtCol Lawrence A. Noble Computer Security Policy Analyst Directorate of Computer Resources Headquarters, U.S. Air Force Non-Descretionary Controls for Commercial Applications Steven B. Lipner Engineering Manager Computer Security Advanced Development Digital Equipment Corporation Computer Security Considerations for the Financial Community Morgan Morrison Vice President (TEXT NOT AVAILABLE) Manager, ADP Security Division Security Pacific National Bank P.M. Theme - NBS/ICST Computer Security and Risk Management. Session c;hairmaw-Dr. Dennis K. Brans tad. Computer Security and Integrity Technology Dr. Dennis K. Branstad Manager Integrity, Security and Data I/0 Group Institute for Computer Science and Technology National Bureau of Standards The Computer Security and Risk ManagellJent Program Dr. Stuart Katzke Leader Computer Security Management Group Institute for Computer Science and Technology National Bureau of Standards Financial (Banking) View of Computer Security iv M. Blake Greenlee Vice President CITIBANK, NY Cost-Benefit Impact Analysis of Computer Security Standards/Guidelines: A Base Case Framework. Dr. Marco Fiorello President Fiorello, Shaw and Associates Computer Security in the Retail Industry John Pricz Manager Security Center Carter, Hawley & Hale Computer Security Evaluation and Certification Zelia Ruthberg Staff Computer Security Management Group Institute for Computer Science and Technology National Bureau of Standards Wednesday, May 26 A.M. Theme - Computer Security Evaluation-Now and Future. Session Chairman-Col Roger R. Schell Bizarre Bazaar: An Approach to Security Technology Transfer Clark Weissman Chief Technologist System Development Corporation Meeting Policy Requirements Using Object-oriented Systems Susan A. Rajunas Technical Staff MITRE Corporation Initial Performance Measurement Results for KVM Paul Cudney KVM Program Manager (TEXT NOT AVAILABLE) System Development Corporation Multi-Level Security Today Lester J. Fraim Manager, TCB Development Honeywell Federal Systems Division An Update on Computer Security Activities at Digital Andrew C. Goldstein Consulting Software Engineer Digital Equipment Corporation A New Verification System Gary Grossman Chief Computer Scientist (TEXT NOT AVAILABLE) Digital Technology Inc. Panel Session - Future Directions for Computer Security Center/Industry Cooperation. (DoD Computer Security Center Chiefs.) James P. Anderson, President, James P. Anderson, Inc., Moderator. Panel Members: v Panel Members: Marvin Schaefer - Chief Scientist Daniel Edwards - Chief, Standards and Products Stephen Barnett -Chief, Applications Systems Evaluations (TEXT NOT AVAILABLE) Hilda Faust Mathieu - Chief, Research and Development James Tippett - Chief, Technical Support vi WELCOMING ADDRESS James H. Burrows Director, Institute for Computer Sciences and Technology National Bureau of Standards