What Are the Different Types of Computer Security Locks?

Computer security level, as its name implies, is the computer's security level. In 1985, the United States Department of Defense announced the "United States Department of Defense Trusted Computer System Evaluation System TcsEC".

Computer security level

The security level has two meanings. One is the security category of the subject and object information resources. It is divided into a hierarchical security level and a hierarchical security level. The other is the security level implemented by the access control system. with

D Computer Security Level D

D level is the lowest level of security and provides minimal security protection for the system. There is no restriction on the access control of the system, and data can be accessed without logging into the system. This level of system includes DOS, WINDOWS98, etc.

C Computer Security Level C

C level has two subsystems, C1 level and C2.

The C1 level is called selective security level (Discrtionary Security Protection), which can realize autonomous security protection, separate users and data, and protect or restrict the spread of user rights.

The C2 level has the power to access the control environment, which is more detailed than the access control division of C1. It can implement controlled security protection, personal account management, auditing, and resource isolation. This level of system includes UNIX, Linux, and Windows NT systems.

Level C is a free and selective security protection. It has self-protection and audit functions in the design, and can audit and restrict the behavior of the subject. C-level security policy is mainly autonomous access control, which can be implemented

Protect data to ensure that unauthorized users cannot access it;

Control the spread of access rights;

Security management of personal user data.

C-level users must provide identity certification (such as a password mechanism) to properly implement access control, so user operations are automatically associated with auditing. C-level auditing can establish, maintain, and protect audit records against unauthorized, unauthorized access by authorized and unauthorized users who implement access control. This level of auditing can record the events to be audited, the date and time of the events, the users involved, the types of events, the success or failure of the events, and at the same time, can selectively audit any one or more Users. An important feature of the C level is the verification of the audit life cycle guarantee. This can check whether there are obvious bypasses that can bypass or deceive the system, and check whether there are obvious leaks (violating the isolation of resources and causing Verification data illegal operation).

B Computer Security Level B

Level B includes three levels: B1, B2, and B3. Level B can provide mandatory security protection and multiple levels of security. Mandatory protection refers to the definition and maintenance of the integrity of the mark. The owner of the information resource does not have the authority to change itself, and the system data is completely under the supervision of access control management.

Level B1 is called Labeled Security Protection.

Level B2 is called the Structure Protection Level (Security Protection), and all objects of access control are required to have security labels so that low-level users cannot access sensitive information. Equipment, ports, etc. should also be marked with a security level.

The B3 level is called the Security Domain protection level. This level uses the method of installing hardware to strengthen the security of the domain, such as using memory management hardware to prevent unauthorized access. B3 level can achieve:

The reference monitor participates in all subjects' access to the object to ensure that there is no bypass;

Strong audit trail ability, can provide system recovery process;

Support the role of security administrator;

The user terminal must access the system through a trusted voice channel;

Prevent tampering.

Group B security levels can implement autonomous access control and mandatory access control. Common implementations include:

All subjects and objects under the control of sensitive signs have signs;

The security logo cannot be changed for ordinary users;

You can audit (a) any attempt to violate the readable output mark (b) the security level of the unidentified data provided by the authorized user and the related actions (c) the security level change of the channel and I / O device ) User identity and corresponding operations;

Maintain authentication data and authorization information;

Maintain process isolation by controlling independent address spaces.

Group B security levels should ensure:

During the design phase, design documents, source code, and target code should be provided for analysis and testing;

Have clear loophole removal and remedial measures;

Both formal and non-formal models can prove that the model can meet the requirements of security policies. Monitor the moving process of objects in different security environments (such as data transfer between two processes)

A Computer Security Level A

Level A is only A1. This level is called Verity Design. It is the highest level of security at present. In level A, a secure design must give formal design instructions and verification. The mathematical derivation process should also include the analysis of secret channels and credible distributions, that is to say, to ensure the security of the components of the system, such as strict tracking and strict configuration management of these software and hardware in production, sales, and transportation To avoid potential safety hazards.

The main achievable threats in security threats fall into two categories: infiltration threats and implant threats. The main infiltration threats are: counterfeiting, bypass control, and authorization violations. The main implant threats are: Trojan horses and trapdoors.