Outline for May 27, 2003

  1. Reference monitor
    1. Concept
    2. Reference validation mechanism
    3. Security kernel
    4. Trusted computing base
  2. Example of add-on vs. built-in: AT&T UNIX systems with MLS
  3. Policy specification
    1. What it is
    2. Using a standard
    3. Creating new policy
    4. Mapping into existing policy model
    5. Example: System X
  4. Justifying requirements
  5. Techniques to support design assurance
    1. Subsystem, subcomponent, module
  6. Design documents
    1. Security functions summary specification
    2. External functional specification
    3. Internal design description
  7. Justifying design meets requirements
    1. Formal methods
    2. Review
  8. Implementation assurance
    1. Programming language
    2. Modularity
    3. Security features (bounds checking, strong typing, etc.)
    4. Implementation management such as configuration management
  9. Security testing
    1. Functional testing (black box testing)
    2. Structural testing (white box testing)
This is available in Postscript and PDF.