Security Engineering

This essay is concerned with trusted system integration and/or development to meet multilevel security (MLS) and operational requirements. It addresses technical issues such as how to combine products securely, TCB alternatives, and typical security engineering phases — as well as the management concerns of certification and accreditation. This essay addresses the integration of multilevel security (MLS) technology into the concept definition, acquisition, design, product selection , and MLS integration phases of an operational system. Trade-off analysis is required among factors such as technical risk, security risk, cost, and satisfaction of operational requirements. The essay is divided into four phases: 1. In the requirements phase, we discuss policy determination, the need to identify trust requirements, application of user and mission requirements, use and development of the security Concept of Operations (ConOps), applications for scenarios, and selection of the correct version of security policy. 2. During the design phase, we discuss how to apply design guidance and regulations, and consider the advisability of including certification team participation in design. 3. Discussion of the integration phase surfaces issues from MLS integration policy needed, how to combine products securely, determination of whether to build or buy a TCB, use and considerations of trusted and untrusted processes, considerations for porting untrusted applications to a TCB, and approaching complex systems. 4. In closing, we discuss aspects of certification and accreditation, including the role of certification and accreditation (C&A) and establishing a C&A program.