Está en la página 1de 22

MC LC

CHNG 1.
1.1.

C S L L CA TCSEC ........................................................................................................ 4

Mc tiu kim sot cho h thng my tnh tin cy....................................................................... 4

1.1.1.

S cn thit v tnh ng nht.............................................................................................. 4

1.1.2.

Khi nim v cng dng ........................................................................................................ 5

1.1.3.

Tiu ch ca mc tiu kim sot ............................................................................................ 5

1.2.

1.1.3.1.

Chnh sch bo mt ....................................................................................................... 5

1.1.3.2.

Trch nhim .................................................................................................................. 9

1.1.3.3.

S bo m ................................................................................................................... 9

7.0 ............................................................................................................................................... 11

1.2.1.

7.1 ....................................................................................................................................... 11

1.2.2.

Chnh sch ca b quc phng ........................................................................................... 11

1.2.3.

Cc tiu chun kim sot khnh quan dnh cho Chnh sch bo mt................................ 12

1.2.3.1.

Ghi du ........................................................................................................................ 12

1.2.3.2.

Ch bo mt bt buc ............................................................................................ 13

1.2.3.3.

Ch bo mt ty .................................................................................................. 14

1.2.4.

Mc tiu kim sot trch nhim ......................................................................................... 15

1.2.5.

Tiu chun m bo kim sot ........................................................................................... 16

CHNG 2.

NHNG HNG DN CA TCSEC ...................................................................................... 18

2.1.

2.2.

ng d n cu hnh iu khin truy nhp bt buc c bit .................................................... 19

2.3.

ng d n cho n

2.3.1.

Ki

2.3.1.1.

nh n ........................................................................................................... 18

i ki

nh an ton ................................................................................... 19

nh i v i phn on C ........................................................................................... 19
Nhn vin .................................................................................................................... 19

2.3.1.2.
2.3.2.

Ki

Ki

nh .................................................................................................................... 20

nh i v i phn on B ........................................................................................... 20

2.3.2.1.

Nhn vin .................................................................................................................... 20

2.3.2.2.

Ki

2.3.3.

Ki

nh .................................................................................................................... 20

nh i v i phn on A........................................................................................... 21

2.3.3.1.

Nhn vin .................................................................................................................... 21

2.3.3.2.

Ki

nh .................................................................................................................... 21

DANH MC T VIT TT
DoD : Department Of Defense (B Quc Phng)
TCB : Trusted Computing Base (C s tnh ton tin cy)
ADP : Automatic Data Processing (X l d liu t ng)

CHNG 1.
1.1.

C S L L CA TCSEC

Mc tiu kim sot cho h thng my tnh tin cy

Cc tiu ch cho mi phn cp c chia theo nhm cc yu cu. Cc nhm


yu cu ny ra m bo rng 3 mc tiu kim sot cho h thng my tnh l
hp l v khng cn gim st nhiu. Nhng mc tiu ny kim sot i vi :
Chnh sch bo mt
Trch nhim
S bo m
Phn ny a ra tho lun v nhng mc tiu kim sot chung v ng dng ca
chng trong vic thit k h thng my tnh tin cy.
1.1.1. S cn thit v tnh ng nht
Mc tiu chnh ca trung tm an ninh my tnh b quc phng l khuyn khch
ngnh my tnh pht trin h thng v cc sn phm my tnh tin cy, khin chng
ngy cng sn c trn th trng thng mi. Mc tiu ny i hi s ghi nhn v
s trng khp gia ngnh cng v t v cung cu i vi nhng sn phm nh
vy.
Trong nhiu nm qua, nhiu c gng c thc hin trong vic nhn nh
vn v a ra gii php cng vi vic truyn t thng tin mang tnh nhy cm
quc gia, cng nh cc d liu thng tin nhy cm khc nh v ti chnh, y t,
thng tin c nhn c s dng trong h thng an ninh quc gia . Tiu ch ny th
hin s c gng c thc thi v tiu ch ny cn cho bit nhng yu cu c bn
xy dng mt h thng my tnh tin cy. Tuy nhin h thng my mi ch c
p dng cho h thng an ninh quc gia. Nu vy th cn thiu s ng nht trong
vic y mnh pht trin h thng ny.
Mc ch ca phn ny l m t chi tit mc tiu kim sot theo chc nng.
Nhng mc tiu ny t nn mng cho vic t ra cc yu cu v tiu ch. Mc tiu
l gii thch v s hnh thnh nhng b phn ngoi an ninh quc gia c th nh
gi ton b , ni rng ra, c ngha l nhng ng dng ca tiu ch yu cu trong

vic x l nhng h thng d liu c tnh nhy cm cao cho h thng an ninh quc
gia hay h thng t nhn khc.
1.1.2. Khi nim v cng dng
Thut ng mc tiu kim sot biu th khi nim lin quan ti s kim sot
v ngun lc t chc, ti sn s hu ca t chc hoc c hai. Xt v h thng my
tnh, mc tiu kim sot to ra khung cng vic cho vic pht trin chin lc hon
thnh nhng yu cu cho bt c h thng cho sn no. i ph vi nhng tn tht
chung, nh nhu cu qun l v x l nhng d liu mang tnh nhy cm cao nhm
trnh b tn hi, hay nhu cu nng cao trch nhim gii trnh trnh la o, mc
tiu kim sot c xem l gii php hu hiu trong vic gi gn thng tin bo
mt.[3]
Mt s v d ca mc tiu kim sot gm 3 yu cu thit k c bn cho vic
thc hin kim sot c bn phn 6, c th l :
C ch tham chiu xc nhn phi trnh b lm gi mo
C ch tham chiu xc nhn phi c dn ra.
C ch tham chiu xc nhn phi nh sao cho c th phn tch v kim
tra, vic hon thnh phi c bo m.[1]
1.1.3. Tiu ch ca mc tiu kim sot
Ba tiu ch c bn ca mc tiu kim sot lin quan n chnh sch bo mt,
trch nhim gii trnh v s bo m. Phn cn li l tho lun v 3 yu cu c bn
ny.
1.1.3.1.

Chnh sch bo mt

Ni mt cch chung nht, bo mt my tnh lin quan n kim sot cch s


dng my tnh v d nh kim sot qu trnh hon thnh bng cch truy cp v thao
tc my tnh. Tuy nhin kim tra k hn ta thy bo mt my tnh cn lin quan n
nhiu vn , lnh vc khc. Biu hin ca vn ny nh FIB PUB 39, danh mc
bo mt h thng my tnh vn cha c khi nim ring v vn bo mt my
tnh.[2] Thay v c ti nhng 11 khi nim ring bit v bo mt bao gm : bo
mt h thng ADP, bo mt hnh chnh, bo mt d liu v.v. Mt t chung nht

c nhc i nhc li trong nhng khi nim ny l t bo v. Khng nh chc


chn hn v yu cu bo v c th thy trong DoD Directive 5200.28, n m t cp
bo mt mc c th chp nhn c cho nhng d liu c phn loi
m bi rng h thng c th x l, lu tr hoc s dng d liu phn loi v
a ra nhng thng tin c phn loi vi mc ph thuc hp l, trnh:
C hoc v truy cp vo cc ti liu c phn loi bi ngi khng c
php truy cp
Thao tc tri php my tnh v cc thit b lin quan ngoi vi my tnh.[4]
Tm li, yu cu bo v phi c xem xt v mi e da, mi nguy him v
cc mc tiu ca t chc. y c gi l chnh sch bo mt. Cc lut l, quy
nh bn ngoi quy nh v vic truy cp thng tin phi c php, v thc hin c
lp vi vic s dng my tnh. C th l, h thng cho sn c cho l an ton lin
quan n s thc thi mt s chnh sch bo mt c bit. V vy, mc tiu kim
sot cho chnh sch bo mt l :
MC TIU KIM SOT CHNH SCH BO MT
Khi nim lin quan ti kim sot truy cp thng tin v tnh ph bin ca thng
tin. Chnh sch bo mt phi c nh ngha mt cch chnh xc v c thc
hin trong mi h thng xa l thng tin nhy cm. Chnh sch bo mt ny phn
nh mt cch chnh xc nhng lut l, quy nh v nhng chnh sch chung c
a ra.
1.1.3.1.1. Chnh sch bo mt bt buc
Trong trng hp mt chnh sch bo mt c a ra p dng nhm kim
sot cc thng tin mt hoc nhy cm khc c ch nh c bit, chnh sch phi
bao gm cc quy tc chi tit v vic lm th no x l cc thng tin trong
sut mt chu trnh tun hon. Nhng quy nh ny l mt chc nng ca cc ch
nh nhy cm khc nhau m thng tin c th gi nh v cc hnh thc truy cp
khc nhau c h thng h tr. An ninh mng bt buc lin quan n vic thc
thi mt tp hp cc truy cp cc quy tc kim sot hn ch quyn truy cp ca i
tng thng tin trn c s so snh vic xa b, y quyn thng tin c nhn, ch
nh phn loi hoc ch nh nhy cm ca thng tin, v hnh thc truy cp

c qua trung gian. Chnh sch bt buc hoc yu cu hoc c th p ng bi


cc h thng c th thc hin sp xp mt phn ca ch nh, c th l, cc ch nh
phi hnh thnh th lin quan n ton hc, gi l [5] "lattice"( hng ro hot ng,
mng)
Phn trn ch r h thng phi m bo rng cc ch nh lin kt vi cc d
liu nhy cm khng th c t thay i, v iu ny c th cho php cc c
nhn thiu s u quyn truy cp thng tin nhy cm. Cng ch r l yu cu rng
h thng kim sot dng chy ca thng tin cc d liu khng th c lu tr
vi ch nh nhy cm thp hn, tr khi cp thp hn c y quyn.[6] Mc
tiu kim sot l:
MC TIU KIM SOT BO MT BT BUC
Chnh sch an ton c xc nh cho h thng c s dng x l thng
tin nhy cm c phn loi hoc phn loi c th phi bao gm cc quy nh cho
vic thi hnh cc quy tc kim sot truy cp bt buc. l, phi bao gm mt tp
hp cc quy tc truy cp kim sot trc tip da trn s so snh vic xa b
thng tin ca c nhn hoc y quyn cc thng tin v ch nh phn loi hay ch
nh nhy ca thng tin c tm kim, v gin tip da trn nhng yu t kim
sot mi trng bn ngoi v yu t c hc khc.Cc quy tc kim sot truy cp
bt buc phi phn nh chnh xc cc lut, quy nh v chnh sch chung.
1.1.3.1.2.

Chnh sch bo mt ty

Bo mt ty l loi ch yu ca kim sot truy cp c sn trong cc h thng


my tnh ngy nay. Cc c s ca loi bo mt ny l mt ngi dng c nhn,
hoc chng trnh hot ng trn danh ngha ca mnh, cho php ch nh mt
cch r rng cc loi truy cp khc c th nhn thng tin di s kim sot ca
mnh. Bo mt ty khc bo mt bt buc ch n thc hin mt chnh sch
kim sot truy cp trn c s nhng iu cn bit ca mt c nhn, tri ngc vi
kim sot bt buc tin hnh bi vic phn loi hoc ch nh nhy cm ca thng
tin.
Kim sot ty khng th thay th cho cc kim sot bt buc. Trong mi
trng trong thng tin c phn loi (nh trong DoD) bo mt ty cung cp

cho mt kt cu tt hn v s kim sot so vi kh khn chung ca chnh sch bt


buc. Truy cp vo thng tin mt yu cu thc hin c hiu qu ca c hai loi
kim sot nh l iu kin tin quyt cp quyn truy cp . Ni chung, khng
c ngi c th c quyn truy cp vo nhng thng tin c phn loi tr khi:
ngi c xc nh l ng tin cy v truy cp cn thit thc hin nhim
v chnh thc. Ni cch khc,kim sot ty cung cp cho c nhn ton quyn
quyt nh khi truy cp, n ph hp vi gii hn chnh sch bt buc. Mc tiu
kim sot l:
MC TIU KIM SOT AN NINH TY
Chnh sch bo mt c xc nh cho h thng c s dng x l thng
tin c phn loi hoc cc thng tin nhy cm phi bao gm cc quy nh cho
vic thi hnh cc quy tc kim sot truy cp ty . l, chng phi bao gm mt
tp hp cc quy tc cho vic kim sot v hn ch truy cp da trn c nhn xc
nh bit nhng thng tin cn thit.
1.1.3.1.3.

nh du

thc hin mt tp hp cc c ch s lm chnh sch an ninh bt buc c


hiu lc, rt cn thit h thng nh du thng tin ph hp vi s phn loi hp
l hoc tnh nhy cm v duy tr cc nhn hiu nh thng tin di chuyn qua h
thng. Mt khi thng tin c nh du c nh v chnh xc, s so snh theo yu
cu ca cc quy tc kim sot truy cp bt buc phi thc hin chnh xc v nht
qun. Mt li ch na ca h thng duy tr phn loi v tnh nhy cm trong ni b
l kh nng t ng to ra ng "nhn" u ra. Cc nhn, nu chnh xc v c
duy tr ni b bi h thng, gi chnh xc khi xut ra khi h thng. Mc tiu
kim sot l:
NH DU MC TIU IU KHIN
H thng c thit k thc hin chnh sch bo mt bt buc phi lu tr
v bo tn tnh ton vn ca cc nhn phn loi v nhn c tnh nhy cm cao cho
tt c cc thng tin. Cc nhn xut ra t h thng phi th hin chnh xc nhn
mang tnh nhy cm ni b xut ra.

1.1.3.2.

Trch nhim

Mc tiu kim sot c bn th hai cp n mt trong nhng nguyn tc c


bn ca an ninh, tc l, trch nhim c nhn. Trch nhim c nhn l cha kha
bo v v kim sot bt k h thng x l thng tin thay cho cc c nhn, nhm c
nhn. Mt s yu cu phi thc hin p ng mc tiu ny.
Yu cu u tin l xc nh ngi dng c nhn. Th hai, cn thit phi c
chng thc cho thng tin xc nh. Xc nh l chc nng ph thuc vo s xc
thc thng tin.
Nu khng c xc thc, nhn dng ngi dng khng c tin cy. Nu khng
c mt tin cy, chnh sch an ninh bt buc hay khng bt buc cng khng th
c khi ng hp l bi v khng c bo m rng y quyn thch hp c th
c thc hin.Yu cu th ba l cho kh nng kim sot ng tin cy. l, mt
h thng my tnh ng tin cy phi cung cp cho ngi c thm quyn vi kh
nng kim sot bt k hnh ng no c kh nng nh hng ti truy cp,hoc
thc hin vic pht hnh cc thng tin mt hoc nhy cm. D liu kim sot s
c mua li c chn lc da trn cc nhu cu kim sot c bit v ci t hoc
ng dng. Tuy nhin, phi c kt cu trong d liu kim sot h tr theo du
cc s kin kim tra mt c nhn c th thc hin hnh ng hoc y quyn
thc hin hnh ng. Mc tiu kim sot l:
MC TIU KIM SOT V TRCH NHIM
H thng ang c s dng x l hoc x l cc thng tin c phn loi
hoc cc thng tin nhy cm khc phi m bo trch nhim c nhn bt c khi
no thc hin chnh sch bo mt bt buc hoc chnh sch bo mt ty . Hn
na, m bo trch nhim, i l y quyn v c thm quyn phi c nng lc
truy cp v nh gi thng tin trch nhim bng mt phng thc an ton, trong
mt khong thi gian hp l, v khng c kh khn ng k.
1.1.3.3.

S bo m

Mc tiu kim sot c bn th ba c lin quan vi bo m, cung cp nim tin


rng chnh sch an ninh c thc hin mt cch chnh xc v cc yu t lin
quan n bo v ca h thng c thc hin chnh xc, ng mc ch ca chnh

sch . Bng cch m rng, s m bo phi chc chn cc phn ng tin cy ca


h thng hot ng nh d nh. thc hin nhng mc tiu ny, cn hai loi
bo m cn thit.C th l m bo vng tun hon v m bo hot ng.
m bo vng tun hon cp n cc bc c thc hin bi mt t chc
m bo rng h thng c thit k, pht trin, v duy tr bng cch s dng s
kim sot v cc tiu chun chnh thc v c tnh nghim ngt. [17]
H thng my tnh x l v lu tr thng tin nhy cm hoc thng tin c
phn loi ph thuc vo phn cng v phn mm bo v thng tin . Dn n
phn cng v phn mm phi c bo v chng li nhng thay i tri php c
th gy ra s trc trc ti cc c ch bo v hoc lm mt i hon ton c ch bo
v. V l do ny h thng my tnh ng tin cy phi c xem xt v th nghim
cn thn trong giai on thit k v pht trin v cn phi nh gi li bt c khi
no c s thay i m c th nh hng n tnh ton vn ca cc c ch bo v.
Ch bng cch ny mi c th chc chn m bo rng vic gii trnh phn cng v
phn mm ca chnh sch bo mt c duy tr chnh xc.
Trong khi m bo vng tun hon lin quan vi cc th tc qun l h thng
thit k, pht trin, v bo tr, vic bo m hot ng tp trung vo cc tnh nng
v kin trc h thng c s dng m bo rng cc chnh sch bo mt c
thc thi d dng trong h thng hot ng. l, cc chnh sch bo mt phi
c tch hp vo phn cng v cc tnh nng bo v phn mm ca h thng. V
d v cc bc thc hin cung cp loi ny bao gm: phng php kim tra
phn cng v phn mm hot ng cho cc hot ng chnh xc, s c lp v m
bo v quan trng, v vic s dng cc phn cng v phn mm cung cp cho
cc min khc nhau. Mc tiu kim sot l:
MC TIU KIM SOT V S BO M
H thng ang c s dng x l hoc gii quyt cc thng tin c phn
loi hoc cc thng tin nhy cm phi c thit k m bo gii trnh ng v
chnh xc vi chnh sch bo mt v khng c lm sai lch mc ch ca chnh
sch . Phi bo m thc hin v hot ng chnh sch trong sut vng tun
hon ca h thng.

1.2.

7.0

1.2.1. 7.1
1.2.2. Chnh sch ca b quc phng
Trong B Quc phng, cc yu cu m rng c thc hin v c th ha ch
yu thng qua hai phng tin:
Quy nh ca B quc phng 5200.1-R [7], p dng cho tt c cc thnh
phn ca B quc phng.
5220.22-M, Hng dn bo v cc thng tin mt cho cng nghip bo
mt [8], trong p dng i vi cc nh thu trong chng trnh cng
nghip bo mt quc phng.
Lu : n c p dng khng ch i vi bt k nh thu x l thng tin mt
cho bt k thnh phn B Quc phng, m cn cho cc nh thu ca 18 t chc
Lin Bang khc m B trng Quc phng c u quyn trong vic thit k cc
dch v bo mt cng nghip.
Vi h thng ADP, cc yu cu bo mt thng tin c tip tc khuch i v
quy nh ti:
Ch th 5200.28 [4] v sch hng dn 5200.28-M [9] cho cc thnh
phn ca B quc phng.
Phn XIII trong sch hng dn 5200.22-M ca B quc phng dnh
cho cc nh thu.
Ch th 5200.28 ca B quc phng, Yu cu bo mt cho h thng x l d
liu t ng quy nh: cc ti liu cha ng trong mt h thng ADP s c
bo v bi vic s dng cc tnh nng bo v lin tc trong thit k v cu hnh
phn mm cng nh phn cng ca h thng. Hn na n cn yu cu h thng
ADP rng: cc qu trnh x l, lu tr v s dng cc thng tin mt cn c tin
cy hp l ngn chn:
Vic c hay v truy cp vo cc ti liu mt t nhng ngi khng c
php.
Cc thao tc tri php ca my tnh v cc thit b ngoi vi ca n.

Ch th 5200.28 ca B quc phng cung cp cc yu cu bo mt cho cc h


thng ADP. i vi mt s loi thng tin (nh thng tin nhy cm) th cc yu cu
bo mt ti thiu cng cn c p dng cht ch.
T yu cu p t bi nhng quy nh, ch th, thng t, ba thnh phn ca
Chnh sch kim sot bo mt, ta c th xc nh c chc nng cho cc ng
dng ca B Quc phng.
1.2.3. Cc tiu chun kim sot khnh quan dnh cho Chnh sch bo mt
1.2.3.1.

Ghi du

Mc tiu kim sot ca vic ghi du l: "H thng c thit k thc thi mt
chnh sch bo mt bt buc phi lu tr v bo tn tnh ton vn ca vic phn
loi hoc nhn nhy cm khc cho tt c cc thng tin. Nhn hiu ly ra t h
thng phi l i din chnh xc tng ng vi cc nhn ni b.
Yu cu ghi du c a ra trong mt s bo co chnh sch.
Lnh 12356 (mc 1.5.a v 1.5.a.1) i hi phi c du hiu phn loi hin th
trn tt c cc ti liu mt, hoc kt hp vi cc hnh thc khc ca thng tin mt
mt cch ph hp trong cc hon cnh phc tp. [7]
Quy ch 5200.1-R (mc 1-500) ca B quc phng yu cu rng: "Thng tin
hoc ti liu c yu cu bo v nhm chng li s tit l tri php v li ch bo
mt quc gia s c xp vo mt trong ba phm tr c th l: B mt, Ti Mt
hoc Tuyt mt. [7]
Quy ch 5200.1-R (mc 4-304b) ca B quc phng yu cu rng: "H thng
ADP v h thng x l vn bn s dng cc phng tin lu tr thng tin c trch
nhim cung cp, phn loi vic ghi du ni b m bo rng thng tin trong
c sao chp hoc to ra s c mang phn loi v p dng cc du hiu lin
quan".
Sch hng dn 5200.28-M ca B quc phng (Mc IV, 4-305d) yu cu nh
sau: Nhn bo mt Tt c cc ti liu c phn loi truy cp trong h thng
ADP c xc nh l phn loi bo mt v hn ch truy cp. u ra ca h thng
ADP phi c nh du mt cch thch hp. [9]

1.2.3.2.

Ch bo mt bt buc

Mc tiu kim sot i vi ch bo mt bt buc l: "Chnh sch bo mt


c xc nh cho h thng c s dng x l phn loi hoc phn loi c th
cc thng tin nhy cm phi bao gm cc quy nh cho vic thi hnh cc quy tc
kim sot truy cp bt buc. l, n phi bao gm mt tp hp cc quy tc truy
cp kim sot da trc tip trn mt so snh gia giy chng nhn ca mt c nhn
hoc cc thng tin y quyn vi cc thng tin nhy cm hay c phn loi khi
tm kim.
C mt s bo co lin quan n chnh sch bo mt bt buc:
Lnh 12356 (Phn 4.1.a) ch ra rng "mt ngi c iu kin truy
cp vo cc thng tin c cung cp mt khi xc nh tin cy
vi ngi ng u c quan, cc quan chc c ch nh, cung cp truy
cp cn thit hon thnh hp php v phi c Chnh ph ph y
quyn.[7]
Quy ch 5200.1-R ca B quc phng (Chng I, mc 3) xc nh mt
chng trnh truy cp c bit cng nh "bt k chng trnh p t nhu
cu cn bit hoc iu khin truy cp mc cao hn bnh thng cung
cp cho truy cp cc thng tin b mt, ti mt, hoc tuyt mt. [7]
Sch hng dn 5200.28-M ca B quc phng (Phn II 2-100) ghi rng:
Nhng ngi pht trin, kim tra (debug), duy tr, hoc s dng cc chng trnh
c phn loi hoc s c s dng truy cp hoc pht trin cc ti liu phn
loi phi c mt giy chng nhn bo mt c nhn v mt y quyn truy cp thch
hp. [9]
Sch hng dn 5220.22-M ca B quc phng (khon 3.a) nh ngha truy
cp l kh nng v c hi c c kin thc v thng tin mt. Mt c nhn, trn
thc t, c th truy cp vo thng tin c phn loi ti ni lu tr thng tin
nu cc bin php bo mt ang c hiu lc khng th ngn chn anh ta tip nhn
s hiu bit v thng tin c phn loi. [8]
Cc Sc lnh, sch hn dn s dng, Ch th v cc quy nh ni trn ng
rng mt h thng my tnh ng tin cy phi m bo rng cc nhn phn loi lin

kt vi cc d liu nhy cm khng th c t thay i, v iu ny c th cho


php cc c nhn thiu chng nhn thch hp c th truy cp thng tin mt. N
cng yu cu rng mt h thng my tnh ng tin cy phi kim sot dng chy
ca thng tin cc d liu t mt phn loi cao hn c th c t trong mt i
tng lu tr phn loi thp hn tr vic h mc y quyn.
1.2.3.3.

Ch bo mt ty

Thut ng bo mt ty cp n kh nng ca mt h thng my tnh kim


sot thng tin trn c s c nhn. N bt ngun t thc t rng mc d mt c nhn
c tt c cc chng nhn chnh thc c truy cp vo cc thng tin c th, tuy
nhin vic tip cn thng tin ca mi c nhn phi c da trn mt nhu cu
c th chng minh r rng. Chnh v iu ny, n phi c lm r rng rng yu
cu ny khng phi l ty .
Mc tiu kim sot ca bo mt ty l: chnh sch bo mt c xc nh cho
cc h thng c s dng x l phn loi thng tin nhy cm bao gm cc quy
nh cho vic thi hnh cc quy tc kim sot truy cp ty . Ngha l, n phi bao
gm mt tp qun ca cc quy tc cho vic kim sot v hn ch truy cp da trn
mt c nhn xc nh c mt nhu cu bit thng tin.
Quy ch 5200.1-R ca B quc phng (on 7-100) ni rng: khng ai c
quyn truy cp vo cc thng tin c phn loi, tr khi n l cn thit khi vic
thc hin mt nhim v chnh thc.[7]
Sch hng dn s 5220.22-M ca B quc phng (Phn III 20.a) ni rng:
mt c nhn ch c quyn truy cp vo thng tin mt ... khi nh thu xc nh rng
truy cp l cn thit trong vic thc hin cc nhim v hoc cc dch v cn thit
cho mt hp ng hay mt chng trnh.[8]

1.2.4. Mc tiu kim sot trch nhim


Mc tiu kim sot i vi trch nhim l: H thng c s dng x l
hoc phn loi cc thng tin nhy cm khc phi m bo trch nhim c nhn bt
c khi no hoc mt chnh sch an ninh bt buc hay ty c ch nh m
bo trch nhim gii trnh. hi tn ti mt ngi i din y quyn v c thm
quyn truy cp v nh gi thng tin bng mt phng tin an ton, trong mt
khong thi gian hp l.
Ch th 5200.28 ca B quc phng (VI.A.1) ghi rng: danh tnh ca mi ngi
s dng s c thit lp r rng. Mi truy cp hay cc hot ng ca tng c nhn
trong h thng phi c kim sot v xem xt k lng.
Sch hng dn 5200.28-M ca B quc phng (Phn V 5-100) ch ra rng:
Mt bn ghi kim ton hoc tp tin s c duy tr nh mt lch s ca vic s
dng cc h thng ADP cho php nh gi mc bo mt ca h thng.
Sch hng dn 5200.28-M ca B quc phng (Mc IV 4-305f) ni rng:
Trong trng hp cn thit m bo vic kim sot truy cp v trch nhim c
nhn, mi ngi dng hoc nhm c th ca ngi s dng s c xc nh bi
h thng ADP bng cc bin php hnh chnh hoc phn cng / phn mm thch
hp. Cc bin php xc nh phi c y chi tit cho php h thng ADP c
th cung cp cho ngi dng nhng th m h c y quyn.
Sch hng dn 5220.22-M ca B quc phng (Phn XIII 111) ni v vic
kim sot du vt nh sau: Yu cu bo mt chung cho vic kim ton du vt ca
h thng ADP l n cung cp mt ti liu lch s ca vic s dng h thng. N s
xem xt, phn loi v cung cp cc hot ng ca h thng, to iu kin cho vic
khi phc d liu nu c mt bin c bt ng xy ra.
Vic kim sot du vt cho mt h thng ADP c ph duyt x l thng
tin mt c th c tch bit vi h thng c th. Tt c cc h thng c ph
duyt phn loi nn cha hu ht tt c du vt ca cc h s c lit k di
y. Ti liu SPP ca nh thu phi xc nh v m t nhng ng dng sau:

Nhn vin truy cp.


Vic truy cp tri php v ln lt vo cc thit b my tnh trung tm
hoc cc khu vc cha thit b u - cui t xa.
Thi gian bt u/tm dng ca h thng.
Tt c cc chng nng c bt u bi h thng ADP.
Vic ngt kt ni vi cc thit b u cui t xa v cc thit b ngoi vi
Hot ng ng nhp/ng xut ca ngi dng.
N lc tri php truy cp cc tp tin hoc cc chng trnh.
Chng trnh bao gm cc thng tin nhn dng.
H thng phn cng b sung, xa v cc hot ng bo tr.
Nhng vn pht sinh lm thay i, nh hng n tnh nng bo mt
ca cc phn mm h thng
Vic kim sot du vt phi c lu gi trong mt thi gian ca mt chu k
kim tra.
1.2.5. Tiu chun m bo kim sot
Mc tiu kim sot m bo l: H thng c s dng x l hoc phn
loi cc thng tin nhy cm phi c thit k m bo gii thch ng v chnh
xc cc chnh sch bo mt v khng c lm sai lch mc ch ca chng.
Mt s c s cho mc tiu ny c th c tm thy trong cc phn sau trong
Ch th 5200.28 ca B quc phng:
Ch th 5200.28(IV.B.1) quy nh: An ninh ca mt h thng ADP l
hiu qu v kinh t nht nu h thng c thit k ban u chun b y
cho n. Mi thnh phn ca b quc phng s tin hnh thit k mt
h thng ADP x l, lu tr hoc phn loi cc thng tin. T s khi
u ca qu trnh thit k, ta c xem xt cc chnh sch bo mt, cc
khi nim, v cc bin php quy nh ti Ch th ny.
Ch th 5200.28 ca B quc phng (IV.C.5.a) quy nh: cc phng n
d c th c thc hin cho php iu chnh khu vc kim sot h
thng ADP vi mc bo v cn thit. Thao tc tri php ca h thng

v cc thnh phn ca n s c ch c bit bng cc bin php an


ninh t h thng t ng.
Ch th 5200.28 ca B quc phng (VI.A.2) quy nh: Mi trng kim
sot ca H thng ADP s c bo v bn ngoi gim thiu kh
nng truy cp tri php vo cc im trn h thng, truy cp thng tin
mt trong h thng, hoc cc tc ng thit hi cho h thng.
Sch hng dn 5220.22-M (Phn XIII 103a) ca B Quc phng yu cu:
phi c vn bn ph duyt t c quan an ninh c thm quyn trc khi x l bt k
thng tin mt no trong mt h thng ADP.

CHNG 2.
2.1.

H n

n v

NHNG HNG DN CA TCSEC

nh n

Knh ngm l bt k knh truyn thng no c th khai thc bi mt qu trnh


truyn thng tin theo mt cch vi phm chnh sch an ton ca h thng. C hai
kiu knh ngm: knh ngm lu tr v knh ngm thi gian. Knh ngm lu tr
bao gm tt c phng tin cho php ghi trc tip hoc gin tip vo mt v tr lu
tr bi mt tin trnh v c trc tip hoc gin tip n bng tin trnh khc. Knh
ngm thi gian bao gm tt c phng tin cho php mt tin trnh gi tn hiu
thng tin ti mt tin trnh khc bng cch iu chnh n ngi ch s dng ti
nguyn h thng theo cch nh vy.
T gc an ton, knh ngm c bng thng thp em li mi e da thp hn
nhng knh ngm c bng thng cao. Tuy nhin, i vi nhiu kiu knh ngm, k
thut dng gim bng thng xung mt tc nht nh(ty theo c cu knh
c th v kin trc my tnh) cn lm gim hiu sut cung cp cho h thng ngi
dng hp php. Do , cn cn di gia hiu nng h thng v bng thng knh
ngm . V mi e da ca s tha hip s c mt trong mi h thng my tnh a
cp c phn loi hoc thng tin nhy cm, nh vy h thng khng ln cha
knh ngm vi bng thng cao. Hng dn ny dnh cho ngi pht trin h thng
mt tng nh th no l mt knh ngm bng thng cao.
Mt knh ngm c bng thng vt qu tc 100bps th c coi l cao bi
100bps l gn ging tc nhiu my tnh u cui chy. iu c v khng
thch hp gi l h thng my tnh an ton nu thng tin c th b hao mn
tc bng tc u ra bnh thng ca mt s thit b thng thng. Trong mi
h thng my tnh nhiu cp c mt s tng i knh ngm bng thng thp
tn ti su xa trong thit k h thng. i mt vi chi ph ln gim bng thng
ca knh ngm, iu dng nh ch cn bng thng ti a nh hn hn 1bps l
c th chp nhn c trong hu ht mi mi trng ng dng. Tuy nhin h thng
chp nhn hiu nng trong vi h thng c th lm n khng thc t ti loi b tt
c knh ngm vi bng thng bng 1 hoc hn vi bps, iu c th kim ton

chng s dng m khng nh hng bt li ti hiu nng h thng. Kim ton ny


c kh nng cung cp cho ngi qun tr h thng vi mt phng tin pht hin
v th tc chnh sa tha hip quan trng. V vy mt c s tnh ton tin cy
(TCB) nn cung cp, mi ni c th, kh nng kim ton s dng k thut knh
ngm vi bng thng c th vt qua tc 1-10bps

2.2.

H ng dn cu hnh iu khin truy nhp bt buc c bit

iu khin truy nhp bt buc yu cu bao gm mt kh nng h tr mt s


lng khng xc nh phn loi theo cp bc v s lng khng xc nh khng
phn cp loi tng cp bc . pht trin tnh nht qun v di ng trong thit
k v pht trin ca an ninh Quc Gia thnh lp h thng my tnh tin cy, l
mong mun cho tt c cc h thng c kh nng h tr mt s lng ti thiu ca
cc cp v cc loi.
Nhng gi cung cp cho yu cu ny:
S lng phn loi theo cp bc nn ln hn hoc bng 16
S lng cc loi khng phn cp nn ln hn hoc bng 64
2.3.

H ng dn cho n

i ki

nh an ton

Nhng hng dn ny cung cp mt du hiu ca mc v s tinh t trong


tin hnh kim tra bi trung tm bo mt my tnh b quc phng trong sut qu
trnh nh gi sn phm chnh thc. T chc mong mun s dng H thng tiu
ch nh gi my tnh tin cy ca b quc phng thc hin s nh gi ca
ring mnh c th tm thy phn hu ch ny cho mc nh lp k hoch.
2.3.1. Ki
2.3.1.1.

nh i vi phn on C
Nhn vin

Nhm kim tra bo mt s bao gm t nht hai c nhn vi bng c nhn khoa
hc my tnh hoc tng ng. Cc thnh vin ca nhm phi lm theo k hoch
kim tra chun b bi nh pht trin h thng v ngh b sung, phi quen
thuc vi gi thit l hng hoc h phng php kim tra bo mt tng ng,

v phi c kinh nghim lp trnh mc Assembly. Trc khi kim nh bt u, cc


thnh vin trong nhm phi c kin thc v h thng c nh gi, v phi hon
tt kha hc ca nh pht trin h thng cho h thng c nh gi.
Kim nh

2.3.1.2.

Nhm s c thc hnh lin quan trong chy c lp ca th nghim s


dng bi nh pht trin h thng. Nhm phi c lp trin khai v thit k t nht
nm h thng c th th nghim trnh s p t c ch bo mt ca h thng.
Thi gian kim nh t nht l mt thng v khng cn qu ba thng.
Trong s khng t hn hai mi gi thc hnh dnh cho vic tin hnh kim
tra xc nh nh pht trin h thng v kim tra xc nh nhm.
2.3.2. Ki
2.3.2.1.

nh i vi phn on B

Nhn vin

Nhm kim tra bo mt s bao gm t nht hai c nhn c bng c nhn khoa
hc my tnh hoc tng ng v t nht mt c nhn c bng thc s khoa hc
my tnh hoc tng ng. Thnh vin trong nhm phi lm theo k hoc kim
tra chun b sn bi nh pht trin h thng v xut thm, phi thng tho vi
gi thit l hng hoc h phng php kim tra bo mt tng ng, phi thng
tho ngn ng thi hnh TCB, v phi c kinh nghim lp trnh mc Assembly.
Trc khi kim nh bt u, cc thnh vin trong nhm phi c kin thc chc
nng ca h thng ang c nh gi, v phi hon thnh kha hc ni b ca
nh pht trin h thng cho h thng ang c nh gi. t nht mt thnh vin
trong nhm phi hon thnh trc mt bi kim tra bo mt trn h thng khc.
2.3.2.2.

Kim nh

Nhm kim nh phi thc hnh tham gia vo mt cuc chy c lp ca gi


kim nh c s dng bi nh pht trin h thng nhm kim tra bo mt phn
cng v phn mm c lin quan. Nhm kim nh phi c lp thit k v thc
hin t nht mi nm h thng c th kim tra mt cch n lc ph v c ch

bo mt ca h thng. Thi gian dnh cho kim nh phi khng t hn hai thng
v khng cn qu bn thng. S phi c trn ba mi gi thc hnh trn mi thnh
vin ca nhm dnh cho thc hin kim tra xc nh nh pht trin h thng v
kim tra xc nh nhm.
2.3.3. Ki
2.3.3.1.

nh i vi phn on A

Nhn vin

Nhm kim nh bo mt phi bao gm t nht mt c nhn vi bng c nhn


khoa hc my tnh hoc tng ng v c t nht hai c nhn c bng thc s khoa
hc my tnh. Thnh vin trong nhm phi lm theo k hoch kim th c chun
b sn bi nh pht trin h thng v xut thm, phi thng tho vi gi thit l
hng hoc phng php kim tra bo mt tng ng, phi thng tho ngn ng
thc hin TCB, v phi c kinh nghim lp trnh Assembly. Trc khi tin hnh
kim th, cc thnh vin trong nhm phi c kin thc chc nng ca h thng s
nh gi, v phi hon thnh kha hc ni b ca nh pht trin h thng cho h
thng s nh gi. t nht mt thnh vin phi quen thuc vi phn cng h
thng hiu c chn on bo tr cc chng trnh v ti liu h tr phn cng.
t nht hai thnh vin phi tng hon thnh mt bi kim tra bo mt trn h
thng khc. t nht mt thnh vin phi tng tham gia c kh nng lp trnh mc
h thng trn h thng di th nghim mt mc phc tp tng ng
thm mt thit b iu khin h thng.
2.3.3.2.

Ki

nh

Nhm kim nh phi thc hnh tham gia chy c lp gi th nghim


c s dng bi nh pht trin h thng kim tra phn cng v phn mm lin
quan. Nhm phi c lp thit k v thc hin t nht hai nm bi kim tra c th
trong mt n lc ph v c ch bo mt ca h thng. Thi gian dnh cho th
nghim phi t nht l ba thng v khng cn qu su thng. S khng c t hn
nm mi gi thc hnh mi thnh vin dnh cho thc hin kim tra xc nh nh
pht trin h thng v kim tra xc nh nhm.

TI LIU THAM KHO


1. Anderson, J. P. Computer Security Technology Planning Study, ESD-TR-73-51, vol. I,
ESD/AFSC, Hanscom AFB, Bedford, Mass., October 1972 (NTIS AD-758 206).
2. DoD Directive 5400.11, Department of Defense Privacy
Program, 9 June 1982.
3. Brand, S. L. "An Approach to Identification and Audit of Vulnerabilities and Control in
Application Systems," in Audit and Evaluation of Computer Security II: System
Vulnerabilities and Controls, Z. Ruthberg, ed., NBS Special Publication #500-57, MD78733,
April 1980.
4. Denning, D. E. Secure Information Flow in Computer Systems, Ph.D. dissertation, Purdue
Univ., West Lafayette, Ind., May 1975.
5. DCID l/l6, Security of Foreign Intelligence in Automated Data Processing Systems and
Networks (U), 4 January l983.
6. OMB Circular A-71, Transmittal Memorandum No. 1, Security of Federal Automated
Information Systems, 27 July 1978.
7. DoD 5220.22-M, Industrial Security Manual for Safeguarding Classified Information,
March 1984.
8. DoD Directive 5200.28, Security Requirements for Automatic Data Processing (ADP)
Systems, revised April 1978.9 DoD Directive 5000.29, Management of Computer Resources
in Major Defense Systems, 26 April l976.

Calificar