General Models of Computer Security

A number of general models for computer security have been developed in the past for use in stand alone situations. A designer of a distributed system will find that his customers will want to talk about the new system in terms of these models. These models are applicable to distributed system; though the boundary and mechanisms to support the trust barrier are necessarily different. This section describes two such models: the military model of multi-level security, and a more recent model of commercial security which is still being developed. The multi-level security model is very important as it is the basis for a well known set of criteria which the US Government is using to procure computer systems for most of its requirements. The criteria are set out in [Orange] which is known as the orange book, and in [red] which is known as the red book. These criteria have become very important for all types of computer security as they are the only available criteria which are widely available and being used. The new commercial model is an attempt to begin work to a similar set of criteria for purchasing systems for commercial applications.