1 Scope
This standard specifies the security techniques requirement required for operating system of each security grade according to the classification of five security protection grades in GB 17859-1999 and the role of operating system in information system.
This standard is applicable to the design and realization of security of operating system according to the graded requirements, and may serve for reference for the test and management of the security of operating system.
2 Normative References
The following normative documents contain provisions which, through reference in this text, constitute provisions of this standard. For dated references, subsequent amendments to (excluding amending errors in the text), or revisions of, any of these publications do not apply. However, all parties coming to an agreement according to this standard are encouraged to study whether the latest edition of the normative document is applicable. For undated references, the latest edition of the normative document applies.
GB 17859-1999 Classified Criteria for Security Protection of Computer Information System
GB/T 20271-2006 Information Security Technology - Common Security Techniques Requirement for Information System
3 Terms, Definitions and Abbreviations
3.1 Terms and Definitions
For the purposes of this standard, the terms and definitions specified in GB 17859-1999 and GB/T 20271-2006 and those listed below apply.
3.1.1
Security of operating system
Representation for confidentiality, integrity and availability of information stored, transported and processed in operating system.
3.1.2
Security technology of operating system
All security technologies required for realizing security of various operating systems.
3.1.3
Security subsystem of operating system
A generic term for security protection devices in operating system, including hardware, firmware, software and combined entity responsible for implementing security policy. It establishes basic security protection environment for operating system and provides additional user service required for security operating system.
Note: SSOOS (security subsystem of operating system) is the TCB of operating system according to the definition of TCB (trusted computing base) in GB 17859-1999.
3.1.4
SSOOS security policy
A set of rules for the management, protection and distribution of resource in SSOOS. One SSOOS may contain one or more security policies.
3.1.5
Security function policy
Security policy adopted to realize the function required for SSOOS security element.
3.1.6
Security element
Compositions of security content contained in the security techniques requirement of each security protection grade in this standard.
3.1.7
SSOOS security function
The function provided by all hardwares, firmwares and softwares correctly implementing SSOOS security policy. The realization of each security policy constitutes a SSOOS security function module. All security functions of a SSOOS jointly constitute the security function of SSOOS.
3.1.8
SSF scope of control
The scope of subject and object involved with SSOOS operation.
Foreword
Introduction
1 Scope
2 Normative References
3 Terms, Definitions and Abbreviations
3.1 Terms and Definitions
3.2 Abbreviations
4 Graded Technical Requirements for Security Grade Protection
4.1 Grade 1: the User's Discretionary Protection Grade
4.1.1 Security Function
4.1.2 SSOOS Self-security Protection
4.1.3 SSOOS Design and Realization
4.1.4 SSOOS Security Management
4.2 Grade 2: System Audit Protection Grade
4.2.1 Security Function
4.2.2 SSOOS Self-security Protection
4.2.3 SSOOS Design and Realization
4.2.4 SSOOS Security Management
4.3 Grade 3: Security Label Protection Grade
4.3.1 Security Function
4.3.2 SSOOS Self-security Protection
4.3.3 SSOOS Design and Realization
4.3.4 SSOOS Security Management
4.4 Grade 4: Structured Protection Grade
4.4.1 Security Function
4.4.2 SSOOS Self-security Protection
4.4.3 SSOOS Design and Realization
4.4.4 SSOOS Security Management
4.5 Grade 5: Access Verification Protection Grade
4.5.1 Security Function
4.5.2 SSOOS Self-security Protection
4.5.3 SSOOS Design and Realization
4.5.4 SSOOS Security Management
Appendix A (Informative) Explanation of Standard Concept
A.1 Composition and Interrelationship
A.2 Description on Classification of Security Protection Grade
A.3 Further Description on Subject and Object
A.4 SSOOS, SSF, SSP, SFP and their Interrelationship
A.5 Description on Encryption Technology
Bibliography
1 Scope
This standard specifies the security techniques requirement required for operating system of each security grade according to the classification of five security protection grades in GB 17859-1999 and the role of operating system in information system.
This standard is applicable to the design and realization of security of operating system according to the graded requirements, and may serve for reference for the test and management of the security of operating system.
2 Normative References
The following normative documents contain provisions which, through reference in this text, constitute provisions of this standard. For dated references, subsequent amendments to (excluding amending errors in the text), or revisions of, any of these publications do not apply. However, all parties coming to an agreement according to this standard are encouraged to study whether the latest edition of the normative document is applicable. For undated references, the latest edition of the normative document applies.
GB 17859-1999 Classified Criteria for Security Protection of Computer Information System
GB/T 20271-2006 Information Security Technology - Common Security Techniques Requirement for Information System
3 Terms, Definitions and Abbreviations
3.1 Terms and Definitions
For the purposes of this standard, the terms and definitions specified in GB 17859-1999 and GB/T 20271-2006 and those listed below apply.
3.1.1
Security of operating system
Representation for confidentiality, integrity and availability of information stored, transported and processed in operating system.
3.1.2
Security technology of operating system
All security technologies required for realizing security of various operating systems.
3.1.3
Security subsystem of operating system
A generic term for security protection devices in operating system, including hardware, firmware, software and combined entity responsible for implementing security policy. It establishes basic security protection environment for operating system and provides additional user service required for security operating system.
Note: SSOOS (security subsystem of operating system) is the TCB of operating system according to the definition of TCB (trusted computing base) in GB 17859-1999.
3.1.4
SSOOS security policy
A set of rules for the management, protection and distribution of resource in SSOOS. One SSOOS may contain one or more security policies.
3.1.5
Security function policy
Security policy adopted to realize the function required for SSOOS security element.
3.1.6
Security element
Compositions of security content contained in the security techniques requirement of each security protection grade in this standard.
3.1.7
SSOOS security function
The function provided by all hardwares, firmwares and softwares correctly implementing SSOOS security policy. The realization of each security policy constitutes a SSOOS security function module. All security functions of a SSOOS jointly constitute the security function of SSOOS.
3.1.8
SSF scope of control
The scope of subject and object involved with SSOOS operation.
Contents of GB/T 20272-2006
Foreword
Introduction
1 Scope
2 Normative References
3 Terms, Definitions and Abbreviations
3.1 Terms and Definitions
3.2 Abbreviations
4 Graded Technical Requirements for Security Grade Protection
4.1 Grade 1: the User's Discretionary Protection Grade
4.1.1 Security Function
4.1.2 SSOOS Self-security Protection
4.1.3 SSOOS Design and Realization
4.1.4 SSOOS Security Management
4.2 Grade 2: System Audit Protection Grade
4.2.1 Security Function
4.2.2 SSOOS Self-security Protection
4.2.3 SSOOS Design and Realization
4.2.4 SSOOS Security Management
4.3 Grade 3: Security Label Protection Grade
4.3.1 Security Function
4.3.2 SSOOS Self-security Protection
4.3.3 SSOOS Design and Realization
4.3.4 SSOOS Security Management
4.4 Grade 4: Structured Protection Grade
4.4.1 Security Function
4.4.2 SSOOS Self-security Protection
4.4.3 SSOOS Design and Realization
4.4.4 SSOOS Security Management
4.5 Grade 5: Access Verification Protection Grade
4.5.1 Security Function
4.5.2 SSOOS Self-security Protection
4.5.3 SSOOS Design and Realization
4.5.4 SSOOS Security Management
Appendix A (Informative) Explanation of Standard Concept
A.1 Composition and Interrelationship
A.2 Description on Classification of Security Protection Grade
A.3 Further Description on Subject and Object
A.4 SSOOS, SSF, SSP, SFP and their Interrelationship
A.5 Description on Encryption Technology
Bibliography