Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 20272-2006 English PDF (GBT20272-2006)

GB/T 20272-2006 English PDF (GBT20272-2006)

Regular price $150.00 USD
Regular price Sale price $150.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: 24-hr self-service. Click GB/T 20272-2006
See Chinese contents: GB/T 20272-2006

GB/T 20272-2006: Information security technology -- Security techniques requirement for operating system

This Standard specifies the security techniques requirement required for operating system of each security grade, according to the classification of five security protection grades in GB 17859-1999, and according to the role of operating system in information system.
GB/T 20272-2006
GB
NATIONAL STANDARD OF THE
PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
Information Security Technology - Security
Techniques Requirement for Operating System
ISSUED ON. MAY 31, 2006
IMPLEMENTED ON. DECEMBER 1, 2006
Issued by. General Administration of Quality Supervision, Inspection
and Quarantine of the PEOPLE Republic of China;
Standardization Administration of the People's Republic of
China.
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 6
2 Normative References ... 6
3 Terms, Definitions and Abbreviations ... 6
3.1 Terms and Definitions??...??6
3.2 Abbreviations??...??8
4 Graded Technical Requirements for Security Grade Protection ... 8
4.1 Grade 1. the User's Discretionary Protection Grade??...??8
4.1.1 Security Function??...??8
4.1.2 SSOOS Self-security Protection??...??9
4.1.3 SSOOS Design and Realization??...??11
4.1.4 SSOOS Security Management??...??14
4.2 Grade 2. System Audit Protection Grade??...??14
4.2.1 Security Function??...??14
4.2.2 SSOOS Self-security Protection??...??18
4.2.3 SSOOS Design and Realization??...??21
4.2.4 SSOOS Security Management??...??26
4.3 Grade 3. Security Label Protection Grade??...??26
4.3.1 Security Function??...??26
4.3.2 SSOOS Self-security Protection??...??32
4.3.3 SSOOS Design and Realization??...??36
4.3.4 SSOOS Security Management??...??44
4.4 Grade 4. Structured Protection Grade??...??44
4.4.1 Security Function??...??44
4.4.2 SSOOS Self-security Protection??...??50
4.4.3 SSOOS Design and Realization??...??54
4.4.4 SSOOS Security Management??...??61
4.5 Grade 5. Access Verification Protection Grade??...??62
4.5.1 Security Function??...??62
4.5.2 SSOOS Self-security Protection??...??68
4.5.3 SSOOS Design and Realization??...??72
4.5.4 SSOOS Security Management??...??79
Appendix A (Informative) Explanation of Standard Concept ... 81
A.1 Composition and Interrelationship??...??81
A.2 Description on Classification of Security Protection Grade...??82
A.3 Further Description on Subject and Object??...??83
A.4 SSOOS, SSF, SSP, SFP and their Interrelationship??...??84
A.5 Description on Encryption Technology??...??84
Bibliography ... 85
Foreword
Appendix A of this Standard is informative.
This Standard was proposed by and shall be under the jurisdiction of the National Technical Committee on Information Security of Standardization Administration of China.
Drafting organizations of this Standard. Beijing Siyuan Xinchuang Information Security Information Co. Ltd. AND Technical Service Center of Jiangnan Institute of Computing Technology.
Chief drafting staffs of this Standard. Ji Zengrui, Wang Xiaoyin, Wang Zhiqiang, Chen Guanzhi, Jing Qianyuan and Song Jianping.
Introduction
This Standard is used for guiding the designer to design and realize the operating system with the required security protection grade; it mainly specifies the security techniques measures which shall be taken for operating system to realize each security protection grade in GB 17859-1999, and the differences in concrete realization of security technical requirements at different security protection grades. Computer operating system is an important part of information system. The main function of computer operating system is to carry out computer resource management and provide computer interface used by the user. Resources managed by operating system include various user resources and computer system resources. User resources may be summarized as data information resources expressed in file. System resources include system program, system data and various forms set for managing the computer hardware resource. They are also expressed in files in operating system, and are respectively referred to as executable file, data file, configuration file etc. It is obvious that the protection for resources in operating system is actually the protection for files in operating system. The operating system, due to its significant status and function in computer system, frequently becomes the primary target of attack and threat (both artificial and natural) of computer system. Thus, the security of operating system becomes very important. Both security operations of operating system and protection for resource in operating system (mainly the protection for data information resource expressed in file form) shall be considered for the security of operating system. As the attack and threat may be aimed at the system operation or the confidentiality, integrity and availability of information, the functional requirements for the security protection of operating system shall be comprehensively considered from two aspects, namely security operation of operating system and security protection for operating system data. This Standard specifically describes the security function requirements for operating system from aspects of identity authentication, discretionary access control, label, mandatory access control, data flow control, audit, data integrity, data confidentiality, trusted path, etc. according to the security elements listed in GB 17859-1999 and the description of security function elements of information system in GB/T 20271-2006. Certain security assurance mechanism is required to ensure that the security function element meets the determined security requirements. This Standard specifically describes the security assurance requirements for operating system from aspects of self-security protection, design and realization, security management etc. of security subsystem of operating system (SSOOS) according to the description of security assurance elements of information system in GB/T 20271-2006. Corresponding support in aspects of security hardware system (namely physical security) and security management is also required for the operating system, which is beyond the scope of this Standard. In conclusion, this Standard describes the technical requirements for security function and security assurance of each security grade of operating system in detail based on the classification of five security grades in GB 17859-1999. In order to clearly express the addition and strengthening of security techniques requirement for each security grade compared with those for the lower grade, the newly added part of each grade in the description in Chapter 4 is indicated in "bold".
Information Security Technology - Security Techniques
Requirement for Operating System
1 Scope
This Standard specifies the security techniques requirement required for operating system of each security grade, according to the classification of five security protection grades in GB 17859-1999, and according to the role of operating system in information system.
This Standard is applicable to the design and realization of security of operating system according to the graded requirements; it may be served as a reference for the test and management of the security of operating system.
2 Normative References
The following normati...

View full details