Edit WYSIWYGattachfile Attach PDF Raw View►More Actions▼More Actions

Restore topic to revision: You will be able to review the topic before saving it to a new revision

Copy text and form data to a new topic (no attachments will be copied though).
Name of copy:
You will be able to review the copied topic before saving

Rename/move topic... scans links in all public webs (recommended)
Rename/move topic... scans links in CBI_ComputerSecurity web only
Delete topic... scans links in all public webs (recommended)
Delete topic... scans links in CBI_ComputerSecurity web only

Revision Date Username Comment
609 Sep 2015 - 10:27ThomasMisa 
505 Mar 2014 - 10:54norqu036? 
403 Oct 2013 - 14:39norqu036? 
319 Mar 2013 - 12:34NicLewis 
225 Feb 2013 - 10:26NicLewis 
121 Feb 2013 - 08:50NicLewis 

Render style:     Context:

 History: r6 < r5 < r4 < r3 < r2
[X] Hide this message.
Notice: On June 30, 2016, UMWiki service will be decommissioned. If you have information in UMWIki that needs to be preserved, you should make plans to move it before that date. Google Sites is anticipated to be the most popular and appropriate alternative for users because it offers a more modern and user-friendly interface and unlimited capacity. To learn more about the features of Google Sites and other alternatives, and to identify which one best fits your needs, see the University’s Website Solution Selection Guide. If you have concerns or would like help regarding this change and your options, please contact Technology Help at help@umn.edu
You are here: UMWiki>CBI_ComputerSecurity Web>Mechanisms>MechanismsHighAssurance (09 Sep 2015, ThomasMisa)

Current Activitieslock Who is Who?lock People Programs Publications CSHW_2014 Systems Events Mechanisms

High Assurance


High Assurance in computer security indicates that a computer system adheres to a formal design specification based upon a mathematically proven security model.(1) In the TCSEC "Orange Book," the distinguishing characteristic of an A1 security rating is that it meets the mandatory high assurance criteria. This includes formal analysis and mathematical proof that the axioms that underlie the security system are consistent with the stated security policy.(2)

Roger Schell was one of the main architects in developing the high assurance model. He developed the concepts of a secure kernel (a small portion of an operating system) and reference monitor to achieve secure systems that adhered to a proven mathematical model. Schell defined a high assurance system as one that adhered to a stated mathematical model, with a program built in discrete layers that ensured that no part of any lower layer could ever depend on data generated by the higher layers. Schell and others created these design principles over a number of years in the 1970s and 1980s. During the early to mid-1970s Schell led a $9 million research effort for the Air Force to develop and implement these concepts, including overseeing the contract work of MITRE's David E. Bell and Leonard LaPadula that resulted in the influential Bell-LaPadula Model. He led "Tiger Team" Air Force efforts to penetrate Honeywell-Multics, which resulted in security enhancement of this system.(3)


1 : externalhttp://www.darpa.mil/Our_Work/I2O/Programs/High-Assurance_Cyber_Military_Systems_(HACMS).aspx

2 : TCSEC.pdf - The "Orange Book" Trusted Computer System Evaluation Criteria (TCSEC).

3 : Oral History Interview with Roger R. Schell, conducted by Jeff Yost.

Topic revision: r6 - 09 Sep 2015 - 10:27:27 - ThomasMisa
Signed in as lewi0740 (NicLewis) | Sign out
UMWiki UMWiki
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding UMWiki? Send feedback