DSCI 525 Semester Project
Spring 2024
Completion of the semester project is to be an independent, individual effort for each student.
Communication with fellow students for this assignment, attempting to benefit from work of another
student, past or present and similar behavior that defeats the intent of an assignment is unacceptable to the
University. Such behavior will be treated as a violation of USC academic integrity standards, which are
summarized in the on-line tutorial available at
http://www.usc.edu/libraries/about/reference/tutorials/academic_integrity/index.php
Nature of the assignment
The purpose of this project is to compare and contrast two trusted system requirement models and two
implementations.
The first requirement model is the Trusted Network Interpretation (TNI). The implementation case study
of TNI is the Gemini Trusted Network Processor (GTNP). The TNI requirements and GTNP
implementation represent a reference monitor concept-based approach that is referred to as a traditional
security kernel (SK). The second requirement model is the Separation Kernel Protection Profile. The
implementation case study of SKPP is the Green Hills Software (GHS) INTEGRITY-178B (I-178B). The
SKPP requirements and I-178B implementation represent a variation of the reference monitor concept
instituted in a separation kernel.
In not less than 10 and no more than 20 pages prepare a report in PDF format with a font size 12, single
column, single spaced. There are no other specific requirements related to the formatting of your report.
Figures, tables, and the like are not included in the 20-page maximum page count. There is no penalty for
exceeding the limit, however text beyond the 20-page limit will not be considered in grading. Submit the
report in electronic form on USC D2L.
Description of the semester project
Based on information you gather and review, you are to report your research and analysis on the following
topics:
1. How SKPP evaluation requirements [4] line up against the TCSEC/TNI security kernel evaluation
requirements. This project should focus on the requirements for TNI Mandatory Only
Components (M-Components), as codified in TNI Sections 4.1.1 (Policy) and A.3.1 (M-Comp).
The associated 25 RVM evaluation factors are detailed in extracts from the TNI (which includes
TCSEC requirements outlined in [1]). Given the constrained length of the project report, this
analysis should be brief and concise conclusions for each of the 25 RVM evaluation factors,
referring to the factors by name without wasting space repeating the text of the requirements.
Be specific, include concrete references to the parts of the reviewed documents to support your
arguments.
2. Relative strengths and weaknesses of design and development techniques in separation kernel and
specifically INTEGRITY-178B product as compared and contrasted to those in the GEMSOS
security kernel, including a comparison of the respective kernel APIs and hardware requirements.
Note that you should be informed by the GEMSOS Final Evaluation Report (FER) [2], Green Hills
Software INTEGRITY-178B Separation Kernel Security Target document [5], and Common
Criteria Evaluation and Validation Scheme Validation Report [3].
3. Finally, based on all the above you are to provide final conclusions on the suitability of these two
products for deployment in the face of a witted adversary intent to violate the allocated policies.
In your report you should particularly concentrate on the problem of subversion and how it is addressed
in both cases.
References (available on Piazza in Resources)
Your analysis is to be based on a thorough review and understanding of reference material from the
published literature that includes, but is not limited to the following:
[1] An extract from the Trusted Network Interpretation (TNI) of the “Security Requirements for a Class
A1 M-Component”. (A1M)
[2] Final Evaluation Report, Gemini Computers, Incorporated, Gemini Trusted Network Processor,
National Computer Security Center, 28 June 1995. (FER)
[3] Common Criteria Evaluation and Validation Scheme Validation Report “Green Hills Software INICR750-0402-GH01_Rel INTEGRITY-178B Separation Kernel”, version 0.5, 31 January 2011.
(Integrity-178B-VR)
[4] U.S. Government Protection Profile for Separation Kernels in Environments Requiring High
Robustness (SKPP), Version 1.03, 29 June 2007. (SKPP)
[5] Green Hills Software INTEGRITY-178B Separation Kernel Security Target, Version 4.2, May 31,
2010. (Integrity-178B-ST)
Grading
The total of 100 points for the project will be allocated as follows:
1. [50 points] Systematic comparison between these security requirements models and
implementations, using the TNI evaluation factors as the vehicle for comparison.
2. [20 points] Discussion of how subversion is addressed in both cases.
3. [20 points] Discussion of the relative strengths and weaknesses of these two design and
implementation techniques.
4. [10 points] Conclusions - a per-factor consensus on the compatibility between the requirement
models and their respective implementations.
請(qǐng)加QQ：99515681  郵箱：99515681@qq.com   WX：codehelp