Chapter 11: Assurance Level

• Two types of assurance:
1. Operational Assurance:
• Concentrates on the product's architecture, embedded features, and functionality that enable a customer to continually obtain the necessary level of protection when using the product
• Examples:
• Access control mechanisms
• Separation of privileged and user program code
• Auditing and monitoring capabilities
• Covert channel analysis
• Trusted recovery (when product experiences unexpected circumstances)
2. Life-Cycle Assurance:
• How product was developed and maintained because each stage of the product life cycle has standards and expectations it must fulfill before it can be deemed a highly trusted product.
• Examples:
• Design specifications
• Clipping-level configurations
• Unit and integration testing
• Configuration management
• Trusted distribution