SJ 20628-1997 Technical requirements for general military computer information security
Some standard content:
Military Standard of the Electronic Industry of the People's Republic of China FL0137
SJ20628-97
Information security technical requirementsfor general military computersPublished on June 17, 1997
Implemented on October 1, 1997
Approved by the Ministry of Electronics Industry of the People's Republic of China 1 Scope
1.1 Subject content
1.2 Scope of application
2 Referenced documents
3 Definitions
3.1 Terms
3.2 Symbols and abbreviations
4 General requirements
4.1 General principles||tt| |4.2 Information security characteristics
4.3 Composition of the security system and basic security function requirements 5 Detailed requirements·
5.1 Encryption
5.2 Anti-electromagnetic information leakage·
5.3 Access control·
Information flow control
Firewall security protection
5.6 Audit control…
Software protection…
Data protection:
Protection of the authenticity and validity of information exchange. 5.10
Antivirus
System security assessment and formal description verification5.11
(13)
(15)
People's Republic of China Electronic Industry Military Standard General Military Computer Information Security
Technical Requirements
Information securitytechnical requirementsfor general military computers1Scope
1.1 Subject matterbzxz.net
This standard specifies the general technical requirements for information security of military computer systems. SJ20628-97
This standard does not involve information security legislation, administrative management, and security protection requirements for computer system work areas, auxiliary facilities, and computer system working environment conditions. 1.2 Scope of application
This standard applies to the research, development, and application of general military computer information security systems. It can also be used as a reference for other systems with corresponding information security requirements. 2 Referenced Documents
GJB1281-91
GJB1894-94
GJB2256—94
GJB2646—96
3 Definitions
3.1 Terminology
Requirements for security of command automation computer networks Requirements for data encryption of command automation systems
Terminology for military computer security
Military computer security assessment criteria
The following terms apply to this standard.
3.1.1 Access control
The process of authorizing and controlling access to system resources by users, programs or processes. Synonyms: controlled access; controlled accessibility. 3.1.2 Access control mechanismsAccess control mechanismsIn information systems, hardware or software functions, operating procedures, management procedures and their various combinations designed to detect and prevent unauthorized access, and to ensure the correct implementation of authorized access (see 3.4 in GJB2256). 3.1.3 Audit trailAdittrail
The flow record of system activities. This record sequentially emphasizes, reviews and verifies the environment and activities of each event according to the path of the event from beginning to end. Ministry of Electronics Industry of the People's Republic of China Issued on June 17, 1997 Implemented on October 1, 1997
3.1.4 Authentication
SJ20628-97
a. Verify the identity of users, devices and other entities; b. Verify the integrity of data (see 3.16 in GJB2256). 3.1.5 Authorization Authorization
Granting access rights to users, programs or processes (3.18 in GJB2256). 3.1.6 Certification
Comprehensive assessment of the technical and non-technical security features and other protections of information systems to support the approval process and determine the extent to which a particular design and implementation meets a series of predetermined security requirements (see 3.28 in GJB2256). 3.1.7 Compromise
Unauthorized exposure or loss of sensitive information (see 3.31 in GJB2256). 3.1.8 Computer security computersecurity Measures and controls to protect information systems from denial of service, unauthorized (accidental or intentional) exposure, modification and data destruction (see 3.33 in GJB2256).
3.1.9 Concealment system Concealment system A means of embedding sensitive information into unrelated data to conceal it and thus achieve confidentiality (see 3.34 in GJB2256).
confidentiality
3.1.10 Confidentiality
A property that provides a protection state and level of protection for secret data (see 3.35 in GJB2256). 3.1.11 Covert channel covertchannel
A communication channel that allows two co-operating processes to transmit information in a way that violates the system security policy (see 3.44 in GJB2256).
3.1.12 Covert storage channel covertstoragechannel includes a covert channel in which a storage address is directly or indirectly written by one process and a storage address is directly or indirectly read by another process (see 3.4.5 in GJB2256). 3.1.13 Cryptographic algorithm A strictly defined procedure, or a series of rules or steps, used to generate a key stream or ciphertext from plaintext, or to generate plaintext from a key stream or ciphertext.
3.1.14 Data integrity The property of data in an information system that is identical to the original document and has not been accidentally or maliciously modified or destroyed (see 3.56 in GJB2256).
3.1.15 Data security
Protect data from accidental or malicious modification, destruction or exposure (see 3.58 in GJB2256). 3.1.16 Decipherment
Use the appropriate key to convert encrypted text into plain text. 3.1.17 Discretionary access control A means of limiting access to objects based on the identity and known needs of users, processes, and groups to which they belong. Discretionary access means that a subject with access permission can transfer access rights to other subjects (see 3.62 in GJB2256). 3.1.18 Eavesdropping
Unauthorized interception of information by using non-wired eavesdropping methods (see 3.64 in GJB2256). -2
3.1.19 Encipherment
SJ20628-97
Transforming plain text into an incomprehensible form through a cryptographic system. 3.1.20 Encryption algorithm encryption algorythm A set of mathematical rules that implements a series of transformations to turn information into ciphertext (see 3.68 in GJB2256). Synonym: privacy transformation. 3.1.21 Formal verification formatverification Use the process of formal proof to demonstrate the consistency between the formal description of the system and the formal security policy model (design verification), or to demonstrate the consistency between the formal description and its program implementation (execution verification) (see 3.84 in GJB2256). 3.1.22 Identification
The process by which a system identifies an entity through a unique machine-readable name (see 3.87 in GJ2256). 3.1.23 Information security The overall management, procedures and controls required to ensure the integrity, availability and confidentiality of information (see 3.90 in GJB2256).
3.1.24 Information system security information system security Technical security facilities and management procedures established on computer hardware, software and data in order to provide protection for information systems (see 3.91 in GJB2256).
3.1.25 Key key
In cryptography, a series of symbols that control encryption and decryption operations (see 3.95 in GJB2256). 3.1.26 Key management key management
Procedures for the generation, distribution, storage and destruction of keys and related information (such as initialization vectors) (see 3.96 in GJB2256).
3.1.27 Mandatory access control mandatory access control A means of restricting access to an object based on the sensitivity of the information contained in the object and the subject's formal authorization to access such sensitive information (see 3.104 in GJB2256). 3.1.28 Multilevel security A system that contains information of different levels of sensitivity. It can be accessed by users who really need it and have different security permissions and known needs, and it can prevent users from accessing information they do not have the right to ask about. 3.1.29 Security evaluation security evaluation An evaluation made to assess the credibility of the secure processing of sensitive information within the system. 3.1.30 Security kernel security kernel The central part of the computer system that controls access to system resources and implements basic security procedures (see 3.151 in GJB2256).
3.1.31 Security policy security policy A collection of laws and regulations that stipulate how an organization manages, protects and distributes sensitive information (see 3.153 in GJB2256). 3.1.32 Sensitive information sensitive information Information that may cause great loss or harm due to intentional or unintentional disclosure, modification or destruction, and requires a certain level of protection (see 3.157 in GJBB2256).
3.1.33 System integrity systemintegrity The state in which the information system maintains the logical correctness and reliability of the operating system under any circumstances; the hardware and software integrity of the protection mechanism (see 3.162 in GJB2256). 3
3.1.34 Threatthreat
SJ20628-97
Environment or potential events that may cause damage to the system in the form of destruction, leakage, data modification and denial of service (see 3.167 in GJB2256).
3.1.35 Transient electromagnetic pulseemanation standard (TEM-PEST) The study and control of leakage emission of information systems (see 3.171 in GJB2256). 3.1.36 Trusted computer system trustedcomputersystem A system that uses sufficient software and hardware assurance measures and can simultaneously process a large amount of sensitive or different categories of information (3.174 in GJB2256).
3.1.37 Trusted computing base trustedcomputing base The overall protection device in the computer system, including hardware, firmware, software and the combination responsible for executing security policies. It establishes a basic protection environment and provides additional user services required by a trusted computer system (see 3.175 in GJB2256).
3.1.38 User authentication user authentication See 3.1.1 and 3.1.4.
3.1.39 User identification user identification (userID) A unique symbol or string used by the information system to identify the user (see 3.179 in GJB2256). 3.1.40 Confirmation validation
Testing and evaluation to determine whether it meets security regulations and requirements (see 3.180 in GJB2256). 3.1.41 Verification verification
The process of comparing two specifications at the appropriate level. For example, the comparison between the security policy model and the top-level specification, the top-level specification and the source code, or the source code and the target code (see 3.181 in GJB2256). 3.1.42 Virus virus
A Trojan horse that can spread itself. It is generally composed of a boot part, a destructive part, and a self-propagating part (see 3.182 in GJB2256).
3.1.43 Vulnerability vulnerability
Weaknesses in system security procedures, system design, implementation, internal control, etc. that lead to the destruction of system security policies (see 3.183 in GJB2256).
3.1.44 Wiretapping
There are two types of wiretapping. The first is active wiretapping, which is connecting an unauthorized device (such as a computer terminal) to a communication line to gain access to data by generating false information or control signals, or by changing the communication method of a legitimate user. The second is passive wiretapping, which is the illegal monitoring and recording of data being transmitted on the communication line. 3.2 Symbols and abbreviations
TEMPEST
B-ISDN
Anti-leakage transmission
Database management system
Data Encryption Standard (a block encryption/decryption algorithm) is an abbreviation of the names of Rivest, Shamir and Adleman (a public key encryption/decryption algorithm)
Integrated Services Digital Communications Network
Broadband Integrated Services Digital Communications Network
4 General requirements
4.1 General principles
4.1.1 Application environment
SJ20628-97
The information security requirements for computer systems apply to the following environments: a, local area networks and wide area networks, including metropolitan area networks and the Internet (see GJB1281); b. Various communication channels, such as dedicated lines, public telephone networks, X.25 packet switching networks (including fast switching), satellite communication networks, shortwave and ultra-shortwave wireless communication networks, integrated services digital communication networks (ISDN) and broadband integrated services digital communication networks (B-ISDN), etc.:
c. Computer (centralized and distributed) application processing mode; d. Database system;
e. Interconnection, intercommunication and interoperability of various computing application systems. 4.1.2 Information security threats
When considering information security requirements, the following inherent vulnerabilities of computer systems and the impact of common threats should be estimated. 4.1.2.1 Vulnerabilities of computer systems
Computer systems may have the following vulnerabilities: High density of information storage
Storage media can store a large amount of information and are easy to carry, but are susceptible to accidental damage, which may cause the loss of a large amount of information.
*b.\Information leakage
Electromagnetic radiation from computer systems during operation may cause information leakage. Accessibility of information
Information can be easily accessed and copied without leaving any traces. Once an unauthorized person enters the system, he or she may access the information in the system and copy, delete or destroy it.
d. Residual magnetism of magnetic media
Information in storage media is sometimes indelible, and may leave traces of readable information. Once used, it will cause leakage.
e. Aggregation of information
Computer processing often gathers a large amount of information. This aggregation of information may bring great potential security risks. f. Vulnerability of communication lines
Physical damage to the lines, wiretapping, transmission of sound, etc. may cause information to be leaked or destroyed. g. Professionalism of computer technology
For a person with professional computer knowledge and familiarity with the system, it is possible to break through the security protection of information. On the contrary, for managers and users who do not have much computer expertise and are not familiar with the system, they may not notice that the system information has been stolen or destroyed.
4.1.2.2. The impact of common threats on information security Common threats that affect information security are shown in Table 1. -5
Common threats
SJ20628-97
Backdoor (a method of entering a system intentionally established by the designer) Human error
Denial of use (information cannot be used)
Electromagnetic leakage
Information theft
Natural disasters
Forged documents or records
Fraudulent information resources
Hard equipment failure
Access to counterfeit
Inaccurate or outdated information
Logic bomb (modify the program so that it runs in a different way under certain conditions
Wrong transmission direction
Eavesdropping on communications (using a network analyzer)
Additional load
Programming errors or defects
Physical or logical damage Bad
Waste utilization (discovering useful information)
Trojan horse (a program embedded in a legitimate user program) Virus
Wiretapping
One has an impact.
4.1.3 Information security protection
Impact on information security
Confidentiality
Integrity
Availability
Effective information security strategies, security mechanisms and corresponding information security software and hardware should be developed and implemented, and the effectiveness of various information security protection measures should be checked to protect system information resources and minimize the losses caused by various threats faced by the system. There should also be appropriate emergency plans to prevent the system from being attacked or damaged, and to use the prepared emergency measures to restore the system to normal operation as soon as possible. ||tt ||4.2 Information security features
4.2.1 Confidentiality
Cryptographic technology should be used to encrypt information, and suppression and shielding measures should be taken to prevent electromagnetic information leakage to ensure that 6
information is only disclosed to authorized users.
Confidentiality requirements are as follows:
SJ20628-97
a: The cryptographic system and cryptographic algorithm adopted (see GJB1894) should have sufficient confidentiality strength. Its keys should be strictly protected so that they can withstand various levels of decryption attacks and become virtually undecipherable; b. There should be effective key management, including the entire process of key generation, storage, distribution, replacement, custody, use, and destruction. The key should be difficult to steal, and even if it is stolen, it will have lost its due value; c. In order to Reliably detect active attacks on transmitted information (such as analyzing communication traffic and modifying content), and ensure that the plain text content of the information cannot be obtained after the transmitted information is intercepted (such as wiretapping). The transmitted information should be encrypted and protected in various transmission modes, such as full-duplex, half-duplex, synchronous, asynchronous, point-to-point, point-to-multipoint transmission, etc.; encryption of information with different confidentiality levels should have corresponding confidentiality strength and perfect and reasonable key management. It is not allowed to encrypt two or more plain texts with the same key, nor is it allowed to encrypt the same plain text with passwords of different strengths. The impact of completing the encryption operation on information transmission, processing speed, etc. cannot exceed the range allowed by the original system requirements; d. In order to prevent the stored information from being leaked to irrelevant personnel or illegally obtained, modified, or even destroyed, the stored information should be encrypted and protected. The encryption protection method (local, global encryption; encryption inside and outside the library, etc.) should be determined according to the confidentiality level of the stored information, the characteristics of the information, and the degree of openness of the use of information resources. Encryption should not use a one-time password. The confidentiality strength should reach the level of being practically unbreakable; key management should adapt to the requirements of short storage time of encrypted information and the same master key used by different users to access information. The impact of completing encryption operations on system resources such as processing time, storage space, and operation time and flexibility and ease of use such as query, retrieval, modification, and update should not exceed the scope allowed by the original system requirements; e. In order to prevent information loss caused by electromagnetic information leakage, effective shielding and suppression of electromagnetic signal leakage generated by conduction and radiation should be carried out. Corresponding standards should be formulated to specify the protection classification requirements. In this regard, the use occasions of the visual system, environmental conditions, protection methods used, allowed security areas, the ability of eavesdroppers to receive and recover leaked signals, and price factors should be used to reasonably determine the protection level.
4.2.2 Availability
Unauthorized persons should be prevented from entering the system to access, steal and destroy information resources, and legitimate users should be guaranteed to access the information resources they are entitled to access.
Availability requirements are as follows:
a. Identification and confirmation
The system should identify the identity of the entrant and confirm whether it is the identity of the legitimate user. Only when the identification and confirmation are correct, the user is allowed to enter the system.
The means of identification and confirmation should meet certain accuracy requirements and should not be affected by loss, leakage or forgery by others. b. Access control
Information should be classified into levels and the authorization mechanism for the categories of system resources to be accessed and the types of access operations should be specified. Users should be divided into user categories with several attributes, and a permission visa mechanism that is compatible with the confidentiality level of information and the categories of system resources allowed to be accessed and the types of access operations should be specified, so that the system can determine which visa, which authority, and which attribute of a legitimate user can access which system resources, which confidentiality level of information, and what type of access operation can be performed. According to the security level requirements, the system should have an autonomous access control mechanism, or two mechanisms of autonomous access control and mandatory access control. The system should also prevent or limit information leakage through covert channels. As an important supplement to access control, it should also have an information flow control mechanism.
c. Audit
SJ20628-97
There should be a complete record of the application or user's use of system resources, related operations involving information security incidents, including fraudulent operations, so as to analyze the causes, clarify responsibilities, and take corresponding security measures, such as expelling users who violate the operation from the system.
The record content should generally include what illegal operations were performed on the data terminal, what system resources were used, what type of access operations were performed, and the time and sequence of the relevant operation processing. The main content records should be selected for audit, and the allowable range of the original performance requirements of the system should not be affected. Auditing should also be combined with alarms to promptly send reminders or alarm information to security personnel for prevention or remedial measures. 4.2.3 Integrity
Information should be prevented from being illegally copied, leaked, modified and destroyed without authorization to ensure the correctness, validity, consistency and authorized access and modification of information, and to ensure the authenticity and validity of information exchange. The requirements for integrity are as follows: a. Software integrity
In order to prevent the software from being illegally copied, the software must have a unique identifier and be able to check whether the identifier exists and whether it has been modified. It should also have the ability to reject dynamic tracking analysis to prevent the copier from bypassing the identification check. In order to prevent the software from being illegally modified, the software should have anti-analysis capabilities and integrity verification means. The software should be encrypted so that even if the copier obtains the source code, static analysis cannot be performed. b. Data integrity
The media storing data should be regularly checked for physical damage. Accidental events such as misoperation, hardware failure, software error, power failure, strong electromagnetic field interference, etc. should be minimized. Integrity verification and auditing means should be used to detect potential errors such as incorrect input and incorrect programs. For data that only needs to be called, it can be concentrated into data modules so that it cannot be read or modified. The data should also have fault tolerance, backup and recovery capabilities. c. Authenticity and validity of information exchange
The recipient of the information exchange should be able to verify that the source, content and sequence of the received information are authentic. In order to ensure the validity of the information exchange, the recipient should confirm that the authentic information has been received. The received information cannot be deleted, altered, forged, denied, or repudiated. The sender cannot falsely claim that it has never sent any information, nor should it claim that the information was forged by the recipient. 4.3 Composition of security system and basic security function requirements 4.3.1 Composition of security system
The security system is a subsystem expanded to enhance the information security of general computer systems. It consists of security hardware and security software.
a. Security hardware mainly includes low-leakage computers, confidentiality equipment, and various security cards, such as anti-/anti-virus cards, identity recognition cards, etc.;
b. Security software mainly includes security operating systems, security network systems, security database management systems, and special security software (such as anti-virus software, identity recognition software, encryption/decryption software, system monitoring software, etc.). 4.3.2 Basic security function requirements for hardware equipment 4.3.2.1 Information leakage prevention computer
TEMPEST computers should comply with the safety critical values specified in the relevant standards (i.e., the boundary level of information leakage that the processed information is not intercepted by the highly sensitive TEMPEST receiving system at a distance of 1m). If the leakage level exceeds the critical value, there must be suppression protection measures. TEMPEST is divided into three levels, namely, full protection level 1m, 20m, and 100m. The frequency range of the corresponding critical value is 1kHz~18GHz, and its safety distance is 1m, 20m, and 100m. The specific indicators of information leakage are specified by the corresponding standards. 8
4.3.2.2 Confidentiality equipment
SJ20628-97
Confidentiality equipment generally has two categories: one is a line confidentiality machine used for data transmission encryption between adjacent network nodes; the other is a user confidentiality machine used for data transmission encryption between the source point and the destination point. The basic functional requirements of the line security machine include: a.
adaptable communication mode: physical interface, channel, working mode (point-to-point, point-to-multipoint, half-duplex, full-duplex, asynchronous, synchronous), data transmission rate and communication protocol; b. Encryption protection content and confidentiality strength;
key management method;
data transmission correctness
encryption/decryption speed;
resource overhead:
encryption, decryption and transmission, operation, display and other control; g.
self-diagnosis and detection;
reliability and maintainability;
j. easy to use.
In addition to the above requirements a~i, the basic functions of the user security machine should also highlight the friendly human-computer interface. 4.3.3 Basic security function requirements of the operating system The implementation of a high-security operating system (including the operating system of the computer system and the network operating system, which should be B or above according to the requirements of GJB2646) should be based on the security core. The basic security functions of the operating system are as follows: a. b. User identification and confirmation include:
unique user identification, confirmation of user identity legitimacy, setting user-selected security levels and establishing security documents for users entering the system, deleting users and revoking their security documents, and adjusting security levels, etc.; b. Autonomous access control refers to:
autonomous access control of file resources, that is, authorization operations such as reading, writing, and executing files and directories, searching and modifying directories, etc.;
c. Mandatory access control includes:
setting, closing, and displaying security level management (but non-privileged users cannot manage security levels), setting user login security levels (but non-privileged users cannot manage user security levels), process security level inheritance, access to ordinary files, ordinary directories and multi-level directories, and access to message queues, shared storage, and semaphores; when implementing the above mandatory access control, the mandatory access control rules should be met, and the privileged management of process sensitive operations, anti-virus, and anti-Trojan horse attacks should also be met; d. Information flow control includes:
Trusted paths and isolation from other paths Covert channel analysis: e: Security audit includes:
Specification, selection, and invocation of audit events, analysis of records, display reports, and alarms, etc. f. Trusted recovery after system failure or other interruptions; g. Encrypted file system;
h. Applicable platforms and compatible application software.
4.3.4 Basic security function requirements for database systems 9
Tip: This standard content only shows part of the intercepted content of the complete standard. If you need the complete standard, please go to the top to download the complete standard document for free.