Security Dynamics Access Control Encryption System
Abstract
The Access Control Encryption (ACE) system has been evaluated by the National Computer Security Center (NCSC). ACE is considered to be a security sub-system rather than a complete trusted computer system, therefore it was evaluated against a relevant subset of the requirements from the Department of Defense Trusted Computer System Evaluation Criteria (Criteria). This subset includes identification and authentication and audit. Additionally, ACE implements a technology to reliably verify an authenticated connection. The NCSC evaluation team has determined that ACE is capable of applying these security features to any system that uses standard communication channels. ACE maintains user I and A by requiring each user to enter a proper pass code prior to granting access to the host system or, in the case of an ACE administrator, to the ACE system maintenance menus. The authenticated connection, achieved by requiring the Access Control Module (ACM) to authenticate itself to the user, provides some assurance to users that they are responding to ACE and not to a personal identification number spoofing program. Audit records can be created for virtually everything associated with ACM, including attempted connections to the host and any ACE system maintenance that occurs. (kr)
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 31, 1987
- Accession Number
- ADA221814
Entities
People
- Jessica A. Arnold
- T. Ambrosi
- W. Geer