A transaction flow approach to a computer operating environment security evaluation

This thesis presents the application of a software security evaluation methodology to a computer operating environment based on the VAX/VMS operating system. The evaluation methodology is based on a transaction flow analysis approach that involves the systematic analysis of security exposures and controls in a computer operating environment. The system is viewed as a set of transactions performed on the objects of the system with each transaction represented in a data flow diagram. The objectives of the evaluation methodology are to identify the exposures that exist in a system, to determine the controls provided to protect those exposures, and to assess the effectiveness of the controls in preventing or detecting exploitation of the exposures.