Professional Documents
Culture Documents
(Vanbanphapluat - Co) Tcvn8709!1!2011
(Vanbanphapluat - Co) Tcvn8709!1!2011
Uploaded by
Kiệt Thiên0 ratings0% found this document useful (0 votes)
10 views95 pagesOriginal Title
[Vanbanphapluat.co] Tcvn8709!1!2011
Copyright
© © All Rights Reserved
Available Formats
PDF or read online from Scribd
Share this document
Did you find this document useful?
Is this content inappropriate?
Report this DocumentCopyright:
© All Rights Reserved
Available Formats
Download as PDF or read online from Scribd
0 ratings0% found this document useful (0 votes)
10 views95 pages(Vanbanphapluat - Co) Tcvn8709!1!2011
(Vanbanphapluat - Co) Tcvn8709!1!2011
Uploaded by
Kiệt ThiênCopyright:
© All Rights Reserved
Available Formats
Download as PDF or read online from Scribd
You are on page 1of 95
TCVN TIEU CHUAN QUOC GIA
TCVN 8709-1 : 2011
ISO/IEC 15408-1:2009
Xuat ban lan 1
CONG NGHE THONG TIN - CAC KY THUAT AN TOAN —
CAC TIEU CHi DANH GIA AN TOAN CNTT —
PHAN 1: GIO1 THIEU VA MO HINH TONG QUAT
Information Technology — Security Techniques — Evaluation Criteria for IT Security —
Part1: Introduction and General Model
HA NOI - 2011
Léi gidi thigu..
4 Pham vi ap dung
2 Tailigu vign dan...
3 Thugt ngi va dinh nghia.
34
3.2 Cac thuat ngi va dinh nghia lién quan dén lop ADV...
3.3. Cac thuat ngty va dinh nghia lién quan dén I6p AGD...
3.4 Cac thuat ngtr va dinh nghfa lién quan dén lop ALC.
3.5 Cac thuat ng@r va dinh nghia lién quan dén lop AVA .
TCVN 8709-1:2014
Myc luc
Cac thuat ngor va dinh nghfa chung trong TCVN 8708...
3.6 Cc thuat gt va dinh nghia lién quan dén lop ACO...
4 Ky higu va thuat ngo viét tat.
5 Téng quai
5.1 Gidi thigu chung .
5.2 TOE. saemeninscaciaaier
5.2.1. Cdcm6 ta khac nhau vé TOE. 35
5.2.2 Cac cdu hinh khac nhau cia TOE 36
5.3 Bdi twang sir dung TCVN 8709. 36
5.3.1 Ngubi tidy dling... “ 36
6.3.2 Cacnha phattrién.......... 36
5.3.3 Banh gid vien : ara " eee sy
5.4 Cac phan khac nhau cia bé tiéu chudn
5.3.4 Cac déi tugng khac
5.5 Ng(rcanh danh gid 38
6 Mé hinh tdng quat 39
6.1 Gidi thiéu mé hinh téng quat —- ——— 39
6.2 Tai sn va cdc bién phap déi pho djeslizeesbeaneeeenereezes 5 39
a
63 Banhgia
7 Bién ddI thich wng cdc yéu cau an toan
7.1 Cac hoat d6ng..
7.2 Sy phy thuéc gifra cdc thanh phan.
6.2.1 Tinh day dii cia cac bién phap déi pho............
6.2.2 Tinh chinh xac cia TOE . z 42
6.2.3 Tinh chinh xac cia mdi truéng van hanh
7.1.4 Hoat déng lap...
7.1.2. Hoat dong chi gin.
7.1.3 Hoat déng la chon...
7.1.4 — Hoat dng bd sung chi titt......
TCVN 8709-1:2011
7.3. Cac thanh phan mé rong
8 Hd so bio vé va géi
81 Gi6i thigu
82 Cacgéi
83 Céchd so bio vé...
8.4 Sir dung PP va cac aii.
8.5 Slr dung nhidu Hé so bao ve...
9 Cac két qua danh gi
9.1 Gidi thigu
9.2 Cac két qua danh gia PP
9.3 Cac két qua anh gia STITOE
9.4 Tuyén bé tuan thi. :
9.5 Sir dung cdc két qua danh ois ST/TOE.
Phy luc A_(Tham khao)_Dae ta cla cac dich an toan..
Phy lye B_(Tham khdo) Dac ta cla Hé so bao v6 PP.
Phy lye C_(Tham khao)_Huéng dn vgn hanh..
Phy Iuc D_(Tham kh4o)_Tuan thd PP.
Th myc tai ligu tham kho..
CAC THUAT NGU SU’ DYNG TRONG TIEU CHUAI
CAC KY HIEU VA TU VIET TAT TRONG TIEU CHUAN..
TCVN 8709-1:2011
Loi néi dau
TCVN 8709-1:2011 hoan toan tong dong ISO/IEC 15408-1:2008
TCVN 8709-1:2011 do Trung tam Ung ctru khan cép may tinh Viét Nam bién soan, BO Thong tin va
Truyén théng dé nghi, Téng cyc Tiéu chudn Bo Ivong Chat lvgng thdm dinh, BO Khoa hoc va Céng
nghé céng bb.
TCVN 8709-1:2011
Loi gidi thigu
Tiéu chudn nay cho phép thyc hién so sanh cac két qud d4nh gia an toan déc lap. Tiéu chudn cung
cdp mét tap cdc yéu cau chung vé chic nang an toan cho cdc san phdm céng nghé théng tin (CNTT),
va va céc bién ph4p dam bao 4p dung cho céc san phdm nay trong qué trinh danh gia an toan. Cac
sn phdm CNTT nay c6 thé duéi dang phan citing, phan sun hay phan mém,
Quy trinh danh gia thiét 4p mot mite tin cay vé viée cdc chtre ndng an toan cho cdc san pham CNTT
va cdc bién php dm bao dp dung cho chting tha man cdc yéu cau néu trén. Cac két qua dénh gid co
thé gitip ngurdi ding xac dinh xem s4n phdm hoac hé théng CNTT cé théa man yéu cau dam bao an
toan cla ching hay khéng
TCVN 8709 la mot chi dn bé ich cho phat trién, danh gid vashoac dau tur cc’ sén phim CNTT voi
chire nang an toan.
TCVN 8709 cé tinh m&m déo, cho phép dp dyng nhidu phurong phap danh gid cho nhidu dac tinh an
toan cia da dang san phdm CNTT. Chinh vi vay, ngudi ding tiéu chudn nay can than trong khi 4p
dung 48 trénh lam dung né. Vi dy, néu sir dung TCVN 8709 két hop véi cae phyong phap danh gia
khéng phi hyp, cdc dc tinh an toan khéng thich hgp, ho&c céc san phdm CNTT khéng phi hop sé
d&n dén cc két qua danh gid v6 nghia.
Do vay, thy t8 la m6t sn phdm CNTT d8 durgc danh gid chi c6 ¥ nghfa trong pham vi ngtr canh cdc
dac tinh an toan durge danh gid voi cdc phuong phap danh gia cy thé 4a sir dung. Cac co quan danh
gia can kiém tra than trong cdc san phdm, dc tinh va cdc phuong phap dé xac dinh ré viéc danh gid
dem lai két qua cé nghia. Ngoai ra, ngudi mua cdc s4n phdm 44 dugc dénh gia cling can. xem xét ky
lwéng ngiy canh nay 48 xéc dinh xem san phdm da danh gia c6 hiu ich va dp dung duge cho truéng
hop cy thé cia minh va dap tng yéu cau hay khong
TCVN 8709 dé cap dén viée bao vé tai sdn théng tin chéng cdc truy nhap trai phép, cdc sira di hose
mAt mat trong st dung. Phan loai bdo vé lién quan dén ba kiéu Idi an toan ké trén tong ung vdi tinh
bi mét, tinh toan ven va tinh sn sang. TCVN 8709 cting c6 thé 4p dung cho cdc danh gid ngoai ba
nhém trén. TCVN 8709 dp dung cho cac rui ro phat sinh tir cc hanh vi cla con ngudi (4c y hoa ly do
khac), va cho cdc ri ro khéng do con ngudi tao ra. Ngoai an toan CNTT, TCVN 8708 cé thé 4p dung
cho cae Tinh vyre CNTT khc, song khéng cé rang bude nao khi dp dyng cho cdc inh vue 46.
Mét sé chii dé do lién quan dén cac ky thuat dac biét hoc do chting ném ngoai linh vyc an toan CNTT
sé duge coi [4 nam ngoai pham vi TCVN 8709. Mét sé cht dé trong sé dé nhu sau:
a) TCVN 8709 khéng gm céc tiéu chi dénh gid an toan gain lién véi cdc bién phdp an toan quan ly
kh6ng lién quan tryc tiép t6i chive nang an toan CNTT. Tuy vay, cing phai thiva nhén rang an
toan co ban thuréng dat dug théng qua hode dugc hé tro bdi cac bién phap quan ly vi dy va
mat t8 chive, nhan su, vat ly va cac thi tuc kiém soat.
b) Banh gid cdc khia canh vat ly kj thuat cla an toan CNTT vi dy nhu kiém soat dé ri théng tin
qua dign tir trang khong durgc dé cap riéng biét, mac du nhiéu khai niém da dé cap cé thé Ap
dung cho finh vue nay.
¢) TCVN 8709 khéng 48 cap dén hé phurong phap danh gid ma céc tiéu chi nay s8 dugc 4p dung.
Hé phuong phap nay duoc néu trong ISO/IEC 18045,
TCVN 8709-1:2011
d) TCVN 8709 khéng 48 cp dén bd khung phép ly va quan ly ma céc tiéu chi nay sé dugc 4p
dung béi cdc co quan danh gid. Tuy nhién, c6 thé coi la TCVN 8709 88 dug si dung cho cdc
myc dich anh gid trong ngt cdnh cdc bé khung 46.
e) Céc thii tue sir dung cae két qua danh gia dé céng nhan nam ngoai pham vi TCVN 8709. Céng
nhan [a mét quy trinh quan Ij trong 46 cho phép quyén Khai thac mét san phdm CNTT (hodc
mét tap cdc san phdm) trong méi truéng hoat déng day aii cia né bao gdm tat ca cdc phan phi-
CNTT. Cac két qué ctia quy trinh @anh gia la dau vao cho quy trinh céng nhan. Tuy nhién, do
cc kf thuat khac thuéng phi: hop hen cho viée danh gia cac dac tinh phi CNTT va méi quan
hé cilia chung voi cac thanh phan an toan CNTT, viée céng nhan can xem xét riéng cac khia
canh nay.
f) Chi @8 tigu chi danh gia cho chat long von cé cia cac thuat toan ma héa khéng ndm trong
‘TTCVN 8709. Néu cdn o6 danh gid dc lap cho cdc dc tinh toan hgc olla ma héa, luge a8 dénh
gia 4p dung TCVN 8709 sé phai cung cp thém cac danh gia nay.
Cac thuat ng@ ISO, nhu “c6 kha nang’, “tham khdo",“co thé", “bat budc’, "cn" va “nén” siv dyng xuyén
suét trong van ban tiéu chudn durgc dinh nghia trong Cac chi thj ISO/IEC, phan 2. Luu y ring khdi
nigm “nén” co nghia bd sung khi 4p dung tigu chudn nay. Xem lwu y dui day. Binh nghia sau day quy
Ginh vige str dung tir "nén” trong TCVN 8708.
Nen
Trong van ban quy chun, tir ‘nén’ diing 48 biéu thi “trong mot sé khd n&ng, o6 mét kha nang duoc
khuyén nghj la 4c biét thich hyp ma khéng can quan tam hay loai triy nhtng kha nang khac, hoaic mot
dién bién hanh dong nao 46 duge coi la wa chuéng cht khong can bat budc” (ISO/IEC Directives, Part
2).
CHU THICH: TCYN 8709 gia thich cum tir “khong can bat budc” nghTa la vibe Iya chen mét kha ng Khe dl hi phd gid
{hich vi sao phuong &n ua chung hon khong duc chen.
TCVN 8709-1:2011
TIEU CHUAN QUOCGIA TCVN 8709-1:2011
Céng nghé théng tin — Cac ky thuat an toan ~ Cac tiéu chi danh
gia an toan CNTT —
Phan 1: Giéi thigu va mé hinh téng quat
Information Technology — Security Techniques — Evaluation Criteria for IT —
Part 1: Introduction and general mode!
4 Pham vi dp dung
Tiéu chudn nay thiét lap cdc khai niém va nguyén ly chung cho danh gid an toan CNTT va dac t& mo
hinh danh gid téng quat tao béi c4c phan cla tiéu chudn quéc té mét cach toan dién, duge sir dung
lam co s& cho danh gia cc thudc tinh an toan cla céc sin phdm CNTT.
Tiéu chudn nay trinh bay téng quan vé cdc phn cia b6 TCVN 8709. Né mé ta cac phan cilia chudn;
dinh nghia cac khai nigm va cdc tl viét tat str dung xuyén sudt trong toan bé céc phan cla tiéu chudn;
thiét lap khai niém cét I6i vé Bich danh gia (TOE); ngt canh danh gid; mé ta dbi tgng doc gid ma cdc
tigu chi danh gia huéng dén. Tiéu chudn nay cling dua ra cdc khai niém an toan co ban can thiét cho
viéc danh gia cac san phdm CNTT.
Tiéu chudn dinh nghia céc thao tac lam co sé dé dura ra cac thanh phan chic nang trong TCVN 8709-
2.va céc thanh phn dam bdo trong TCVN 8708-3 théng qua viéc st dung cdc thao téc cho phép.
‘Cac khai niém co ban vé Hd so bdo vé (PP), cdc géi yéu cau an toan va chii dé vé tinh tuan thi sé
duoc néu; cdc hé qua danh gid va cdc két qua danh gid ciing dug mé ta. Phan nay cla tiéu chudn
va ra huéng din cho vige dc tA Dich an toan (ST) va cung cép ban mé td v8 t6 chire cdc thanh phan
xuyén suét mé hinh. Théng tin téng quan vé phuong phap luan danh gid va pham vi cdc luge dd danh
gia duoc dua ra trong ISO/IEC 18045,
2 Tai ligu vign dan
Tai ligu vién d&n sau day khéng thé thiéu dues khi 4p dung tai ligu tigu chudn nay:
TCVN 8708 — 2, "Céng nghé théng tin - Cac ky thuat an toan — Cc tiéu chi dénh gid an toan CNTT ~
Phan 2: Céc thanh phan chitc ndng an toan’.
TCVN 8709 - 3, “Céng nghé thong tin - Cac ky thuéit an toan — Céc tiéu chi dénh gié an ton CNTT -
Phan 3: Cac thanh phan dam bao an toan”.
ISO/IEC 18045, “Céng nghé thong tin - Céc ky thuét an todn - Hf phuong phép cho danh gié an toan
CNTT” (ISONEC 18045, “Information Technology - Security Techniques — Methodology for IT security
evaluation’)
©
TCVN 8709-1:2011
3 Thuat ngir va dinh nghia
Tiéu chudn nay str dyng cac thuat ng& va dinh nghia sau day.
CHU THICH: Bidu khodn nay chi gdm cfc thuSt not si dung ring trong TCVN 8709. MOt sé két hop cila cdc thuat ngir
‘chung ding trang TCVN Khing e6 trong diéu khodn nay s8 durgc gia thich r6 trong ngdcnh noi chung duge si dyng,
3.1. Cac thudt ngi va dinh nghia chung trong TCVN 8709
3.4.4
Cc hanh dgng cé hai (adverse actions)
Cac hanh dong thyrc hién béi m@t tac nhan de doa vao mét tai san.
342
Tai sn (assets)
‘Cac thye thé ma chi sé hu TOE dat gia tri vao 46.
3.4.3
Chi dinh (assignment)
Binh r6 mot tham sé dinh danh trong mét thanh phan (cia TCVN 8709) hodc mét yéu cau.
3.4.4
Bao dam (assurance)
Co sé 48 tin cay rang mét TOE théa man cac TSF.
34.6
Kha nang tan cong (attack potential) .
Ut6c lung vé kha n&ng tn cong vao TOE bigu thi qua kinh nghigm, tai nguyén va dong co cua ké tn
cong.
3.4.6
Gia tang (augmentation)
Vigc thém mdt hodc nhiéu yéu cau vao mét géi,
347
Dip ligu xac thy (authentication data) :
Théng tin dug dung 48 x4c minh dinh danh 44 tuyén bé cia mot ngudi ding.
10
TCVN 8709-1:2011
341.8
Ngwdi ding c6 thdm quy&n (authorised user)
Ngu‘di diing cé thé thy thi mt thao tac twong tng voi cdc SFR.
3.4.9
Lop (class)
Tap céc ho TCVN 8709 cing chia sé mét myc tigu chung.
3.4.10
Tinh mach lac (coherent)
Sap sép thir ty logic, c6 nghia r6 rang.
‘CHU THICH: 86 véi ta iu, thugt ng nay ding cho & ngi dung va cu tric eta van ban, bibu th vige d0c gid 06 higu duge
vn ban 66 hay khéng,
34.14
Tinh hoan thign (complete)
Tinh chat thé hign rang tét cd cdc thanh phan cn thiét cia m@t thyc thé du duge cung c&p.
3442
Thanh phan (component)
Tap nhé nhat Iva chon duge cia cac phan ttr ma cdc yéu clu c6 thé diva vao.
34.43
G6i dam bao téng hyp (composed assurance package)
G6i dam bao nay gdm cdc yéu cdu rit ra tiv TCVN 8709-3 (chil yéu ti 6p ACO), biéu th] mot aim
trong cdp 46 dam bao téng hgp 4a dinh nghia trudéc trong TCVN 8709.
3.1.14
Xée nhan (confirm)
Céng bé mét viée 4 dugc soat xét chi tiét voi viée xc dinh tinh dy du mot cach déc lap.
CHU THICH: Mire 49 chinh xac theo yéu cau phy thubc vao ban chAt cla sy vigc. Khai nigm trén chi ap dung cho ¢4c hanh
ng cia dénh gia viér:
1
TCVN 8709-1:2011
3.4.45
Tinh két néi (connectivity)
ic tinh cia TOE cho phép twong tac véi cdc thy thé CNTT bén ngoai TOE.
CHU THICH: ac tinh nay bao gdm viée trao 461 da igu qua phuong tha hitu tuyén hod v6 tuyén, qua mot khong céch
bat ky trong mot mai truréng hoc cBu hinh bat ky.
3.4.16
Tinh nhat quan (consistent)
Méi quan hé gitva hai ho&c nhidu thyre thé trong dé khéng cé sy d6i lap r6 rét nao gira ching.
34.47
Chéng 4& (counter, verb)
‘Béi dau voi mét tén céng, lam gidm thiéu tac ddng cla méi de doa song khéng nhat thiét phai loai tri
n6,
3.4.18
Tinh tuan thi dién giai gc (demonstrable conformance)
Méi quan hé giira mét ST va mét PP, trong 46 ST cung cdp mét gidi phdp dé giai quyét vdn dé an toan
‘chung néu trong PP. z
‘CHU THICH: PP va ST c6 thé chia cc phat bidu Khac nhau hoa ton ma ta v8 cdc thy the, Khai nigm,.. Khe nhau. Tinh
tuén thi didn gid duge cing thich hop vai mot kigu TOE khi t8n tai mot s6 PP tuong ty nhau, vi thé cho phép téc gid ST
tuyén b6 tuan thi ding thoi theo cc PP nay a8 gip tit kidm tho% gia.
34.49
‘Sy chieng minh (demonstrate)
Dua ra mot két ludn rt ra tir viée phan tich, tuy 6 kém chat ché hon mét "bang ching’
3.1.20
Tinh phy thuge (dependency)
Méi quan hé gidra céc thanh phan ma néu trong 46 mét yéu cau dua trén thanh phan phy thude duge
dua vao mot PP, ST hoac mét géi thi yéu cau dya trén thanh phan duc phy thudc cing thudng phai
duge dura vao PP, ST hoac géi 46.
3.1.24
Mé tA (describe)
Cung cp céc chi tiét dac trung cla mot thyc thé.
12
‘TCVN 8709-1:2011
3.4.22
Xéc dinh (determine)
Khang dinh mot két luan riéng diya trén mét phép phan tich d6c lap voi myc tiéu dat duoc mot két luan
ey thé,
CHU THICH: Vige str dung khai nigm nay ngdm chi mt phép phn tich de lap tin cby, thug ding kh thigu phan tich rude
6, So san véi cdc khal nigre’xéc nn” hay “Ind trat ngm chi mot phan tich da thy hign tnutc a6 cn tiét phi soat xt
tai
3.1.23
Méi trong phat trién (development environment)
M6i truéng dé phat trién TOE.
3.4.24
Phan tir (element)
Phat biéu co ban nhat vé mét yéu cau an toan.
3.4.25
Bao dam (ensure)
Sw bao dam vé méi quan hé nhan qua chac chan gidra mét hanh dong va cdc hé qua cla nd.
CHU THICH: Thuat ngi nay voi tir .gidp* dat treéc sé bidu thi rng hé qué khéng hodn toan chéc chan néu chi ob hanh dong
6,
3.1.26
‘Banh gia (evaluation)
‘Banh gid mot PP, mot ST hoc mét TOE theo cdc tiéu chi da xac dinh.
3.4.27
Mic bao dam danh gia (evaluation assurance level - EAL)
Tap cac yéu cau dam bao rit ra tl’ bd TCVN 8709-3, bidu thi mot diém méc trén cdp bac bao dam
duge xdc dinh trude trong TCVN 8703, tao thanh mot géi dam bao
3.1.28
Co quan danh gid (evaluation authority)
Co quan thiét lap tiéu chun va giém sat chat lugng cac danh gia dug thyc hién béi cac don vj trong
mét céng déng cy thé va la don vi thc thi TCVN 8709 cho cng déng thong qua mét luge dd danh
oid.
13
TCVN 8709-1:2011
3.4.29
Luge 8 danh gid (evaluation scheme)
BO khung quan If va quy dinh vé viée ap dung TCVN 8709 cho mét co quan danh gid trong mot cong
dong cu thé.
3.1.30
Thau dao (exhaustive)
Bic trung cla mét phuong phdp tiép cn duge sir dyng dé thye hién mot phan tich hoac hoat dong
theo mét ké hoach ré rang.
CHU THICH: Khai nim nay si dung trong TCVN 8709 chi trong dén vie héng dn phan tich hog céc hoat ding khéc. NO
lién quan dén tinh hé théng song éuge coi la manh hon. Véi nghTa nay, né khdéng chi biéu thi mdt cach tiép c&n e6 phuong
phap 6a duge ding G8 thy hign phan tich hay thyc hign ebng vide theo mot k& hoach °@ rang, ma cbn bieu thi rang ké hoach
nay la day du d8 bao dim ring 63 thyc hin theo moi con dueng eb thé.
3.4.34
Giai thich (explain)
‘Bua ra luan cr ve ly do thy hién mét hanh dong.
3.4.32
Mo rong (extension)
Bd sung thém vao mét ST hoac PP cdc yéu cau chite nang khéng chifa trong TCVN 8709-2 valhoae
cdc yéu cau dam bao khéng chira trong TCVN 8709-3.
3.1.33
Thyc thé bén ngoai (external entity)
Mot nguéi dung hay thiét bj CNTT cé thé tuong tac voi TOE tir bén ngoai ranh gidi TOE.
CHU THICH: Mot thye thé ben ngoai ed hé duge coi la mgt nguéi ding
34.34
Ho (family)
Mét nhém cc thanh phan cing chia sé mét myc tiéu giéng nhau song khaéc nhau vé tam quan trong
hay tinh chat ché.
3.4.35
Hinh thize (formal)
Cach biéu thi bang mét ngén ng@ ci phdp han ché véi ngt nghfa xac dinh trén co se cae khai niém
toan hoc durge thiét lap ro rang. -
14
TCVN 8709-1:2011
3.1.36
Tai ligu huréng dn (guidance documentation)
Tai ligu m6 ta vé vic van chuyén, chudn bi, van hanh, quan ly va/hoac sir dung cho TOE.
3.4.37
Dinh danh (identity)
Vigc biéu din céc thy thé (chang han nhur ngudi ding, tién trinh hod 6 dia) x4c dinh duy nhat trong
gi cénh cua TOE.
CHU THICH: M6t vi du vé viée biéu din nay 18 mot chubi ky ty. Bi voi ngu@i ding, bidu didn 6 thé la tén dy di, hod tén
vit tét hodc mét bi danh (duy nhét) cia nguoi ding
3.4.38
Khéng hinh thie (informal)
Cach dign ta bang ngén ng@ ty nhién.
3.1.39
Van chuy&n gitra cac TSF (inter TSF transfers)
Trao déi dé ligu gira TOE vai chive nang an toan clia cac sn phdm CNTT tin cay kha.
3.4.40
Kénh truyén théng néi bé (internal communication channel)
Kénh truyén théng gitra cdc phan tach biét cla TOE.
3.1.41
Van chuyén ngi bé TOE (internal TOE transfer)
Trao 46i dir ligu gira cdc phan tach biét cia TOE.
3.1.42
Tinh nhdt quan ndi bé (internally consistent)
La kh6ng cé ai lap rS nét nao trong moi Khia canh ca mét thyc thé.
CHU THICH: Trong tdi liu, didu nay cb nga la khéng cb phat bidu nao di fap vbi phat biBu khac.
3.1.43
Phép Ip (iteration)
La viée sir dyng lap lai mét thanh phan dé thé hién hai hode nhiéu yéu cau riéng biét.
15
TCVN 8709-1:2011
3.4.44
Bign minh (justification)
La viée phan tich 68 di dén mét két lun.
CHU THICH: Khai nigm “bign minh” chat ché hon la “align gi”. Kha nim nay di hdt tinh chinh xéc dang ké v8 vie gid thich
_m@t cdich dic biét than trong va kj lung ting bute cho mot luan et logic
3.4.45
Béi twgng (object)
” Thy thé thy déng trong TOE cé chtra hodc tiép nhan théng tin, ma dya vao dé cdc chu thé thyc thi
cc hoat déng,
3.1.46
Hoat dong (operation)
(d6i voi mét thanh phan cia TCVN 8709) la sy’ siva ddi hoc lap lai mdt thanh phan.
CHU THICH: Cac heat dng curge phép cho thanh phan a chi din, phép lp, b8 sung ci tiét va iva chon
3.4.47
Hoat dong (operation)
(464i voi mét déi tung) Ia kiéu dac trung cia mét hanh éng do mét chii thé thy hién trén mot adi
tung.
3.1.48
Moi trréng van hanh (operational environment)
MOi truéng trong 44 TOE hoat dong.
3.1.49
Chinh sch an toan cita t6 chire (organizational security policy)
Tap cac quy tac, thi tuc, hoa huréng dan an toan cho mot t8 chizc.
CHU THICH: MBt chinh sch ¢6 thé chi 4p dung cho mot mdi trvéng van hanh eu thé.
3.1.50
G6i (package)
Tap due dat tén olla cdc yéu cdu chire nang an toan ho&c dam bdo an toan-
CHU THICH: Mot vi dy vé géi la “EAL 3°
16
TCVN 8709-1:2011
3.4.51
Banh gid Hd so’ bao v6 (Protection Profile evaluation)
‘anh gid mét PP theo céc tiéu chi dinh s&n.
3.4.52
Hé so bao vé (Protection Profile - PP)
Phat biéu d6c lap vé mat thy thi cac yéu cdu cho mot kiéu TOE.
3.1.53
Ching minh (prove)
Chi ra sy phi hgp bang viée phan tich hinh thir theo cach tiép can toan hoe.
CHU THICH : Khai nigm nay chinh xéc toan dién theo moi mat, Bign hinh, khai nigm chimg minh direc ding khi mong muén
chi ra sy phi hop gitra 2 bidu didn TSF & mot mic chinh xéc cao,
3.1.54
Tinh chinh (refinement)
Bé sung thém cac chi tiét cho mét thanh phan.
3.4.55
Vai tré (role)
Mét tap cac quy tac x4c dinh truéc dé thiét lap céc tuong tac dug phép gitra mét ngudi ding va TOE.
3.4.56
Bi mat (secret)
La théng tin chi dug ngudi cé tham quyén va / hoac TSF biét 46 thyc thi mot SFP cy thé.
3.4.57
Trang thai an toan (secure state)
Trang thai ma dé ligu TSF la nhdt quan va TSF tiép tuc thy thi chudn xac cdc SFR.
3.1.58
Thugc tinh an toan (security attribute)
Cac dac tinh cla cdc chti thé, ngudi ding (bao gém cac sn phdm CNTT bén ngoai), 46i tung, théng
tin, cdc phién valhodc cac tai nguyén duge ding cho vige xac dinh cdc SFR va cdc gid tri clla ching
duge ding trong thyc thi cdc SFR.
17
TCVN 8709-1:2011
3.1.59
Chinh sach chire nang an toan (security function policy)
Tap cac quy tac mé ta hanh vi an toan cy thé dug thy thi béi TSF va durge bidu thi nhu mdt tap cc
SFR.
3.1.60
Myc tiéu an toan (security objective)
Phat biéu vé huéng déi pho véi cdc méi de doa xac dinh valhoac huéng théa man cc chinh sch an
toan xéc dinh cia t8 chite efing nh huéng thda man cdc gid dinh.
3.4.64
Van dé an toan (security problem)
Phat biéu dang hinh thirc dinh nghfa ban chat va pham vi an toan ma TOE chi y dé cap dén.
CHU THICH: Phat bidula sy két hop cla
‘Cac mi de dea ma TOE edn chéng td
‘Cac OSP duge thyc thi béi TOE, va
Gée gid dinh dat ra cho TOE va moi ttubng van hanh aa nb
3.1.62
‘Yéu cau an toan (security requirement)
‘Yeu cdu dugc phat bigu trong ngén ngér tigu chudn, ding dé dat duoc cdc myc tiéu an toan cho mot
TOE.
3.1.63
Bich an toan (Security Target- ST)
Phat biéu phy thugc thy thi vé cac yéu cau can thiét cia mét TOE xdc dinh.
3.4.64
Lya chon (selection)
Vide dinh ré mét ho&e nhiéu khoan muc tir mot danh sach trong mot thanh phan.
3.4.65
Ban hinh thire (semiformal)
Bidu thi bang mét ngén gir ctl php han ché voi ngér nghia xac dinh tse.
TCVN 8709-1:2011
3.1.66
Dic ta (specify)
La dua ra chi tiét dac trung vé mét thu thé theo mét cach chinh xac va chat ché.
3.1.67
Tuan thi: chat ché (strict conformance)
Méi quan hé c6 thi? bac gifra mot PP va mt ST trong 46 mai yéu cau 6 trong PP thi cling tdn tai trong
ST.
CHU THICH: MBI quan he nay 06 thé duge xéc dinh nhu ,ST $6 chiva tht cd cdc phat bigy 6 trong PP, nhung c6 thé chia
‘them céc phat biéu khdc’. Tuan thi chat ché dy kién ding cho céc yau cu nghiém ngal va dan gin la ching cin dugc git
agin trigt a8
3.4.68
‘anh gia ST (ST evaluation)
‘anh gid mét ST theo cdc tiéu chi dinh sn.
3.1.69
‘Chui thé (subject)
Mét thye thé chi dong thuge TOE thy thi cac thao tac trén déi tweng.
3.4.70
Dich danh gid (target of evaluation - TOE)
Mét tap phan mém, phan sun va/hoac phan ctrng cling véi tai ligu hudéng dan néu c6.
34.71
Tac nhan de dga (threat agent)
Thue thé c6 thé gay tac dong khéng mong muén vao tai san.
3.4.72
Banh gid TOE (TOE evaluation)
‘Banh gia mét TOE theo cac tiéu chi dinh san.
3.4.73
Tai nguyén TOE (TOE resource)
Nhéng gi dug dung hoac tiéu tén trong TOE.
19
TCVN 8709-1:2011
34.74
Chirc nang an toan cita TOE (TSF-TOE security functionality)
Tinh nang két hop tat cd phan ctyng, phan mam, va phan syn clia TOE ma dya vao 46 TOE méi thye
thi dugc chinh xac cdc SFR.
3.4.78
Theo dau (trace, verb)
Thue hign phan tich phi hop mét céch khéng hinh thize gifva hai thye thé chi & mirc 4 chinh xéc tdi
thidu.
3.1.76
Van chuyén bén ngoai TOE (transfers outside of the TOE)
‘Trung chuyén dir ligu dén cac thyc thé ngoai tam kiém soat ctia TSF.
34.77
Chuyén di (translation)
Qua trinh mé td cdc yéu cau an toan sang mét ngén ng@ tiéu chudn.
‘CHU THICH: Khai nigm chuyén 43i trong ng enh nay Khong €6 nga dich thugt va khong ngbm chi ing mi SFR biBu diy
trong ngén ngtr chudn 0 thé duge dich nguge li thanh cde myc tu an tod :
3.4.78
Kénh tin cay (trusted channel)
Phuong tin qua 46 mét TSF va mét san phdm CNTT tin cay khdc cé thé lién lac voi nhau & 49 tin cay
can thidt,
3.4.79
‘San phdm CNTT tin cay (trusted IT product)
‘San phdm CNTT — khéng phai la TOE — ma cdc yéu cu chic nang an toan cia né két hop v8 mat
quan tri voi TOE va dugc gid thiét 1a 48 thyc thi cac yéu cau chire nang an toan cia né mét céch
chudn xac.
CHU THICH: Vi dy v8 mot sin phBm CNTT tin eAy €6 thé amt sn phdm 68 durye dénh gid tach bidt Khe
3.1.80
Duéng dan tin cay (trusted path)
Phuong tién dé mét ngudi ding va TSF cé thé truyén théng vei nhau & mirc tin twdng can thiét
20
TCVN 8709-1
3.1.81
Dor ligu TSF (TSF data)
Da ligu cho viée hoat dong ma TOE dua vao dé thyc thi cdc SFR.
3.4.82
Giao dign TSF (TSF interface)
Phuong tién 4& mot thuc thé bén ngoai (hoac chi thé thugc TOE nhung nam ngoai TSF) cung cdp dir
ligu cho TSF, nhan dO ligu tir TSF va thy thi céc dich vu tir TSF.
3.1.83
Dir ligu nguai ding (user data)
Dé ligu dung cho ngwéi ding va khéng anh huéng dén hoat dong cia TSF.
3.1.84
Tham tra (verify)
Soat xét ky & mUc chi tiét voi viée xc dinh doc lap vé tinh day di.
CHU THICH: Xem khat nigm "Xe nhgn’ (8 3.1.14). Khai nig ,thdm tra" o6 y nghia chat ch8 hom. Nb durge ding trong ngt
‘céinh cdc hanh dong ciia dénh gid vién, trong 46 di hai sy nB lye doc lap cia danh gid ven.
3.2 Cac thugt ng@ va dinh nghia lién quan dén lop ADV
CHU THICH: Cac kha nim sau durgc dung trong cdc yéu cu di v6i kién tric ben trong phn mém. Mt s6 Khai nig rit ra
{i IEEE Std 610.12-1990 - Tap cdc khai nigm chudn trong céng nghé phan mém cila Vign Céng nghé Dign va ign ti.
3.24
Ngwéi quan tr] (administrator)
Thy thé co mic 6 tin c@y tong ting véi moi chinh sch thye thi béi TSF.
CHU THICH: Khang phat tht od PP hoge ST gid inh ob cing mac tin By cho ngubi quan ti. Cc nha quan ti din hinh dug
oi tung thanh moi lc voi cdc chinh sch rong ST cia TOE. Mét sd chinh sich thé ign quan dn chic ning cia TOE,
m@t s6 Kha 6 thé lién quan abn mai rung van han
3.2.2
Cay truy xuat (call tree)
Xe dinh céc m6 dun trong mét hé théng theo dang biéu dé, chi ra nhi¢ng mé dun nao goi dén mgt mo
un khac.
CHU THICH: Van dung theo IEEE Std 610.12-1990.
3.23
Tinh gan két (cohesion)
Céch thirc va mize d6 chat ché ca mé dun lién quan dén mot mé dun khdc cila cdc tac vy thyc hign
21
TCVN 8709-1:2011
béi mot mé dun phan mam don lé, (Theo IEEE Std 610-12-1990).
CHU THICH: Cac kidu gin két gdm: ki tring hop, truyén théng, tish nang, loge, tun ty va tam thor. Cac kibu gin Kat nay
dugc mé ta bdi mot khai niém tong ding néu trén.
3.24
Gan két tring hyp (coincidental cohesion)
Mé un v6i cdc dc trung cia viée thy hign céc hanh déng lién quan hoa lién quan léng léo. (Theo
IEEE Std 610-12-1990).
CHU THICH: Xem Khai nigm 3.2.3 6 tren.
3.2.5
Gan két truyén théng (communicational cohesion)
Mé dun chtra cac chire nang tao ra két xudt cho hoac diing két xudt lay tir cde chive nang kha trong
cing mé dun.
(Theo IEEE Std 610-12-1990),
CHU THICH 1: Xem knai nigm 3.2.3 6 tren
CHU THICH 2: Vi dy v8 mat m8 dun gn ket truyen thdng 18 m8 dun kim tra tray nh@p, m6 dun nay chira cde ham kiém
tra bdt bude, tuy bién va kidm traning Ive.
3.26
BG phire tap (complexity)
Bai lung do mirc 46 khé higu cia phan mam, khé a8 phan tich, kiém thir va duy tri né.
(Theo IEEE Std 610-12-1990).
CHU THICH: Giém 49 phitc tap la dich chung cia viée str dung phuong phap phan ra mé Gun, phan Isp va ti gién hoa,
GGhep albu khidn va gn kéte6 vai tro quan trong a8 dat muc dich nay.
Mot nd lye trong inh wc cng nghé phin mam da thé hién trong viéc 6 gang phat trién céc thud do d8 do krong 4 phic
tap cla ma ngudn, Hau hét cde thuréc Go nay sir dung cée dc tinh dB tinh toa cda ma ngudn nhur 6 céc bidu thie va togn
hang. a phite tap cia 6 thjludng diéu khién (4% phic tap ving lap), 86 cdc déng mA nguén, ti 18 chi gidi so voi ma thy
hig, va c&c thuée do twong ty Khac. Cac chudn ma héa cling 48 due tim ra dB c6 céng cu hitu ich trong vie tao ma sa0
cho d nidu hon,
Ho ni bO TSF (ADV_INT) goi dén mét ham phan tich & phiéc tap trong moi thanh phn ca ching, Két qua dy kidn la nha
phat tridn s8 dua ra hé tro cho céc ati hdl vé viec da cb gidm déng ké trong dé phurc tap. HE tre nay c6 thé gdm cdc chudn
lap trinh cho nha phat trién, va mot chi s6 v8 viéc moi m& dun théa man tiéu chun (hoc cé mot sb ngoai If durgc big minh
bang céc luan cir cong nghé phn mém). Né cé thé chira cdc két quai cila cdc bd céng cy ding d8 do lwgng mot sé tinh chat
‘cla m& nguén, ho8e c6 thé chia h8 tre” khac cho nha phat trién cn aén,
3.2.7
Ghép néi (coupling)
Cach thire va mirc a6 clia sy kh6ng lién thudc gidra cac md dun phan mém.
(Theo IEEE Std 61-12-1990).
22
: TCVN 8709-1:2011
CHU THIGH: Cac kidu ghép ndi gdm ghép nbitruy xubt, ghép nbi chung va ghép ni ngi dung (xem bén dui.
3.28
Ghép néi truy xuét (call coupling)
‘Quan hé gitra hai m6 Gun trao dBi véi nhau mét cach chat ché qua cdc Idi goi ham chire nang éuoc
ghi Iai tai ligu.
CHU THICH: Vi dy vé ghép néi truy xudt fa dt liu, nhin tem va éibu khi8n. (Kem phn tip theo).
3.2.9
Ghép néi truy xudt (call coupling)
(vé dé? ligu). Quan hé dé ligu gira hai mé dun trao d4i chat ché voi nhau théng qua viée sir dyng céc
tham sé biéu dién cac biéu thirc dir ligu don Ié.
CHU THICH: Xem ghép n6i truy xuat (3.2.8)
3.2.10
Ghép néi truy xuat (call coupling)
(v8 nhan tem). Quan hé vé nhén tem gitra hai m6 dun trao di v6i nhau théng qua viéc si dung cdc
tham sé Idi goi c6 chtra nhiéu trudng hod 66 cac cau triic bén trong 06 nghia,
CHU THICH: Xem ghép ndi truy xubt (3.2.8)
3.2.41
Ghép néi truy xudt (call coupling)
(vé diéu khién). Quan hé vé diéu khién gitra hai mé dun néu mét mé dun chuyén théng tin ma nd dinh
giri 48 gay anh huéng dén logic bén trong cia mé dun kia.
CHU THICH: Xem ghép n6itruy udt (3.2.8)
3.2.42
‘Ghép néi chung (common coupling)
Quan hé gitra hai mé dun cling chia ser mét ving di liu chung hoac mét tai nguyén hé théng chung
khac.
CHU THICH: Cac bién toan oye chi ra ring cdc mé dun si dung cdc bién toan cye nay Ia cdc ghép nbi chung. Ghép nbi
‘chung théng qua céc bién foan cye nhin chung ge phép, song chi & mie 4% han ché,
Vi dy: Cac bién duge Bt trong mot ving ton cue, song chi ding trong mét m6 dun, s8 coi ld Gat ch sai va cn phai hily bé.
Cac yéu t6 kha cn dug xem xét khi danh gia mire & phit hop cia cdc bin toan oye la
= S6 cdc m6 dun c6 siza di mat bién toan aye: Ni chung, chi mét m6 dun don nén durge cp cho tech nhigm kibm
‘s04t ni dung cia mét bin tod cue. Tuy nhién c6 thé cé cdc tinh hung trong 46 met mé dun thir hai cb thé chia s&
{réch nhigm nay. Trong tinh huéng 46, cn cb sy bin minh thda dang. Khéng thé chp nhan due vige chia sé
tréch nhigm trén cho nhiu hon hai mé éun, (B& thyc hin Ganh gid nay, cn than trong khi xdc dinh m6 dun thy sur
6 trach nhigm 66i véi noi dung cla bién. Vi dy, néu cb 1 trinh don I& dung a8 sire d8i bién nay, song tinh nay don
sin chi thu hign viée stra di theo yéu cu cla mé dun goi dén n6, thi mé Gun nay l& mé dun chiu tréch nhigm va
23
TCVN 8709-1:2011
6 thé c6 nhigu hon mot mo dun niu’ vay). Tiép 46, ve vige xde dinh 4 phite tap, néu Z m6 Gun e6 tr&ch nhiem ai
Vi ndi dung cia bidn toan cyc, can c6 cAc chi s6 18 rang vb mirc & phdi hap gitra céc sia dBi nay.
‘SO cc m6 dun cb tham chiéu dén 1 bién toan eyo: Mac di nin chung khong oé han ché nao v8 sb lung cae mo
‘dun cé tham chidu Gn 1 bién toan cy, cdc trréng hep nhiéu ms dun ¢6 tham chiéu tuong ty sé cdn dirge kiém tra
vé tinh hgp Id va sy c&n tide
A3
Ghép néi ngi dung (content coupling)
Quan hé gifra hai m6 dun trong 66 mét md dun tao tham chiéu tryc tiép dén ndi dung bén trong cia
mé dun kia.
CHU THICH: Cac vi dy nhu: siz di ma cis - node tham chiu ede nna ng bo t6i- mo dun khde. Két qua la mot 66 hobe
toan bd ndi dung cia mot md dun dugc ghép hiéu qua vao md dun kia. Viéc ghép ndi noi dung c6 thé lién tuéng giéng nhur
vie st dung céc giao dign m6 dun khéng quang cde, Day a cdich 4 Igp vbi ghép nb ruy xudt chi sit dung cde giao dién mo
‘dun quing co
3.2.44
Phan cach mién (domain separation)
Dc tinh kién tric bao an trong dé TSF dinh nghia céc mi&n an toan tach bigt cho mdi nguoi dling va
cho TSF va bdo dém rang khéng cé mot tién trinh ngudi dung nao 6 thé anh huréng dén ndi dung ca
mét mién an toan cua ngurdi khac hod cia TSF.
3.2.15
Gan két chive nang (functional cohesion)
Bac tinh ctia mot mé dun 48 thy hién céc hanh dong lién quan dén mot myc dich riéng.
(Theo IEEE Std 610-12-1990).
CHU THICH: Mot m6 dun gan kat chire nang chuydn 481 mot kiBu dan ca dau vao thanh mot kidu don du ra, vi dy nhur mot
nb quan tr t8e vy hoe quan tri hang doi (xem them tinh gén két & 3.2.3),
3.2.16
Twong tac (interaction)
Hoat déng dva trén viéc truyén théng chung gitra cdc thu thé.
3.2.47
Giao dign (interface)
Phuong tién tuong tac vi mét thanh phan hoac mét mé dun.
3.2.18
Phan lép (layering)
Ky thuat thiét ké trong 46 cdc nhém mé dun tach biét (cdc lop) duge t3 chtrc phan cp dé cé trach
nhiém ring biét sao cho mét ldp chi phy thudc vao dich vy cc Iép bén dui né, va cung c4p dich vu
24
TCVN 8709-1:2011
chi cho cac Iép trén n6.
CHU THIGH: Phan l6p chat ché b8 sung diéu kign 1a mi lop chi nhan dich wy tr lop Ingay dursi nd va cung cp dich vu chi
cho lop ngay tran né,
3.219
Gan két logic, gan két thd tue (logical cohesion, procedural cohesion)
Céc dc trung cia mét mé dun thy hién cae déng thai giéng nhau trén cdc cu true dé ligu khdc
nhau.
CHU THICH: Mot m6 dun biéu thi gn két logic Khi céc chic nang cia né thyc hign cdc hanh dong lién quan song kha bist
= 6 céc du ra khac nhau (xem tinh gn két 6 3.2.3).
3.2.20
Phan tach mé dun (modular decomposition)
Qué trinh chia mét hé théng ra nhiéu thanh phan dé thuan tién cho thiét ké, phat trién va dénh gid.
(Theo IEEE Std 610-12-1990).
3.2.21
Kha nang khéng di vong (non-bypassabilty)
(ca TSF) 14 dc tinh kién tric an toan trong 46 moi hanh dong lién quan dén SFR duge déu due
trung chuyén qua TSF. :
3.2.22
Mién an toan (security domain)
‘Tap hop tai nguyén ma mot thurc thé cha dong c6 dac quyén truy nhap dén.
3.2.23
Gan két tuan ty (sequential cohesion)
Mo dun chiza céc chite nang ma két xuat clia méi chire nang nay la dau vao cho chire nang tiép theo
trong mé dun.
(Theo IEEE Std 610-12-1990),
CHU THICH: Mét vi dy ve m6 dun gan két tudn ty la mé dun 6 chia céc chitc nang 68 ghi cdc ban ghi kiém todn va a8 duy
tri mtb dém dong vé 36 lrong tich ldy cdc vi pham kim ching cia mat kidu dBc trung.
3.2.24
Céng nghé phan mém (software engineering)
Ung dung cach tiép can dinh lwgng, c6 hé théng, c6 nguyén tae cho viée phat trién va bao tri phan
mém, nghia la Wing dung ky thuat cho phan mam.
(Theo IEEE Std 610-12-1990).
25
You might also like
- The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good LifeFrom EverandThe Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good LifeRating: 4 out of 5 stars4/5 (5814)
- The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You AreFrom EverandThe Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You AreRating: 4 out of 5 stars4/5 (1092)
- Never Split the Difference: Negotiating As If Your Life Depended On ItFrom EverandNever Split the Difference: Negotiating As If Your Life Depended On ItRating: 4.5 out of 5 stars4.5/5 (845)
- Grit: The Power of Passion and PerseveranceFrom EverandGrit: The Power of Passion and PerseveranceRating: 4 out of 5 stars4/5 (590)
- Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space RaceFrom EverandHidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space RaceRating: 4 out of 5 stars4/5 (897)
- Shoe Dog: A Memoir by the Creator of NikeFrom EverandShoe Dog: A Memoir by the Creator of NikeRating: 4.5 out of 5 stars4.5/5 (540)
- The Hard Thing About Hard Things: Building a Business When There Are No Easy AnswersFrom EverandThe Hard Thing About Hard Things: Building a Business When There Are No Easy AnswersRating: 4.5 out of 5 stars4.5/5 (348)
- Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic FutureFrom EverandElon Musk: Tesla, SpaceX, and the Quest for a Fantastic FutureRating: 4.5 out of 5 stars4.5/5 (474)
- Her Body and Other Parties: StoriesFrom EverandHer Body and Other Parties: StoriesRating: 4 out of 5 stars4/5 (822)
- The Emperor of All Maladies: A Biography of CancerFrom EverandThe Emperor of All Maladies: A Biography of CancerRating: 4.5 out of 5 stars4.5/5 (271)
- The Sympathizer: A Novel (Pulitzer Prize for Fiction)From EverandThe Sympathizer: A Novel (Pulitzer Prize for Fiction)Rating: 4.5 out of 5 stars4.5/5 (122)
- The Little Book of Hygge: Danish Secrets to Happy LivingFrom EverandThe Little Book of Hygge: Danish Secrets to Happy LivingRating: 3.5 out of 5 stars3.5/5 (401)
- The World Is Flat 3.0: A Brief History of the Twenty-first CenturyFrom EverandThe World Is Flat 3.0: A Brief History of the Twenty-first CenturyRating: 3.5 out of 5 stars3.5/5 (2259)
- Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New AmericaFrom EverandDevil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New AmericaRating: 4.5 out of 5 stars4.5/5 (266)
- The Yellow House: A Memoir (2019 National Book Award Winner)From EverandThe Yellow House: A Memoir (2019 National Book Award Winner)Rating: 4 out of 5 stars4/5 (98)
- A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True StoryFrom EverandA Heartbreaking Work Of Staggering Genius: A Memoir Based on a True StoryRating: 3.5 out of 5 stars3.5/5 (231)
- Team of Rivals: The Political Genius of Abraham LincolnFrom EverandTeam of Rivals: The Political Genius of Abraham LincolnRating: 4.5 out of 5 stars4.5/5 (234)
- On Fire: The (Burning) Case for a Green New DealFrom EverandOn Fire: The (Burning) Case for a Green New DealRating: 4 out of 5 stars4/5 (74)
- The Unwinding: An Inner History of the New AmericaFrom EverandThe Unwinding: An Inner History of the New AmericaRating: 4 out of 5 stars4/5 (45)
