Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sandeep JoshiSouthern Methodist University1 Common Criteria IT Security Evaluation By Sandeep Joshi.

Similar presentations

Presentation on theme: "Sandeep JoshiSouthern Methodist University1 Common Criteria IT Security Evaluation By Sandeep Joshi."— Presentation transcript:

1 Sandeep JoshiSouthern Methodist University1 Common Criteria IT Security Evaluation By Sandeep Joshi

2 Southern Methodist University2 List of Terms… TermMeaning CCCommon Criteria (Official ISO name is Evaluation Criteria for Information Technology Security) ClassGrouping of families that share a common focus ComponentSmallest selectable set of elements Evaluation Assurance Level (EAL) A package consisting of assurance components that represents a point on CC predefined assurance scale FamilyA grouping of components that share security objective but may differ in emphasis

3 Sandeep JoshiSouthern Methodist University3 List of Terms… TermMeaning Organizational Security Policy One or more security rules, procedures, practices or guidelines imposed by organization upon its operations PackageA reusable set of either functional or assurance components, combined together to satisfy set of security policies Protection Profile (PP) An implementation independent set of security requirements Security TargetA set of security requirements and specification to be used as a basis for evaluation of identified TOE Semi-FormalExpressed in a restricted syntax language with defined semantics

4 Sandeep JoshiSouthern Methodist University4 List of Terms TermMeaning Target Of Evaluation An IT product or system and its associated administrator and user guidance documentation, that is the subject of evaluation TOE ResourceAnything consumable or usable in TOE TOE Security Function (TSF) A set consisting of all hardware, software and firmware of the TOE that must be relied upon for the correct enforcement of TSP TOE Security Policy (TSP) A set of rules that regulate how assets are managed, protected and distributed within a TOE Trusted Channel A means by which a use and a TSF can communicate with necessary confidence to support TSP

5 Sandeep JoshiSouthern Methodist University5 History… Originated out of three standards ITSEC (Information Technology Security Evaluation Criteria) European Standard, developed in early 1990s, by UK, France, the Netherlands, and Germany TCSEC (Trusted Computer System Evaluation Criteria) Widely known as “Orange Book”

6 Sandeep JoshiSouthern Methodist University6 History… TCSEC (Trusted Computer System Evaluation Criteria) Issued by United States Government National Computer Security Council, as DoD standard 5200.28-STD, December 1985 CTCPEC ( Canadian Trusted Computer Product Evaluation Criteria)

7 Sandeep JoshiSouthern Methodist University7 History… First Draft (Version 1.0) was published in January 1996 for comments Version 2.0 was published in 1998, and was accepted by ISO as an Final Committee Draft (FCD) document Version 2.0 became ISO standard sometime in June 1999 with minor, mostly editorial modifications.

8 Sandeep JoshiSouthern Methodist University8 History Two versions of CCs were released since then… Version 2.1 was released in August 1999, and now accepted as ISO- 15408 standard Version 2.2, the newest version, released this year (2004).

9 Sandeep JoshiSouthern Methodist University9 Why should we use the CC? What support does CC have? What guarantees do CC- certified/validated products provide? Where should we start, if we want to achieve CC-certificate/validation for our product?

10 Sandeep JoshiSouthern Methodist University10 What support does CC have?.. National security and standards organizations within Canada, France, Germany, Netherlands, UK and USA worked in collaboration to replace their existing security evaluation criteria (SEC)

11 Sandeep JoshiSouthern Methodist University11 What support does CC have? Acceptance by ISO will ensure that CC rapidly becomes the world standard for security specification and evaluation Wider choice for evaluated products for consumers Greater understanding of consumer requirements Greater access to markets for developers

12 Sandeep JoshiSouthern Methodist University12 What guarantees products will provide? A sound basis for confidence that security measures are appropriate to meet a given threat and that they are correctly implemented Quantifies/measures the extent to which security has been assessed Includes an assurance scale, called as Evaluation Assurance Level (EAL)

13 Sandeep JoshiSouthern Methodist University13 Who could be affected? Common Criteria Developers Vendors Accreditors Approvers Certifiers Evaluators Consumers

14 Sandeep JoshiSouthern Methodist University14 What is CC? Overview Building Blocks Security and Functional Requirements Security Assurance Requirements Protection Profiles (PP) Security Targets (ST)

15 Sandeep JoshiSouthern Methodist University15 Overview… ConsumerDeveloperEvaluator Introduction and General Model For background and reference purposes Security Functional Requirements Guidance for formulating statement of requirements Reference when interpreting statements of functional requirements Mandatory to determine if product meets requirements Security Assurance Requirements Guidance formulating level of assurance Reference interpreting assurance requirements Mandatory to determine if product meets requirements

16 Sandeep JoshiSouthern Methodist University16 Overview

17 Sandeep JoshiSouthern Methodist University17 Building Blocks… Security Functional Requirements Grouped into 11 classes Members of each class shares common focus, but differ in emphasis Audit, Cryptographic Support, Communication, User Data Protection, Identification and Authentication, Security Management, Privacy, Protection of TOE security functions, Resource Utilization, TOE Access, Trusted Path/Channels

18 Sandeep JoshiSouthern Methodist University18 Building Blocks Audit class contains 6 families dealing with various aspects of auditing data generation, analysis, event storage etc. Each family contains one or more components Audit data generation has 2 components 1 dealing with generation of audit records 2 dealing with association of user with auditable event

19 Sandeep JoshiSouthern Methodist University19 Security Assurance Requirements… Grouped into Classes  Families  Components In all 8 basic classes and two special classes for PPs and STs Configuration Management, Guidance Documents, Vulnerability Assessment, Delivery and Operation, Life Cycle Support, Assurance Maintenance, Development, Tests

20 Sandeep JoshiSouthern Methodist University20 Security Assurance Requirements… Provides 7 predefined assurance packages Known as Evaluation Assurance Levels (EAL) Raising scale of assurance From EAL1 to EAL7

21 Sandeep JoshiSouthern Methodist University21 Security Assurance Requirements… EAL1: Functionally Tested Provides evaluation of product as made available to user Independent testing against specification Examination of guidance documents EAL2: Structurally Tested Applicable where developer/user need low  moderate level of assurance For example, legacy systems EAL3: Methodically Tested and Checked Provides analysis supported by “gray box” testing Selective confirmation of test results

22 Sandeep JoshiSouthern Methodist University22 Security Assurance Requirements… EAL4: Methodically Designed, Tested and Reviewed Low level analysis of design, and subset of implementation Independent search for vulnerability EAL5: Semi-formally Designed and Testes Analysis of complete implementation Supplemented by formal model Semiformal presentation of functional model, and high level design Search for vulnerability must ensure resistance etc

23 Sandeep JoshiSouthern Methodist University23 Security Assurance Requirements EAL6: Semi-formally Verified design and Tested Analysis with modular and layered approach to design and implementation Plus EAL5 and lower level testing EAL7: Formally Verified design and Tested Evaluation of formal model with, formal presentation of formal specification Evidence of “white-box” testing

24 Sandeep JoshiSouthern Methodist University24 Protection Profiles… What is Protection Profile? Essentially an implementation independent statement of security requirements that is shown to address threats that exists in a specified environment

25 Sandeep JoshiSouthern Methodist University25 Protection Profiles… What it contains? Introduction  PP Identification, PP Overview TOE Description TOE Security Environment  Assumptions, Threats, Organizational Security Policies Security Objectives  For TOE, For Environment IT Security Requirements  TOE Security Requirements  Functional Assurance  Security Requirements for IT environment PP Application Notes Rationale  Objectives, Requirements

26 Sandeep JoshiSouthern Methodist University26 Protection Profiles When would you want a PP? When setting standards for particular product type A government wishes to specify security requirements for a class of security products, like firewalls, etc. Or, a firm needs an IT system that addresses its security issues

27 Sandeep JoshiSouthern Methodist University27 Security Targets… What is Security Target? A basis against which evaluation is performed Contains security threats, objectives, requirements, summary specification of functions and assurance measures When is ST Needed? When submitting product for evaluation

28 Sandeep JoshiSouthern Methodist University28 Security Targets… What are the contents of ST Document? Introduction  ST Identification, ST Overview, CC conformance TOE Description TOE Environment  Assumptions, Threats, Organizational Security Policies Security Objectives  For TOE, For environment IT Security Requirements  TOE Security Requirements  Functional, Assurance  Security Requirements for IT environment TOE Summary Specification  TOE Security Function, Assurance Measures PP Claims  PP Reference, PP Refinement, Additions Rationale  Security Objective Rationale Security Requirements Rationale TOE Summary Specification PP Claims Rationale

29 Sandeep JoshiSouthern Methodist University29 Reference

30 Sandeep JoshiSouthern Methodist University30 Questions!!!

Download ppt "Sandeep JoshiSouthern Methodist University1 Common Criteria IT Security Evaluation By Sandeep Joshi."

Similar presentations

Ads by Google