Presentation is loading. Please wait.

Presentation is loading. Please wait.

Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA.

Similar presentations


Presentation on theme: "Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA."— Presentation transcript:

1 Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA

2 2 SECURITY OBJECTIVES SECRECY (CONFIDENTIALITY) INTEGRITY AVAILABILITY (DENIAL OF SERVICE)

3 3 SECURITY TECHNIQUES Prevention access control Detectionauditing Tolerancepracticality good prevention and detection both require good authentication as a foundation

4 4 SECURITY TRADEOFFS SECURITY FUNCTIONALITYEASE OF USE COST

5 5 ACHIEVING SECURITY Policy what? Mechanismhow? Assurancehow well?

6 6 EVALUATION CRITERIA Policy Assurance SECURITY TARGET Mechanism PRODUCT ??

7 7 CRITERIA DATES ||||||||||| | USA ORANGE BOOK Canadian CTCPEC 1.0 | 2.0 | 3.0 | UK, Germany || France | 1.2 | European Community ITSEC 1.0 | US Federal Criteria 1.0 | Common Criteria

8 8 CRITERIA RELATIONSHIPS USA ORANGE BOOK UKGermanyFranceCanada European Community ITSEC Federal Criteria DRAFT Common Criteria PROPOSED

9 9 COMMON CRITERIA & PRODUCT EVALUATION INTERNATIONAL COMPUTER MARKET TRENDS MUTUAL RECOGNITION OF EVALUATIONS COMPATIBILITY WITH EXISTING CRITERIA SYSTEM SECURITY CHALLENGES OF THE 90'S DRIVING FACTORS

10 10 ORANGE BOOK USA ORANGE BOOK UKGermanyFranceCanada European Community ITSEC Federal Criteria DRAFT Common Criteria PROPOSED

11 11 ORANGE BOOK CLASSES A1Verified Design B3Security Domains B2Structured Protection B1Labeled Security Protection C2Controlled Access Protection C1Discretionary Security Protection DMinimal Protection NO SECURITY HIGH SECURITY

12 12 ORANGE BOOK CLASSES UNOFFICIAL VIEW C1, C2Simple enhancement of existing systems. No breakage of applications B1Relatively simple enhancement of existing systems. Will break some applications. B2Relatively major enhancement of existing systems. Will break many applications. B3Failed A1 A1Top down design and implementation of a new system from scratch

13 13 ORANGE BOOK CRITERIA SECURITY POLICY ACCOUNTABILITY ASSURANCE DOCUMENTATION

14 14 SECURITY POLICY C1C2B1B2B3A1 Discretionary Access Control++ + Object Reuse + Labels ++ Label Integrity + Exportation of Labeled Information + Labeling Human-Readable Output + Mandatory Access Control ++ Subject Sensitivity Labels + Device Labels + +added requirement

15 15 ACCOUNTABILITY C1C2B1B2B3A1 Identification and Authentication+++ Audit ++++ Trusted Path ++ +added requirement

16 16 ASSURANCE C1C2B1B2B3A1 System Architecture+++++ System Integrity+ Security Testing Design Specification and Verification ++++ Covert Channel Analysis +++ Trusted Facility Management ++ Configuration Management + + Trusted Recovery + Trusted Distribution + +added requirement

17 17 DOCUMENTATION C1C2B1B2B3A1 Security Features User's Guide+ Trusted Facility Manual+++++ Test Documentation+ + + DesignDocumentation++++ +added requirement

18 18 ORANGE BOOK CRITICISMS Does not address integrity or availability Combines policy and assurance in a single linear rating scale Mixes policy and mechanism Mixes policy and assurance

19 19 POLICY VS ASSURANCE assurance C1 C2 B1 B2 B3A1 policypolicy

20 20 EUROPEAN ITSEC USA ORANGE BOOK UKGermanyFranceCanada European Community ITSEC Federal Criteria DRAFT Common Criteria PROPOSED

21 21 POLICY ASSURANCE UNBUNDLING EVALUATION POLICY or FUNCTIONALITY ASSURANCE EFFECTIVENESSCORRECTNESS

22 22 POLICY IN ITSEC Open ended Orange Book classes are grand-fathered in Some new classes are identified

23 23 ORANGE BOOK POLICY GRAND-FATHERING ITSECORANGE BOOK F-C1C1 F-C2C2 F-B1B1 F-B2B2 F-B3B3

24 24 ITSEC NEW POLICIES ITSECOBJECTIVE F-INHigh Integrity Requirements F-AVHigh Availability Requirements F-DIHigh Data Integrity during Data Exchange F-DCHigh Data Confidentiality during Data Exchange F-DXNetworks with High Confidentiality and Integrity others can be defined as needed

25 25 ASSURANCE: EFFECTIVENESS CONSTRUCTION Suitability Analysis Binding Analysis Strength of Mechanism Analysis List of Known Vulnerabilities in Construction OPERATION Ease of Use Analysis List of Known Vulnerabilities in Operational Use

26 26 ASSURANCE: CORRECTNESS ITSECORANGE BOOK (very roughly) E0D E1C1 E2C2 E3B1 E4B2 E5B3 E6A1

27 27 US DRAFT FEDERAL CRITERIA USA ORANGE BOOK UKGermanyFranceCanada European Community ITSEC Common Criteria PROPOSED Federal Criteria DRAFT

28 28 NIST/NSA Joint Work Commercial & Independent Initiatives NISTs IT Security Requirements Study Integrity Research NRC Report "GSSP" Minimum Security Functionality Requirements (MSFR) Federal Criteria for IT Security EC ITSEC Canada TPEP Orange Book Advances in Technology INFLUENCES ON FEDERAL CRITERIA

29 29 ITSEC EVALUATION Policy Assurance SECURITY TARGET Mechanism PRODUCT ??

30 30 FEDERAL CRITERIA EVALUATION Policy Assurance SECURITY TARGET Mechanism PRODUCT ?? Policy Assurance PROTECTION PROFILE ?? Vendor Supplied Customer Supplied

31 31 PROTECTION PROFILE STRUCTURE Descriptive Elements Section Product Rationale Section Development Assurance Requirements Section Functional Requirements Section Evaluation Assurance Requirements Section PROTECTION PROFILE

32 32 FROM PROFILE TO PRODUCT Protection Profile PPA = Protection Profile Analysis Protection Profiles Registry of PP1PP2... PPn Evaluation 2 Evaluation 3 Evaluation 1 PPA Security Target (ST) ST (PP) pp1ppn Product 1Product n

33 33 TOWARDS A COMMON CRITERIA USA ORANGE BOOK UKGermanyFranceCanada Common Criteria PROPOSED Federal Criteria DRAFT European Community ITSEC

34 34 EC-NA Alignment Common Criteria EC-NA Alignment Common Criteria CC Editorial Board Canada CTCPEC 3.0 ITSEC 1.2 FedCrit 1.0 Orange Book Usage Joint Technical Groups Usage & Reviews Public Comment Usage & Reviews 1994: initial target 1996: more likely ISO SC27 WG3 COMMON CRITERIA PLAN

35 35 CHALLENGES THAT REMAIN u Complexities of the open distributed computing and management environments (including use of crypto in conjunction with COMPUSEC) u Systems and composability Problems u Trusted applications development and evaluation methods, including high integrity and high availability systems u Guidance on using IT security capabilities cost effectively in commercial environments u Speedy but meaningful product and system evaluations, and evaluation rating maintenance


Download ppt "Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA."

Similar presentations


Ads by Google