Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Common Criteria Discussions CCSDS Security Working Group Fall 2007 Meeting 3-5 October 2007 ESA/ESOC, Darmstadt Germany (Hotel am Bruchsee, Heppenheim)

Published byKathlyn Jewel Logan Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Common Criteria Discussions CCSDS Security Working Group Fall 2007 Meeting 3-5 October 2007 ESA/ESOC, Darmstadt Germany (Hotel am Bruchsee, Heppenheim)"— Presentation transcript:

1 1 Common Criteria Discussions CCSDS Security Working Group Fall 2007 Meeting 3-5 October 2007 ESA/ESOC, Darmstadt Germany (Hotel am Bruchsee, Heppenheim)

2 2 Background ISO 15408 – Common Criteria for Information Technology Security Evaluation – International standard – Security requirements – Common evaluation methodology – Mutual evaluation recognition (25 countries) Protection Profiles – Designed as an “acquisition” document » Desired security services Security Targets – Designed as a vendor “technical delivery” specification » Documents the security services provided in a product with respect to a Protection Profile

3 3 Type of PPs Already Written Access control devices Boundary protection devices/systems (aka firewalls) Databases Detection devices/systems (IDS) ICs, Smart Cards, devices and systems Key Management systems Network and Network-related devices/systems Operating systems Other devices/systems (e.g., ATM, biometric, certificate issuing) Digital Signature products

4 4 Space PPs What would a space PP consist of? – Profiles of mission security requirements? » Formalization, in CC terms, of security requirements, by mission type, a la security architecture? – PPs for space ‘unique’ systems, e.g., » C&DH/command & control » Solid state recorders » Shared bus » Others?

5 5 Example – Cash Machine 1 This Protection Profile has been developed to specify the requirements in terms of functionalities and levels of assurance applicable to ACDs/ATMs. Many transactions can be carried out via an ACD/ATM. The target has therefore been deliberately restricted to matters connected with the use of a card, the identification of the cardholder (the confidentiality of the PIN, etc) and the dispensing of cash (the integrity of the interfaces with the server, etc). The target of evaluation comprises: a central processing unit (the “brain” which conditions or coordinates its overall operation), a cash dispenser (a hardware device for taking banknotes from cash cassettes and delivering them to the cardholder), a card reader (for smart cards and possibly stripe cards), an input device for the cardholder to use (subsequently termed the “keypad”). The Protection Profile relates mainly to interchanges between these various components, which are normally grouped together within a single hardware enclosure (see the diagram above), but any other architecture may be considered. 1 Bull, Dassault, Diebold, NCR, Siemens Nixdorf, Wang Global

6 6 Discussion Does this make sense? Should we attempt to do this? Will anyone use it – or even care about it? Do the National Space Agencies use the Common Criteria – or should they? – US requires FISMA (Federal Information Security Management Act) » NIST Federal Information Processing standards » No mention of CC evaluated products – What about everyone else?

Download ppt "1 Common Criteria Discussions CCSDS Security Working Group Fall 2007 Meeting 3-5 October 2007 ESA/ESOC, Darmstadt Germany (Hotel am Bruchsee, Heppenheim)"

Similar presentations

Computer Security Computer Security is defined as:

Computer Security Computer Security is defined as:
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.

1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.
International Business and Technology Consultants AMS confidential & proprietary Identification Security Meeting The New Challenge Barry Goleman American.

International Business and Technology Consultants AMS confidential & proprietary Identification Security Meeting The New Challenge Barry Goleman American.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.

Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.
The Common Criteria for Information Technology Security Evaluation

The Common Criteria for Information Technology Security Evaluation
JAIPUR 16 DEC 08 TECHNOLOGY FOR FINANCIAL INCLUSION Indian Institute of Banking & Finance N D RAO.

JAIPUR 16 DEC 08 TECHNOLOGY FOR FINANCIAL INCLUSION Indian Institute of Banking & Finance N D RAO.
Title Electronic Reading Systems Ltd. Tel. 01234 855300 www.ersltd.co.uk CAMBRIDGESHIRE DIRECT SMART CARD PROJECT TRANSACTION PROCESSING SYSTEM Mike Villers.

Title Electronic Reading Systems Ltd. Tel CAMBRIDGESHIRE DIRECT SMART CARD PROJECT TRANSACTION PROCESSING SYSTEM Mike Villers.
CLXMGCS.ppt Why Smart Cards System Overview Card Architecture Why CardLogix Smart Cards Overview FY 2001.

CLXMGCS.ppt Why Smart Cards System Overview Card Architecture Why CardLogix Smart Cards Overview FY 2001.
Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April,2007 1 Paula Ortiz López Spanish Data Protection Agency.

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, Paula Ortiz López Spanish Data Protection Agency.
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting

EDUCAUSE Fed/Higher ED PKI Coordination Meeting
POS/ATM Protection Profile for a Common European Banking Industry Approval Scheme Common Approval Scheme POI Working Group SRC Security Research & Consulting.

POS/ATM Protection Profile for a Common European Banking Industry Approval Scheme Common Approval Scheme POI Working Group SRC Security Research & Consulting.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Part 2: Computers used in Banking

Part 2: Computers used in Banking
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.
National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.

National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.

Similar presentations

Ads by Google