Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.

Slides:



Advertisements
Similar presentations
Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA.
Advertisements

THE ORANGE BOOK Ravi Sandhu ORANGE BOOK CLASSES A1Verified Design B3Security Domains B2Structured Protection B1Labeled Security Protection.
Security Requirements
Module 1 Evaluation Overview © Crown Copyright (2000)
University of Tulsa - Center for Information Security Common Criteria Dawn Schulte Leigh Anne Winters.
Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.
Secure Systems Research Group - FAU Process Standards (and Process Improvement)
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
4/28/20151 Computer Security Security Evaluation.
CS526Topic 22: TCSEC and Common Criteria 1 Information Security CS 526 Topic 22: TCSEC and Common Criteria.
Information Security of Embedded Systems : Design of Secure Systems Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
Chapter 16: Standardization and Security Criteria: Security Evaluation of Computer Products Guide to Computer Network Security.
Effective Design of Trusted Information Systems Luděk Novák,
The Common Criteria for Information Technology Security Evaluation
IT Security Evaluation By Sandeep Joshi
1 norshahnizakamalbashah CEM v3.1: Chapter 10 Security Target Evaluation.
The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.
An Overview of Common Criteria Protection Profiles María M. Larrondo Petrie, PhD March 26, 2004.
, Name, Folie 1 IT Audit Methodologies.
Security Models and Architecture
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
Security Controls – What Works
COEN 351: E-Commerce Security Public Key Infrastructure Assessment and Accreditation.
Stephen S. Yau CSE , Fall Evaluating Systems for Functionality and Assurance.
National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.
Fraud Prevention and Risk Management
1 A Common-Criteria Based Approach for COTS Component Selection Wes J. Lloyd Colorado State University Young Researchers Workshop (YRW) 2004.
Gurpreet Dhillon Virginia Commonwealth University
1 Anthony Apted/ James Arnold 26 September 2007 Has the Common Criteria Delivered?
A Security Business Case for the Common Criteria Marty Ferris Ferris & Associates, Inc
Evaluating Systems Information Assurance Fall 2010.
ISA 562 Internet Security Theory & Practice
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
ETICS2 All Hands Meeting VEGA GmbH INFSOM-RI Uwe Mueller-Wilm Palermo, Oct ETICS Service Management Framework Business Objectives and “Best.
Lecture 15 Page 1 CS 236 Online Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Background. History TCSEC Issues non-standard inflexible not scalable.
1 Common Criteria Ravi Sandhu Edited by Duminda Wijesekera.
Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.
The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;
CACR CC Briefing Stephen Booth Computer and System Security Section Communications Security Establishment
Common Criteria V3 Overview Presented to P2600 October Brian Smithson.
CMSC : Common Criteria for Computer/IT Systems
TM8104 IT Security EvaluationAutumn CC – Common Criteria (for IT Security Evaluation) The CC permits comparability between the results of independent.
Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Unit OS7: Security 7.1. The Security Problem.
Security fundamentals Topic 2 Establishing and maintaining baseline security.
Security consulting What about the ITSEC?. security consulting What about the ITSEC? Where it came from Where it is going How it relates to CC and other.
1 Using Common Criteria Protection Profiles. 2 o A statement of user need –What the user wants to accomplish –A primary audience: mission/business owner.
SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:
Trusted Operating Systems
TM8104 IT Security EvaluationAutumn Evaluation - the Main Road to IT Security Assurance CC Part 3.
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
Chapter 8: Principles of Security Models, Design, and Capabilities
Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University
CSCE 727 Awareness and Training Secure System Development and Monitoring.
Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 5: Security Architecture and Models.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
1 Security Architecture and Designs  Security Architecture Description and benefits  Definition of Trusted Computing Base (TCB)  System level and Enterprise.
1 Trusted OS Design CS461/ECE Reading Material Section 5.4 of Security in Computing.
Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.
Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.
The Common Criteria for Information Technology Security Evaluation
Ch.18 Evaluating Systems - Part 2 -
UNIT V QUALITY SYSTEMS.
2006 Annual Research Review & Executive Forum
Official levels of Computer Security
THE ORANGE BOOK Ravi Sandhu
IT SECURITY EVALUATION ACCORDING TO HARMONIZED AND APPROVED CRITERIA
Presentation transcript:

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems

Computer Science CSC 474Dr. Peng Ning2 What are Security Criteria? (User view) A way to define Information Technology (IT) security requirements for some IT products: –Hardware –Software –Combinations of above (Developer view) A way to describe security capabilities of their specific product (Evaluator view) A tool to measure the confidence we may place in the security of a product.

Computer Science CSC 474Dr. Peng Ning3 History of IT Security Criteria Orange Book (TCSEC) 1985 ITSEC 1991 UK Confidence Levels 1989 Federal Criteria Draft 1993 Canadian Criteria (CTCPEC) 1993 Common Criteria v v German Criteria French Criteria ISO FDIS ‘99

Computer Science CSC 474Dr. Peng Ning4 Trusted Computer System Evaluation Criterion (“The Orange Book”) Issued under authority of and in accordance with DoD Directive , Security Requirements for Automatic Data Processing (ADP) Systems Purpose is to provide technical hardware/firmware/software security criteria and associated technical evaluation methodologies in support of overall ADP system security policy, evaluation and approval/accreditation responsibilities promulgated by DoD

Computer Science CSC 474Dr. Peng Ning5 Fundamental Computer Security Requirements What it really means to call a computer system "secure" Secure systems control access to information –Only properly authorized individuals, or processes operating on their behalf may: Read Write Create Delete Two sets of requirements: –Four deal with what needs to be provided to control access to information –Two deal with how one can obtain credible assurances that this is accomplished in a trusted computer system

Computer Science CSC 474Dr. Peng Ning6 Orange Book Classes A1Verified Design B3Security Domains B2Structured Protection B1Labeled Security Protection C2Controlled Access Protection C1Discretionary Security Protection DMinimal Protection NO SECURITY HIGH SECURITY

Computer Science CSC 474Dr. Peng Ning7 Functionality v. Assurance functionality is multi- dimensional assurance has a linear progression

Computer Science CSC 474Dr. Peng Ning8 Orange Book Classes — Unofficial View C1, C2Simple enhancement of existing systems. No breakage of applications B1Relatively simple enhancement of existing systems. Will break some applications. B2Relatively major enhancement of existing systems. Will break many applications. B3Failed A1 A1Top down design and implementation of a new system from scratch

Computer Science CSC 474Dr. Peng Ning9 NCSC Rainbow Series — Selected Titles OrangeTrusted Computer System Evaluation Criteria YellowGuidance for Applying the Orange Book RedTrusted Network Interpretation LavenderTrusted Database Interpretation

Computer Science CSC 474Dr. Peng Ning10 Orange Book Criticisms Mixes various levels of abstraction in a single document Does not address integrity of data Combines functionality and assurance in a single linear rating scale –They are indeed other combinations.

Computer Science CSC 474Dr. Peng Ning11 International Criteria ORANGE BOOK ITSEC CTCPEC More Flexibility in Application to Non-Military Use Broader Functionality Broader Assurance Address Functionality Directly Broader Assurance Broader Functionality Broader Assurance

Computer Science CSC 474Dr. Peng Ning12 Why New International Criteria? SECURITY CRITERIA & PRODUCT EVALUATION DRIVING FACTORS INTERNATIONAL COMPUTER MARKET TRENDS MUTUAL RECOGNITION OF SECURITY PRODUCT EVALUATIONS EVOLUTION AND ADAPTATION OF ORANGE BOOK SYSTEM SECURITY CHALLENGES OF THE 90'S A LARGER WORLD-VIEW IS NEEDED

Computer Science CSC 474Dr. Peng Ning13 CC Project In Spring 1993, the following governments agreed to develop a “Common Information Technology Security Criteria” –Canada –France –Germany –Netherlands –UK –USA - NIST and NSA Objectives –Common evaluation methodology –Mutual recognition

Computer Science CSC 474Dr. Peng Ning14 CC Three major drafts –v0.6 - circulated for comments by a limited audience in 4/94 –v0.9 - Published in 11/94 for public review –v0.1 - More definitive version in 2/96 for trial use CC Version 2.0 –Accepted as an International Standards Organization (ISO) security standard in 5/98 (ISO International Standard 15408) –US, Canada, France, Germany, and UK officially agreed on mutual recognition in 10/98

Computer Science CSC 474Dr. Peng Ning15 Common Criteria (CC) Part 1: Introduction and General Model –Terminology, derivation of requirements and specifications, PP & ST Normative Part 2: Security Functional Requirements –Desired information technology security behavior Part 3: Security Assurance Requirements –Measures providing confidence that the security functionality is effectively and correctly implemented.

Computer Science CSC 474Dr. Peng Ning16 Within Scope of CC Basis for evaluation of security properties of IT products and systems Allows independent evaluations to be compared Addresses protection of information from –unauthorized disclose (confidentiality) –modification (integrity), –loss of use (availability) Applicable to IT security measures implemented in HW, SW, and firmware.

Computer Science CSC 474Dr. Peng Ning17 Outside Scope of CC Administrative and legal application of CC Administrative security measures Physical aspects of IT security Evaluation methodology Mutual recognition arrangements Cryptographic algorithms Accreditation & certification processes

Computer Science CSC 474Dr. Peng Ning18 Terminology Protection profile (PP) Security target (ST) Target of evaluation (TOE)

Computer Science CSC 474Dr. Peng Ning19 Protection Profile Answer the question: –“This is what I want or need.” Implementation independent Protection profile authors: –Anyone who wants to state IT security needs (e.g., commercial consumer, consumer groups) –Anyone who supplies products which support IT security needs –Others (security officers, auditors, accreditors, etc.)

Computer Science CSC 474Dr. Peng Ning20 Security Target Answer the question: –“This is what I have.” Implementation dependent Security target authors –Product vendors –Product developers –Product integrators

Computer Science CSC 474Dr. Peng Ning21 PP and ST Examples PP makes a statement of implementation independent security needs –A generic OS with DAC, audit, identification and authentication ST defines the implementation dependent capabilities of a specific product –Microsoft NT (TOE) –Sun OS (TOE)

Computer Science CSC 474Dr. Peng Ning22 Security Functional Requirements Security functional requirements describe the security behavior expected of a TOE and they meet the security objectives as stated in a PP or ST Their behavior can generally be observed.

Computer Science CSC 474Dr. Peng Ning23 Functional Requirement Classes Security Audit (FAU) Communication (FCO) Cryptographic Support (FCS) User Data Protection (FDP) Identification & Authentication (FIA) Security Management (FMT) Privacy (FPR) Protection of the TOE Security Functions (FPT) Resource Utilization (FRU) TOE Access (FTA) Trusted Path (FTP)

Computer Science CSC 474Dr. Peng Ning24 Security Functional Requirements Organization Class 1 Class n Family 1 Family n Component 1Component n Element 1Element 2Element 1

Computer Science CSC 474Dr. Peng Ning25 Definitions Class – for organizational purposes; all members share a common focus –e.g., audit Family – for organizational purposes; all members share security objectives but may differ in emphasis –e.g., audit event definition, audit event review Component – contains a set of security requirements. –A component is the smallest selectable requirement set. Element – members of a component. –Elements cannot be selected individually.

Computer Science CSC 474Dr. Peng Ning26 Component Hierarchy Each family contains one or more components The relationship between components can be either –No relationship, or –A hierarchical relationship A hierarchical component –Can satisfy a dependency on the component it is hierarchical to –May provide more security than a component it is hierarchical to Hierarchical components are not selected together.

Computer Science CSC 474Dr. Peng Ning27 Component Hierarchy Examples FIA_UID User Identification12 Component 2 is hierarchical to component 1. Either 1 or 2 may be selected, but not both. FIA_SAR Security Audit Review There are no hierarchical relationship between components 1, 2, and 3. Any combination of them may be selected.

Computer Science CSC 474Dr. Peng Ning28 Security Assurance Requirements Grounds for confidence that an IT product or system meets its security objectives.

Computer Science CSC 474Dr. Peng Ning29 Assurance Requirement Classes Configuration Management (ACM) Delivery and operation (ADO) Development (ADV) Guidance documents (AGD) Life cycle support (ALC) Tests (ATE) Vulnerability assessment (AVA) Maintenance of assurance (AMA) Evaluation criteria of PP and ST (APE, ASE)

Computer Science CSC 474Dr. Peng Ning30 Security Assurance Requirements Organization Class 1 Class n Family 1 Family n Component 1Component n Element 1Element 2Element 1

Computer Science CSC 474Dr. Peng Ning31 Assurance Packages Reusable set of functional or assurance components combined together to satisfy a set of identified security objectives Currently, there are 7 assurance packages called Evaluation Assurance Levels (EAL1 – EAL7)

Computer Science CSC 474Dr. Peng Ning32 Evaluation Assurance Levels EAL0 - Inadequate assurance EAL1 - Functionally tested EAL2 - Structurally tested EAL3 - Methodically tested and checked EAL4 - Methodically designed, tested and reviewed EAL5 - Semiformally designed and tested EAL6 - Semiformally verified designed and tested EAL7 - Formally verified designed and tested

Computer Science CSC 474Dr. Peng Ning33 Relationship to TCSEC With respect to assurance, roughly –EAL0 and EAL1 ~ D –EAL2 ~ C1 –EAL3 ~ C2 –EAL4 ~ B1 –EAL5 ~ B2 –EAL6 ~ B3 –EAL7 ~ A1

Computer Science CSC 474Dr. Peng Ning34 TCSEC Status and Migration to CC Kenneth A. Minihan, Director of NSA, signed an Advisory Memorandum in April 1999 –By the end of 2001, all products which were formerly evaluated against the TCSEC will have either become obsolete or, if they have maintained their TCSEC rating and are still in use, will be transitioned to a CC rating.

Computer Science CSC 474Dr. Peng Ning35 Mutual Recognition As of 18 October 1999 –US –Canada –France –Germany –Australia –New Zealand –UK

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.