1 Common Criteria Ravi Sandhu Edited by Duminda Wijesekera.

Slides:

Advertisements

Similar presentations

Security Requirements

Advertisements

Module 1 Evaluation Overview © Crown Copyright (2000)

Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

Software Quality Assurance Plan

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #18-1 Chapter 18: Evaluating Systems Goals Trusted Computer System Evaluation.

1 Common Criteria Ravi Sandhu. 2 Common Criteria International unification CC v2.1 is ISO Flexibility Separation of Functional requirements Assurance.

Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.

Effective Design of Trusted Information Systems Luděk Novák,

The Common Criteria for Information Technology Security Evaluation

IT Security Evaluation By Sandeep Joshi

1 norshahnizakamalbashah CEM v3.1: Chapter 10 Security Target Evaluation.

The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.

Standards In The Evaluation Of IT Security Steve Randall & Scott Cadzow TC-MTS# October 2004 Sophia Antipolis 39TD025.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

The Systems Security Engineering Capability Maturity Model (ISO 21827)

1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Cryptography and Network Security Chapter 20 Fourth Edition by William Stallings.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Instituting Controls in Systems Development Gurpreet Dhillon Virginia Commonwealth University.

Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.

Fraud Prevention and Risk Management

Comparison between Family of PPs and PP with Packages Brian Smithson and Ron Nevo.

Gurpreet Dhillon Virginia Commonwealth University

Approaches for forest certification System versus performance ? Presentation prepared by Pierre Hauselmann for the WWF / WB Alliance Capacity building.

1 Autumn 2008 TM8104 IT Security Evaluation Guide on the production of Protection Profiles Karin Sallhammar Q2S/NTNU 29/11/2003 Reference: ISO/IEC TR

Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005.

A Security Business Case for the Common Criteria Marty Ferris Ferris & Associates, Inc

IS 2620: Developing Secure Systems Assurance and Evaluation Lecture 8 March 15, 2012.

Evaluating Systems Information Assurance Fall 2010.

1 A Disciplined Security Specification for a High- Assurance Grid by Ning Zhu, Jussipekka Leiwo, and Stephen John Turner Parallel Computing Centre Distributed.

Security Mark A. Magumba. Definitions Security implies the minimization of threats and vulnerabilities A security threat is a harmful event or object.

Lecture 15 Page 1 CS 236 Online Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

UNCLASSIFIED DITSCAP Primer. UNCLASSIFIED 1/18/01DITSCAP Primer.PPT 2 DITSCAP* Authority ASD/C3I Memo, 19 Aug 92 –Develop Standardized C&A Process DODI.

1.  Describe an overall framework for project integration management ◦ RelatIion to the other project management knowledge areas and the project life.

Background. History TCSEC Issues non-standard inflexible not scalable.

Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)

Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.

The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;

Common Criteria V3 Overview Presented to P2600 October Brian Smithson.

CMSC : Common Criteria for Computer/IT Systems

Security Engineering Assurance & Control Objectives Priyanka Vanjani ASU Id #

TM8104 IT Security EvaluationAutumn CC – Common Criteria (for IT Security Evaluation) The CC permits comparability between the results of independent.

1 Common Evaluation Methodology for IT Security Part 2: Evaluation Methodology chapter 5-8 Marie Elisabeth Gaup Moe 06/12/04.

Database Administration

Trusted OS Design and Evaluation CS432 - Security in Computing Copyright © 2005, 2010 by Scott Orr and the Trustees of Indiana University.

1 Using Common Criteria Protection Profiles. 2 o A statement of user need –What the user wants to accomplish –A primary audience: mission/business owner.

Copyright (C) 2007, Canon Inc. All rights reserved. P. 0 A Study on the Cryptographic Module Validation in the CC Evaluation from Vendors' point of view.

Verification Formal Verification & Formal Evaluation Derived from Purdue: Cerias.

SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:

TM8104 IT Security EvaluationAutumn Evaluation - the Main Road to IT Security Assurance CC Part 3.

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

Copyright © EWA IIT, Inc. June 17, 2002 © 2002  IIT, Inc. EWA Information & Infrastructure Technologies, Inc. 3 FOR OFFICIAL USE ONLY June 17, 2002 ©

~ pertemuan 4 ~ Oleh: Ir. Abdul Hayat, MTI 20-Mar-2009 [Abdul Hayat, [4]Project Integration Management, Semester Genap 2008/2009] 1 PROJECT INTEGRATION.

Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University

CSCE 727 Awareness and Training Secure System Development and Monitoring.

Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 5: Security Architecture and Models.

1 Security Architecture and Designs  Security Architecture Description and benefits  Definition of Trusted Computing Base (TCB)  System level and Enterprise.

Risk Assessments in Many Flavors George J. Dolicker, CISA, CISSP.

The Common Criteria for Information Technology Security Evaluation

Ch.18 Evaluating Systems - Part 2 -

Special Publication Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations Dr. Ron Ross Computer Security.

James Arnold/ Jean Petty 27 September 2007

Common Criteria Ravi Sandhu.

Common Criteria Ravi Sandhu.

Computer Security: Art and Science, 2nd Edition

Presentation transcript:

1 Common Criteria Ravi Sandhu Edited by Duminda Wijesekera

2 Common Criteria: 1998-present  TSEC retired in 2000, CC became de- facto standard  International unification CC v2.1 is ISO  Flexibility  Separation of Functional requirements Assurance requirements  Marginally successful so far v1 1996, v2 1998, widespread use ???

3 Common Criteria

4 Class, Family, Component, Package

5 Security Functional Requirements  Identification and authentication  Cryptographic support,  Security management,  Protecting ToE access and security functions  Communication,  Privacy,  Trusted paths,  Channels,  User data protection,  Resource utilization  Audit  Forensic analysis

6 Security Assurance Requirements  Life cycle support, 1.Pre requirements: Guidance documents 2.Requirements analysis for consistency and completeness 3.Vulnerability analysis 4.Secure design 5.Development 6.Testing  Functional, security specifications  vulnerability 7.Delivery and operations 8.Maintenance  Assurance maintenance  Configuration management

7 CC Methodology  ToE Security Policy (TSP): set of rules regulating asset management, protection and distributed in system  ToE Security Function (TSF): HW+SW and firmware used for the correct enforcement of TSP  Protection profile (PP): set of (security) requirments  Security target (ST): set of (security) requirements to be used as a evaluation

8 CC Introductory: Section 1 of 8  ST identification: precisely stated information required to identify ST  ST overview: narrative acceptable as a a standalone description of the ST  CC Conformance: Claim: a statement of conformance to the CC. Part 2 conformance: if using only functional requirements

9 CC Product/system description: Section 2 of 8  Describes the ToE,  Boundaries Logical physical  Scope of evaluation

10 CC Product/system family environment: Section 3 of 8  Assumptions of intended usage  Threat and their agents  Organizational security policy that must be adhered to in providing protection

11 CC Security objective: Section 4 of 8  Objectives for the product/system: Traceable to identified threats and/or organizational policy  Objectives for the environment: must be traceable to threats not completely encountered by the system and policies or assumptions not completely met by the system

12 CC IT Security requirements: Section 5 of 8  Functional security requirements: from CC  Security assurance requirements: must be augmented by the author as addendums to the EAL

13 CC Product/summary specification: Section 6 of 8  A statement of security function and how these are met as functional requirements  A statement of assurance requirements and how these are met as

14 CC PP Claims: Section 7 of 8  Claims of conformance

15 CC Rationale: Section 8 of 8  Explains various aspects of CC  Security objective rationale  Security requirements rationale  Summary specification rationale  Rationale for not meeting all dependencies  PP claims rationale: explains the differences between objectives, requirements and conformance claims

16 Seven Levels of Evaluation  EAL1: functionally tested  EAL2: structurally tested  EAL3: methodically tested and checked  EAL4: methodically designed, tested and reviewed  EAL5: semi-formally designed and tested  EAL6: semi-formally designed, verified and tested  EAL7: formaly verified, designed and tested

17 The evaluation process  Controlled by C Evaluation Methodology (CEM) and NIST  Many labs are accredited by NIST and charge a fee for evaluation  Vendor selects a lab to evaluate the PP  The vendor and the lab negotiates the process and a schedule and the lab issues a rating

18 Evaluation and testing  Security must be designed in  Security can be retrofitted Impractical except for simplest systems Evaluation levels  Black box  Gray box  White box

19 EAL, TSEC and ITSEC

20 Future of Testing  Continues to evolve  Quality of Protection (QoP): some research efforts to measure security qualitatively.

21 The SSE-CMM Model 1997-present  System Security Capability Maturity Model  A process oriented model for developing secure systems  Capability models define requirements for processes  CC and its predecessors define requirements for security

22 SSE-CMM Definitions  Process capability: the range of expected results by following the process  Process performance: a measure of the actual results received  Process maturity: the extent to which a process is explicitly defined, managed, measured, controlled and effective

23 Process areas of SSE-CMM  Administrator controls  Assess impact  Asses threat  Asses vulnerability  Build assurance arguments  Coordinate security  Monitor system security posture  Provide security input  Specify security needs  Verify and validate security

24 Example: assessing threats  Identify natural threats  Identify human threats  Identify threat units and measures  Access threat agent capability  Asses threat likelihood  Monitor threats and their characteristics

25 Five capability maturity levels  Represents process maturity 1.Performed informally: base processes are performed 2.Planned and tracked: has project-level definition, planning and performance verification 3.Well-defined: focused on defining, refining a standard practice and coordinating across organization 4.Continuously improving: organizational capability and process effectiveness improved.