Presentation is loading. Please wait.

Presentation is loading. Please wait.

Standards In The Evaluation Of IT Security Steve Randall & Scott Cadzow TC-MTS#39 20-21 October 2004 Sophia Antipolis 39TD025.

Published bySpencer Bruce Modified over 9 years ago

Similar presentations

Presentation on theme: "Standards In The Evaluation Of IT Security Steve Randall & Scott Cadzow TC-MTS#39 20-21 October 2004 Sophia Antipolis 39TD025."— Presentation transcript:

1 Standards In The Evaluation Of IT Security Steve Randall & Scott Cadzow TC-MTS#39 20-21 October 2004 Sophia Antipolis 39TD025

2 12-Oct-04TC-MTS 39TD0252 Common Criteria  Products offering security features always carefully evaluated (particularly by government bodies)  Mid-90s, evaluation bodies got together to define a single set of evaluation requirements, the “Common Criteria (CC)” in ISO/IEC 15408  Part 1: Introduction and general model  Part 2: Security functional requirements  Part 3: Security assurance requirements  Rapidly growing interest in security and evaluation within commercial world  Key aspects of CC:  Formal evaluation process  Using trained evaluators  International recognition of results

3 12-Oct-04TC-MTS 39TD0253 CC Terminology  Protection Profile (PP)  Abstract specification of required security functionality  Security Target (ST)  Concrete specification of a product providing required security functionality  Target Of Evaluation (TOE)  Actual product providing required security functionality

4 12-Oct-04TC-MTS 39TD0254 Standards and CC [1]  CC generally used to evaluate product  Communications products often incorporate implementations of standards  Standards are rarely evaluated under CC  The question for TISPAN:  Can standards be written in a way that simplifies the evaluation of products implementing them?

5 12-Oct-04TC-MTS 39TD0255 Standards and CC [2]  Protocol standards are spiritually close to PPs  Specify implementation independent requirements  Use formalized text to specify requirements (shall, may, should…)  Use specification languages for design, validation and testing (SDL, UML, MSC, ASN.1, TTCN)  Have traceability:  Title  Version numbering  Change control

6 12-Oct-04TC-MTS 39TD0256 What is TISPAN Doing ? - Long Term -  Providing guidance to standards developers on standards preparation  To allow evaluation  To achieve higher quality standards  Introducing CC vocabulary  Requirements stated in terms of ISO/IEC 15408 Part 2  Evaluation stated as a goal of standardisation

7 12-Oct-04TC-MTS 39TD0257 What is TISPAN Doing ? - Short Term –  A guide to CC as it applies to standards  Evaluation Assurance Levels (EALs)  Functional requirements classes  Evaluation classes  Proforma for PP  Guidance on preparing a standard for CC evaluation:  Format  Content  Development process  Proforma for ST  Format and overview of developers’ responsibilities in preparing a product for evaluation

8 12-Oct-04TC-MTS 39TD0258 Evaluation Assurance Levels (EAL)  EAL 1:Functionally tested  EAL 2:Structurally tested  EAL 3:Methodically tested and checked  EAL 4:Methodically designed, tested and reviewed  EAL 5:Semiformally designed and tested  EAL 6:Semiformally verified design and tested  EAL 7: Formally verified design and tested

9 12-Oct-04TC-MTS 39TD0259 CC Specification Structure  Functional requirements and evaluation requirements categorized as Classes, Families and Components. Class Family Component

10 12-Oct-04TC-MTS 39TD02510 Functional Requirements Classes  FAU:Security Audit  FCO:Communication  FCS:Cryptographic Support  FDP:User Data Protection  FIA:Identification and Authentication  FMT:Security Management  FPR:Privacy  FPT:Protection of TOE Security Functions  FRU:Resource Utilization  FTA:TOE Access  FTP:Trusted Paths and Channels

11 12-Oct-04TC-MTS 39TD02511 Example Families (FIA)  FIA_AFL:Authentication Failures  FIA_ATD:User Attributes Definition  FIA_SOS:Specification Of Secrets  FIA_USU:User Authentication  FIA_UID:User Identification  FIA_USB:User-Subject Binding

12 12-Oct-04TC-MTS 39TD02512 Assurance Classes  APE:Protection Profile Evaluation  ASE:Security Target Evaluation  ACM:Configuration Management  ADO:Delivery and Operation  ADV:Development  AGD:Guidance Documents  ALC:Life Cycle Support  ATE:Tests  AVA:Vulnerability Analysis

13 12-Oct-04TC-MTS 39TD02513 Example Families (ADV)  ADV_FSP:Functional Specification  ADV_HLD:High-Level Design  ADV_IMP:Implementation representation  ADV_INT:TOE Security Function Internals  ADV_LLD:Low-Level Design  ADV_RCR:Representation Correspondence  ADV_SPM:Security Policy Modelling

14 12-Oct-04TC-MTS 39TD02514 Protection Profile  Although content similar, PP is written in a different way to a standard. It is, therefore:  unlikely (and undesirable) that ETSI will change the style of its standards;  unreasonable to expect ISO and the security community to change the way a PP is written;  unrealistic to expect an evaluator to find all PP information in an ETSI standard (or multiple standards);  inefficient to write out information twice (once in a standard and again in the PP).  “PICS” approach adopted where information is summarized in a table which includes references to text rather than the text itself.

15 12-Oct-04TC-MTS 39TD02515 PP Header ETSI Protection Profile Introduction Doc No.VersionDate Full Title OverviewCopy the Scope clause here Description This should come directly from the first clause in the main body of the standard (clause 4?) which is likely to be a general introduction.

16 12-Oct-04TC-MTS 39TD02516 PP Security Environment aSecurity Environment (This section should summarize the Vulnerability Analysis) a.1Assumptions a.1.1Users are assumed to be suitably authorizedB.4.2 a.2Assets a.2.5Authentication keys7.5, B.8.1 a.3Threat agents a.3.2Unauthorized software applicationsB.9.1 a.4Threats a.4.8Unauthorized modification or destruction of an authentication keyB.9.5 a.5Security policies (OPTIONAL) a.5.3Common Criteria for Information Technology Security EvaluationISO/IEC 15408

17 12-Oct-04TC-MTS 39TD02517 PP Security Objectives bSecurity Objectives (Information likely to come from a different doc, e.g., Stage 1 or Stage 2) b.1Security objectives for the TOE b.1.1Users must be identified and authenticated on registrationEG 205 123 §5.4 b.2Security objectives for the environment b.2.1 The database of user registration information must be up ‑ to ‑ date EG 205 123 §5.6

18 12-Oct-04TC-MTS 39TD02518 PP Security Requirements cSecurity Requirements (Information should come directly from the security standard) c.1TOE security requirements c.1.1TOE security functional requirements c.1.1.7It shall be possible for a suitably authorized user to establish and modify the access rights of other users FDP_ACF.1.28.7 c.1.3TOE security assurance requirements c.1.3.1A TOE implementing this PP shall be evaluated at CC EAL4 ISO/IEC 15408 ‑ 3 c.2Environment security requirements (OPTIONAL) c.2.4User authentication data shall be protected during transmission through the network FDP_ETC.27.3

19 12-Oct-04TC-MTS 39TD02519 PP Additional Information dAdditional Information (OPTIONAL) eRationale Reference to a document or annex explaining how the selected security objectives and requirements counter the threats identified in the Vulnerability Analysis. It is probably a good idea to include the rationale in the Vulnerability Analysis.

20 Standards In The Evaluation Of IT Security 39TD025

Download ppt "Standards In The Evaluation Of IT Security Steve Randall & Scott Cadzow TC-MTS#39 20-21 October 2004 Sophia Antipolis 39TD025."

Similar presentations

Security Requirements

Security Requirements
Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
University of Tulsa - Center for Information Security Common Criteria Dawn Schulte Leigh Anne Winters.

University of Tulsa - Center for Information Security Common Criteria Dawn Schulte Leigh Anne Winters.
Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.

Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.
ANSI/ASQ E Overview Gary L. Johnson U.S. EPA

ANSI/ASQ E Overview Gary L. Johnson U.S. EPA
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Effective Design of Trusted Information Systems Luděk Novák,

Effective Design of Trusted Information Systems Luděk Novák,
The Common Criteria for Information Technology Security Evaluation

The Common Criteria for Information Technology Security Evaluation
IT Security Evaluation By Sandeep Joshi

IT Security Evaluation By Sandeep Joshi
1 norshahnizakamalbashah-19112007- CEM v3.1: Chapter 10 Security Target Evaluation.

1 norshahnizakamalbashah CEM v3.1: Chapter 10 Security Target Evaluation.
The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.

The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.

1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
Security Controls – What Works

Security Controls – What Works
1 Software Requirement Analysis Deployment Package for the Basic Profile Version 0.1, January 11th 2008.

1 Software Requirement Analysis Deployment Package for the Basic Profile Version 0.1, January 11th 2008.
RC14001 ® Update GPCA Responsible Care Committee September 23, 2013.

RC14001 ® Update GPCA Responsible Care Committee September 23, 2013.
Chapter 3 Software process Structure Chapter 3 Software process Structure Moonzoo Kim KAIST 1.

Chapter 3 Software process Structure Chapter 3 Software process Structure Moonzoo Kim KAIST 1.
Fraud Prevention and Risk Management

Fraud Prevention and Risk Management
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
Instructions and forms

Instructions and forms

Similar presentations

Ads by Google