Presentation is loading. Please wait.

Presentation is loading. Please wait.

Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005.

Similar presentations


Presentation on theme: "Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005."— Presentation transcript:

1 Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005

2 2 Introduction usage of Common Criteria (CC) compliance with Higher Level Security Policy legal requirements / principles (CZ Act #148/98) organization security requirements Life Cycle Definition of the entire IS (planning, development, implementation, approval, operation, further development and withdrawal) solution of respective Security Areas (personal security, physical security, cryptographic information protection, administrative security and organizational measures) Certification / Approval to operate The security design of an IS handling classified information requires:

3 3 Preliminary/Expert IS Security Design and Risk Analysis Identify the scope of the IS an existing IS or newly designed IS (with preliminary or expert security architecture) The IS architecture should be based on User Operational Requirements Security Requirements Risk Analysis (assets, threats, vulnerabilities, countermeasures, …)

4 4 Example

5 5 IS Security Design The “IS Security Design” as such must include the necessary security requirements and be eligible for evaluation. This implies: the IS Security Design is made within the structure prescribed for the Security Target by CC; the Design follows the risk analysis results; threats must be covered by the CC requirements and additional higher level security policy requirements; separate security requirements for the TCB and border devices; for each security technology determine a consistent range of security functional and security assurance requirements; necessary IT products conforming to the set requirements may be chosen on the market or developed.

6 6 Security ObjectiveDescriptionISBorder O.I&A user’s unique Identification and Authentication prior to granting access … Yes O.RESIDUAL_INFO…Yes O.DOMAIN_SEPARATION…Yes O.INFORMATION_FLOW…Yes O.SELF_PROTECT_NODE…Yes O.DEFENCE_IN_DEPTH…Yes O.ANTIVIR…Yes etc. IT Security Objectives Assumptions, Organizational Security Policies, Threats to Security… IS Description - Security Objectives

7 7 Non-IT Security Objectives Security ObjectiveDescription O.INSTALLATION Procedures for delivery, installation, administration and operation must be established. … O.VERIFICATION Ensure that security implementation is verified … prior to the approval to operate classified information O.IS_LIVE_CYCLE The IS life cycle stages and rules are established for both the IS operator and supplier’s environments O.TRUST_APL_SW Only trusted application SW, free from malicious codes and causing no failures, will be installed etc. IS Description - Security Objectives

8 8 Objectives of IS Security Environment Security ObjectiveDescription OE.PHYSICAL_SEC All the personnel responsible for the IS must ensure that the security-critical components of the IS are protected against a physical attack … OE.PERSONAL_SEC The personal security requirements must be met (i.e. CZ Act #148/1998) OE.DOCUMENT_SEC Departmental administrative security is pursued according to NSA Directive #137/2003 OE.NO_EVIL_USERS etc. OE.INCIDENT_REACT etc. IS Description - Security Objectives

9 9 IS Security Functional Requirements (SFR) IS Security Functional Requirements CC IDFunctional component Security audit (FAU) FAU_GEN.1 … see CC FAU_GEN.2 … see CC etc. Extended functional requirements (FEX) FEX_RPL.1 Secure data replication between the distributed IS components FEX_WAR.1 Warning to the user about the legal implications of unauthorized system use FEX_ANV.1 Antivirus protection etc.

10 10 IS Security Functional Requirements (SFR) IS Internal Security Environment Requirements Class IDFunctional component Physical Security (FPH) FPH_SAR.1Assets being placed in a security area FPH_SAR.2Servers and interface devices separated from users FPH_SAR.3Cryptographic devices separated from the other assets Personnel Security (FPE) FPE_CLE.1Personal Clearance Certificate FPE_ASS.1Need-to-Know assignment FPE_ASS.2Assignment for the role in IS management FPE_ASS.3External Organization and Contractor assignment Document Security (FDS) … Border Protection (FBP) … Organizational Measures (FOR) …

11 11 IS Security Assurance Requirements (SAR) The security assurance requirements should be established differently for each IT product: TCB - EAL3 suffices for IT in an IS with “system-high” security mode of operation; Antivirus – selected on the basis of practical operational experience, i.e. reliability and good performance in terms of prevention, detection and remediation; Border – EAL is required for border security devices and components depending on the level of the ISs being interconnected (EAL4 for Restricted and Limited levels); Crypto – The products used for cryptographic protection of classified information requires appropriate NSA certificate; Good and strong commercial crypto device or SW suffice for cryptographic protection of the LIMITED information.

12 12 IS Specification Summary IS Security Functions - Locations of Security Mechanisms on HW components ComputerDomain W2KW2K AVAV ATAT DADA CGCG CDCD SSBSSB Working StationAllXX DC ServerAllX Servers (Apl, DB)AllXXX DA ServerAllXX R-CG ServerRestrictXXXX L-CG ServerLimitedXXX SSBAllX CS - Comm. stationWANXX X – Security mechanism is located on the computer

13 13 IS Specification Summary - Allocation of Functional Requirements to Security Mechanisms CC ID or Extended ID W2KAVATDACGCDSSBEnv FAU_GEN.1XXXXXXX FAU_GEN.2XXXX FAU_SAA.2XX etc. FEX_RPL.1 X FEX_VAR.1 X FEX_ANV.1 X etc. FPH_SAR.1 X etc., …X

14 14 IS Specification Summary Measures for realization of IS Security Assurance Requirements EAL3 requirements are applied to W2K (actually W2K complies with EAL4 Augmented) EAL3 requirements are applied to the IS environment EAL4 requirements are applied to the DA, CG and SSB special SW The additional requirements are applied to the certified crypto-device and a commercial crypto-device - Security Assurance Requirements mapping (the same way as Functional Requirements in the previous chart)

15 15 Rationale all threats and organizational policies have been covered by at least one IT, non-IT or environment Security Objective, and these are sufficient to deal with them; all Security Objectives (for IT, non-IT and environment) have been covered by the Security Functional Requirements (SFR) and the Security Assurance Requirements (SAR); the SFR and the SAR are capable of covering the requirements for overall IS security. The rationale includes commercial certified and non-certified components, newly developed components and those for the cryptographic protection; The rationale demonstrates the completeness of the security target implementation. The last section provides a review of Vulnerabilities and the level of Residual Threats which they are exposed to.

16 16 Selection and Development of Products for IS Selection of commercial products the Security Target and a Certificate the certificate is not required for products with lower demands for guarantees (reliable products verified by practice) Development of new products on the basis of written document “Requirements for Product Development” IS implementation requires products which comply with the above specified SFR and SAR The Certification Authority issues a certificate for the entire IS on the basis of the test results and the evaluation of all the IS security components.

17 17 Conclusion The solution presented in this article suggests possible procedures in using the Common Criteria when designing a complex IS. This procedure makes it possible to break down the overall security requirements into partial domains and technologies and shows the way to the development of necessary secure IT products.

18 Thank you for attention František VOSEJPKA CIS Security consultant S.ICZ a.s. E-mail: frantisek.vosejpka@i.cz


Download ppt "Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005."

Similar presentations


Ads by Google