Security Functional Requirements Kashif Imran. Overview Common Criteria Protection Profiles Security Objectives Security Requirements Security Functional.

Slides:



Advertisements
Similar presentations
Security Requirements
Advertisements

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Manager, Product Evaluation
A NALYTICS D ECISIVE A NALYTICS 1 Introduction to the Common Criteria and the Underlying Concepts of Trust in Computer Systems Michael McEvilley SIGAda.
Effective Design of Trusted Information Systems Luděk Novák,
IT Security Evaluation By Sandeep Joshi
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
Graduated CC Protection Profiles for Cryptographic Modules Bundesamt für Sicherheit in der Informationstechnik (BSI) (Federal Office for Information Security)
1 An Overview of Computer Security computer security.
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Cloud Usability Framework
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
Storage Security and Management: Security Framework
Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005.
1 A Disciplined Security Specification for a High- Assurance Grid by Ning Zhu, Jussipekka Leiwo, and Stephen John Turner Parallel Computing Centre Distributed.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Background. History TCSEC Issues non-standard inflexible not scalable.
Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan.
Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.
February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare.
CACR CC Briefing Stephen Booth Computer and System Security Section Communications Security Establishment
CMSC : Common Criteria for Computer/IT Systems
NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
TM8104 IT Security EvaluationAutumn CC – Common Criteria (for IT Security Evaluation) The CC permits comparability between the results of independent.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure.
Module 7: Implementing Security Using Group Policy.
Audit COM380 University of Sunderland Harry R. Erwin, PhD.
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
Basic Security Cor Loef Philips Medical Systems Co-Chair IHE Radiology Technical Committee.
Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Computer Security Introduction
CS457 Introduction to Information Security Systems
TCSEC: The Orange Book.
Securing Network Servers
Chapter 1: Introduction
Information System and Network Security
Database Security and Authorization
Ch.18 Evaluating Systems - Part 2 -
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
SUBMITTED BY: NAIMISHYA ATRI(7TH SEM) IT BRANCH
Web Applications Security INTRO
2006 Annual Research Review & Executive Forum
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
NET 311 Information Security
Chapter 1: Introduction
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Chapter 29: Program Security
Computer Security Introduction
PLANNING A SECURE BASELINE INSTALLATION
Introducing NTFS Reliability Security Long file names Efficiency
Security in SDR & cognitive radio
Designing IIS Security (IIS – Internet Information Service)
Access Control What’s New?
Cryptography and Network Security
Security Mechanisms Network Security.
Presentation transcript:

Security Functional Requirements Kashif Imran

Overview Common Criteria Protection Profiles Security Objectives Security Requirements Security Functional Requirements

Overview

PP for Directory for US Department of Defense. Identifies the directory’s basic security requirements. Functional and Assurance requirements. Overview

Common Criteria

Used as the basis for evaluation of security properties of IT products. Permits comparability between the results of independent security evaluations. Evaluation results may help consumers. Common Criteria

Useful for the development of IT products with security functionality. Provides protection from unauthorized disclosure, modification, or loss of use. Common Criteria

Protection Profiles

PP describes the general requirements for a TOE. Product acquisition guide for IT department. PP is a set of security requirements for desired product or system. Protection Profiles

It can be made using the CC. PP consists of mainly 4 parts. –TOE Description. –Security Environment. –Security Objectives. –Security Requirements. Protection Profiles

Security Objectives

The security objectives are a concise and abstract statement. Provide a high-level, natural language solution of the problem Security objectives is divided into two part wise solutions. –Security objectives for the TOE –Security objectives for the Operational Environment

Security objectives for the TOE The TOE provides security functionality to solve a certain part of the problem defined by the security problem definition. Example: The TOE shall keep confidential the content of all files transmitted between it and a Server.

Security objectives for the TOE Some of the Security objectives of the TOE are: –O.AuditReview The TOE must provide the means for authorized users to review the audit data in a timely and efficient manner. –O.Availability The TOE must ensure its information is available. –O.Confidentiality The TOE must provide a means to ensure the confidentiality of data when required.

Security objectives for the Operational Environment The operational environment of the TOE implements technical and procedural measures to assist the TOE in correctly providing its security functionality. Example: The operational environment shall provide a workstation with the OS Inux version 3.01b to execute the TOE on.

Security objectives for the Operational Environment Some of the Security objectives of the Operational Environment are: –OE.AuditLog Administrators and Auditors must ensure that audit facilities are used and managed effectively. –OE.AuthInfo Those responsible for the TOE must ensure that the authentication data for each user account and for the TOE itself is held securely and not disclosed to persons not authorized to use the account. –OE.Operations Those responsible for the TOE must ensure that the TOE and its operating platform are delivered, installed, managed, and operated in a manner which maintains IT security.

Security Requirements The Security requirements consists of two groups of requirements: –Security Functional Requirements (SFRs). –Security Assurance Requirements (SARs).

Security Assurance Requirements Description of how assurance is to be gained that the TOE meets the SFRs. It describes how the TOE is to be evaluated.

Security Functional Requirements These requirements describe the desired security behaviour expected of a Target of Evaluation (TOE). These requirements describe security properties that users can detect by direct interaction Security objectives for the operational environment are not required to be translated.

Class Structure

Family Structure

Component Structure

TOE SECURITY FUNCTIONAL REQUIREMENTS

Functional Components Class FAU: Audit Class FCO: Communication Class FCS: Cryptographic Support Class FIA: Identification and Authentication Class FMT: Security Management Class FPT: Protection of the TOE Security Functions Class FRU: Resource Utilisation Class FTP: Trusted Path/Channels

Class FAU: Audit FAU_ARP.1 Security Audit Automatic Response – Security Alarms FAU_GEN.1 Audit data generation FAU_GEN.2 Audit data generation – User Identify Association FAU_SAA.1 Security Audit Analysis – Potential Violation Analysis FAU_SAR.1 Security Audit Review – Audit Review FAU_SAR.2 Security Audit Review – Restricted Audit Review FAU_SEL.1 Security Audit Event Selection – Selective Audit FAU_STG.2 Security Audit Event Storage – Guarantees of Audit Data Availability FAU_STG.3 Security Audit Event Storage – Action in case of possible audit data loss

Class FAU: Audit FAU_ARP.1 Security alarms. Hierarchical to: No other components. FAU_ARP.1.1 The TSF shall report to an authorized role upon detection of a potential security violation. Dependencies: –FAU_SAA.1 Potential violation analysis

Class FAU: Audit FAU_GEN.1 Audit data generation Hierarchical to: No other components. FAU_GEN.1.1 The TSF shall be able to generate an audit record of the following auditable events. Loss of a secure state Possibly protocol failures Dependencies: FAU_SAA.1 Potential violation analysis

Class FAU: Audit FAU_GEN.2 User identity association Hierarchical to: No other components. FAU_GEN.2.1 The TSF shall be able to associate each auditable event with the identity of the user that caused the event. Dependencies: –FAU_GEN.1 Audit data generation –FIA_UID.1 Timing of identification

Class FCO: Communication FCO_NRO.1 Selective proof of origin FCO_NRR.1 Selective proof of receipt

Class FCO: Communication FCO_NRO.1 Selective proof of origin Hierarchical to: No other components. FCO_NRO.1.1 The TSF shall be able to generate evidence of origin. FCO_NRO.1.2 The TSF shall be able to relate the originator of the information. Dependencies: –FIA_UID.1 Timing of identification

Class FCS: Cryptographic Support FCS_CKM.1 Cryptographic Key Generation FCS_CKM.2 Cryptographic Key Distribution FCS_CKM.4 Cryptographic Key Destruction FCS_COP.1 Cryptographic Operation

Class FCS: Cryptographic Support FCS_CKM.1 Cryptographic key generation for encrypted communication with remote trusted products. Hierarchical to: –No other components. FCS_CKM.1.1 The TSF shall generate cryptographic keys in accordance with a specified cryptographic key generation algorithm. Dependencies: –FCS_CKM.2 Cryptographic key distribution or FCS_COP.1 Cryptographic operation –FCS_CKM.4 Cryptographic key destruction –FMT_MSA.2 Secure security attributes

Class FCS: Cryptographic Support FCS_COP.1;1 Cryptographic operation Hierarchical to: –No other components. FCS_COP.1.1 The TSF shall perform in accordance with a specified cryptographic algorithm and cryptographic key sizes. Dependencies: –FDP_ITC.1 Import of user data without security attributes or FCS_CKM.1 Cryptographic key generation. –FCS_CKM.4 Cryptographic key destruction –FMT_MSA.2 Secure security attributes

Class FIA: Identification and Authentication FIA_AFL.1 Authentication failure handling FIA_ATD.1 User attribute definition FIA_UAU.2 User authentication before any action FIA_UAU.4 Single -use authentication mechanism FIA_UAU.5 Multiple Authentication mechanisms FIA_UID.2 User identification before any action FIA_USB.1 User-subject binding

Class FIA: Identification and Authentication FIA_AFL.1 Authentication failure handling Hierarchical to: –No other components. FIA_AFL.1.1 The TSF shall detect when unsuccessful authentication attempts occur. FIA_AFL.1.2 When the defined number of unsuccessful authentication attempts has been met or surpassed, the TSF shall change the user’s identity status to inactive. Dependencies: – FIA_UAU.1 Timing of authentication

Class FIA: Identification and Authentication FIA_UAU.4 Single-use authentication mechanisms Hierarchical to: –No other components. FIA_UAU.4.1 The TSF shall prevent reuse of authentication data. Dependencies: –No dependencies

Class FMT: Security Management FMT_MOF.1 Management of Security Functions Behavior FMT_MSA.1 Management of security attributes FMT_MSA.2 Secure Security attributes FMT_MSA.3 Static Attribute Initialisation FMT_MTD.1 Management of TSF Data FMT_SMR.2 Restrictions on Security roles

Class FMT: Security Management FMT_MOF.1 Management of security functions behaviour. Hierarchical to: –No other components. FMT_MOF.1.1 The TSF shall restrict the ability to modify the behaviour of the functions [FunctionsTable ].FunctionsTable Dependencies: –FMT_SMR.1 Security roles

Class FMT: Security Management FMT_MSA.3 Static attribute initialisation. Hierarchical to: –No other components. FMT_MSA.3.1 The TSF shall enforce the default values for security attributes. FMT_MSA.3.2 The TSF shall allow to specify alternative initial values to override the default values when an object or information is created. The initial values may be different depending on the user’s domain. Dependencies: –FMT_MSA.1 Management of security attributes –FMT_SMR.1 Security roles

Class FPT: Protection of the TOE Security Functions FPT_AMT.1 Abstract Machine Testing FPT_FLS.1 Failure with preservation of secure state NewEXT_FPT_IIC.11 Inter-TSF Confidentiality of Imported Data NEWEXT_FPT_III.12 Integrity of Imported TSF data - Inter-TSF detection of modification FPT_ITA.1 Inter-TSF availability within a defined availability metric FPT_ITC.1 Inter-TSF Confidentiality of Exported Data

Class FPT: Protection of the TOE Security Functions FPT_ITI.1 Inter-TSF detection of modification FPT_RPL.1 Replay detection FPT_RVM.1 Non-bypassability of the TSP FPT_SEP.1 TSF domain separation FPT_STM.1 Reliable time stamps FPT_TDC.1 Inter-TSF basic TSF data consistency FPT_TST.1 TSF testing

Class FPT: Protection of the TOE Security Functions FPT_AMT.1 Abstract machine testing Hierarchical to: –No other components. FPT_AMT.1.1 The TSF shall run a suite of tests to demonstrate the correct operation of the security assumptions provided by the abstract machine that underlies the TSF. Dependencies: –No dependencies

Class FPT: Protection of the TOE Security Functions FPT_FLS.1 Failure with preservation of secure state Hierarchical to: –No other components. FPT_FLS.1.1 The TSF shall preserve a secure state when the following types of failures occur: –failure of an automated audit system. –others to be discussed. Dependencies: –ADV_SPM.1 Informal TOE security policy model

Class FRU: Resource Utilisation FRU_RSA.1 Maximum quotas Hierarchical to: –No other components. FRU_RSA.1.1 The TSF shall enforce maximum quotas of the resources: –Resources that user / users can use simultaneously / over a specified period of time. Dependencies: –No dependencies.

Class FTP: Trusted path/channels FTP_ITC.1 Inter-TSF trusted channel Hierarchical to: –No other components. FTP_ITC.1.1 The TSF shall provide a communication channel between itself and a remote trusted IT product. - FTP_ITC.1.2 The TSF shall permit to initiate communication via the trusted channel. FTP_ITC.1.3 The TSF shall initiate communication via the trusted channel. Dependencies: – No dependencies

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.