IT SECURITY EVALUATION ACCORDING TO HARMONIZED AND APPROVED CRITERIA Roland Mueller TÜViT, Inc. 8716 North Mopac Austin, TX 78731 phone: (512) 795-0494 email: roland@tuvit.net URL: http:\\www.tuvit.net
Presentation Plan History of Harmonization Evaluations within QM Scheme Characteristics of an Evaluation Process Main Goal of an Evaluation Types of Evaluations Scaled Security Basic Approach Evaluated IT Components / Systems
HISTORY OF HARMONIZATION Orange Book (TCSEC) 1985 Federal Criteria Draft 1993 Canadian Criteria (CTCPEC) 1993 ITSEC 1991 Common Criteria 1998 ISO/IEC 15408 UK Confidence Levels 1989 German Criteria 1989 French Criteria 1989
EVALUATIONS WITHIN THE QM-SCHEME TGA Certificate Accreditation Body (EN 45002/3) Evaluation Body (EN 45001) Certification Body (EN 45011) Manufacturer/Product ( ISO 9001)
CHARACTERISTICS OF AN EVALUATION PROCESS Impartiality Repeatability Objectivity Reproducibility
MAIN GOAL OF AN EVALUATION CONFIDENCE in implemented Security Measures
TYPES OF EVALUATIONS collaterally afterwards Re-Evaluation
SCALED SECURITY Security Functionality technical security measures designed with a specific security purpose Assurance Level confidence in the correctness of the security functionality Effectiveness Level confidence in the robustness of the security functionality
SECURITY FUNCTIONALITY (I): DEFINITION Confidentiality Integrity Availability
SECURITY FUNCTIONALITY (II): PRESENTATION Generic Headings I&A Access Control Accountability ... Functional Requirements (Part II) modular hierarchical dependencies ITSEC CC or manufacturer requirements
ASSURANCE LEVEL E6 EAL7 E5 EAL6 ITSEC E4 EAL5 E3 EAL4 CC E2 EAL3 formally verified design and tested E2 EAL3 semi-formally verified design and tested E1 EAL2 semi-formally designed and tested methodically designed, tested and reviewed methodically tested and checked EAL1 structurally tested functionally tested
EFFECTIVENESS LEVEL protection against casual breach basic protection against straightforward or intentional breach medium protection against deliberately planned or organized breach high
Security Target (Protection Profile) BASIC APPROACH Security Target (Protection Profile) Installation Tests Configuration Specification Start Up Design Security Analyses Implementation Operation Development Environment Operational Environment
EVALUATED IT COMPONENTS / SYSTEMS Smart card Operating Systems (E3 - E4, high) PC Security Products (E1, basic - E3, high) Smart card Readers (E1 - E2, basic) Personalization Systems (E2, medium) Security Modules (E3, high) Security Controller (Chip-Hardware) (E4, high) Technical Components According to SigG (E2, high / E4, high) ... „TÜViT History“