Policies vs Threats by Albert Dorofeev, Sony Corporation 10 th International Common Criteria Conference, 2009.

Slides:



Advertisements
Similar presentations
Module 1 Evaluation Overview © Crown Copyright (2000)
Advertisements

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Effective Design of Trusted Information Systems Luděk Novák,
Agenda COBIT 5 Product Family Information Security COBIT 5 content
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Pertemuan 16 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
1 Terrie Diaz/ James Arnold 27 September 2007 Threats, Policies, and Assumptions in the Common Criteria What is the target of evaluation anyhow?
Applied Cryptography for Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Accounting and the Business Environment
Fraud Prevention and Risk Management
Key Management in Cryptography
Introduction to Network Defense
Release & Deployment ITIL Version 3
Dr. Mohamed A. Hamada Lecturer of Accounting Information Systems
Documenting Network Design
SEC835 Database and Web application security Information Security Architecture.
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Security Policies Jim Stracka The Problem Today.
Information Systems Security Computer System Life Cycle Security.
21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: MIH Protocol Security Date Submitted: December, 2007 Presented.
Best Practices By Gabriel Rodriguez
Cryptography and Network Security
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
The Security Analysis Process University of Sunderland CSEM02 Harry R. Erwin, PhD.
ISA 562 Internet Security Theory & Practice
Considering Internal Control
General Key Management Guidance. Key Management Policy  Governs the lifecycle for the keying material  Hope to minimize additional required documentation.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Software component evaluation A developer’s perspective Sony Corporation’s presentation for the 6 th International Common Criteria Conference.
Cryptography, Authentication and Digital Signatures
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
1 Common Criteria Ravi Sandhu Edited by Duminda Wijesekera.
Disclosure risk when responding to queries with deterministic guarantees Krish Muralidhar University of Kentucky Rathindra Sarathy Oklahoma State University.
Network Security Lecture 20 Presented by: Dr. Munam Ali Shah.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Accounting and the Business Environment Chapter 1 1-1Copyright ©2014 Pearson Education, Inc. publishing as Prentice Hall.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Security Requirements of NVO3 draft-hartman-nvo3-security-requirements-01 S. Hartman M. Wasserman D. Zhang 1.
Software component evaluation A developer’s perspective Sony Corporation’s presentation for the 6 th International Common Criteria Conference.
G53SEC 1 Reference Monitors Enforcement of Access Control.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
McGraw-Hill/Irwin © 2013 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 11 Computer Crime and Information Technology Security.
Information Security IBK3IBV01 College 2 Paul J. Cornelisse.
SecSDLC Chapter 2.
SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:
The Service Monitoring and Control Toolkit 1 Protect your business with an effective alert management system and high service availability.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
PMRM Revision Discussion Slides Illustrations/Figures 1-3 o Model, Methodology, “Scope” options Functions, Mechanisms and “Solutions” Accountability and.
Security Hannes Tschofenig. Goal for this Meeting Use the next 2 hours to determine what the security consideration section of the OAuth draft(s) should.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
Service Design.
UNIT 7 SEMINAR Unit 7 Chapter 9, plus Lab 13 Course Name – IT482 Network Design Instructor – David Roberts – Office Hours: Tuesday.
Cloud Testing Shilpi Chugh.
Maryna Komarova (ENST)
IS4680 Security Auditing for Compliance
Presentation transcript:

Policies vs Threats by Albert Dorofeev, Sony Corporation 10 th International Common Criteria Conference, 2009

10th ICCC, 2009Policies vs Threats2 Contents Security Problem Definition Security Problem Definition –Assets –Assumptions –Threats –Policies SPD through the use of Threats SPD through the use of Threats SPD through the use of Policies SPD through the use of Policies Examples of SPD to compare Examples of SPD to compare What happens to attacks and Threats What happens to attacks and Threats Effect of using Policies Effect of using Policies

10th ICCC, 2009Policies vs Threats3 Security Problem Definition Assets Assets Assumptions Assumptions Threats Threats Policies Policies

10th ICCC, 2009Policies vs Threats4 Assets “assets - entities that the owner of the TOE presumably places value upon.” “assets - entities that the owner of the TOE presumably places value upon.” Asset is an object that a customer places into our hands for safekeeping Asset is an object that a customer places into our hands for safekeeping (yes, we also have our own secrets to keep) (yes, we also have our own secrets to keep) The security functionality of a product is usually mainly concerned with the operations on assets The security functionality of a product is usually mainly concerned with the operations on assets

10th ICCC, 2009Policies vs Threats5 Assumptions Assumptions are made on the operational environment in order to be able to provide security functionality Assumptions are made on the operational environment in order to be able to provide security functionality Assumption = Limitation of the scope Assumption = Limitation of the scope Assumption = Risk Assumption = Risk –Once an assumption does not hold, there is no guarantee that the product operates in a secure manner Always a trade-off between cost and risk Always a trade-off between cost and risk Fewer assumptions = Lower risk Fewer assumptions = Lower risk

10th ICCC, 2009Policies vs Threats6 Threats A threat is an adverse action performed by a threat agent on an asset A threat is an adverse action performed by a threat agent on an asset Threats are always evolving as new attacks are discovered Threats are always evolving as new attacks are discovered The list of threats is outdated as soon as it is published The list of threats is outdated as soon as it is published The solution applied by the schemes: The solution applied by the schemes: –ST specifies the threats that are very specific to the product –The lab applies automatically all the ‘usual’ threats relevant to the category of the product

10th ICCC, 2009Policies vs Threats7 SPD through Threats Ideally: specific threats against the specific product Ideally: specific threats against the specific product Really: a disguise for the list of known attacks Really: a disguise for the list of known attacks Result: immediately outdated at completion Result: immediately outdated at completion More: does not fit into the design flow More: does not fit into the design flow Side effect: ST grows with every new attack and every new customer who has a peculiar threat Side effect: ST grows with every new attack and every new customer who has a peculiar threat

10th ICCC, 2009Policies vs Threats8 Traditional design flow IntentionAssumptions/ThreatsObjectivesRequirementsDesignRealityDesignRequirementsObjectivesAssumptions/Threats

10th ICCC, 2009Policies vs Threats9 Using security policies A positive forward statement of the product’s security capabilities, purpose and strengths A positive forward statement of the product’s security capabilities, purpose and strengths Describe the functionality instead of the attacks Describe the functionality instead of the attacks Describe the security functionality relevant to the customer, not for self-defence Describe the security functionality relevant to the customer, not for self-defence Directly translate into positive Security Objectives Directly translate into positive Security Objectives

10th ICCC, 2009Policies vs Threats10 Example : Assumptions/Threats A.Process-Card – Dedicated security procedures are assumed to be established for the delivery of the TOE between the parties and for the protection of the TOE outside of the control of the Developer before the final delivery to the User. A.Process-Card – Dedicated security procedures are assumed to be established for the delivery of the TOE between the parties and for the protection of the TOE outside of the control of the Developer before the final delivery to the User. A.Secure-Key - The cryptographic keys generated outside the TOE are assumed to be reliable, secret and adequately protected from disclosure. A.Secure-Key - The cryptographic keys generated outside the TOE are assumed to be reliable, secret and adequately protected from disclosure. T.Logical_Attack – Since the TOE allows for software download, an attacker may attempt to use this capability to mount an attack against the TOE. T.Logical_Attack – Since the TOE allows for software download, an attacker may attempt to use this capability to mount an attack against the TOE. T.Eavesdropping – The TOE and its communication channels may be monitored and an attacker may attempt to inject data to mount an attack against the TOE. T.Eavesdropping – The TOE and its communication channels may be monitored and an attacker may attempt to inject data to mount an attack against the TOE. T.Physical_Probing – The TOE may be subjected to an attempt of a physical modification to bypass the protection. T.Physical_Probing – The TOE may be subjected to an attempt of a physical modification to bypass the protection. P.Access_controls - The Administrator can configure an access control policy that links the access control mechanisms with the TOE assets. P.Access_controls - The Administrator can configure an access control policy that links the access control mechanisms with the TOE assets. P.Mode - The Administrator sets up the TOE and switches it to the Operational Mode before delivering to the User. P.Mode - The Administrator sets up the TOE and switches it to the Operational Mode before delivering to the User.

10th ICCC, 2009Policies vs Threats11 Example : Policies P.Confidentiality - The TOE must provide means to protect the confidentiality of the stored assets. P.Confidentiality - The TOE must provide means to protect the confidentiality of the stored assets. P.Integrity - The TOE must provide means to protect the integrity of the stored assets. P.Integrity - The TOE must provide means to protect the integrity of the stored assets. P.TransferSecret - The TOE must provide means to protect the confidentiality of assets during transfer to and from the outside of TOE. P.TransferSecret - The TOE must provide means to protect the confidentiality of assets during transfer to and from the outside of TOE. P.TransferIntegrity - The TOE must provide means to protect the integrity of assets during transfer to and from the outside of TOE. P.TransferIntegrity - The TOE must provide means to protect the integrity of assets during transfer to and from the outside of TOE. P.Configure - The TOE must provide means to configure the level of protection for each of the assets. P.Configure - The TOE must provide means to configure the level of protection for each of the assets. P.Keys - The keys generated for the use by TOE must be secure. The keys for the use by TOE must be generated and handled in a secure manner. P.Keys - The keys generated for the use by TOE must be secure. The keys for the use by TOE must be generated and handled in a secure manner.

10th ICCC, 2009Policies vs Threats12 Attacks and resulting Threats? The lab is responsible for checking that the: The lab is responsible for checking that the: –product operates in a useful manner –claimed functionality operates in the stated environment –product remains secure under the known attacks The lab verifies all these things regardless of whether you include them into the Security Target The lab verifies all these things regardless of whether you include them into the Security Target Best concentrate on the product, not on trying to do the job of the evaluation lab Best concentrate on the product, not on trying to do the job of the evaluation lab

10th ICCC, 2009Policies vs Threats13 Effect of using Policies Security Target explains what the product does instead of what it does not do. Security Target explains what the product does instead of what it does not do. Security Target focuses on the security functionality for the customer, not on the security functionality of self-protection. Security Target focuses on the security functionality for the customer, not on the security functionality of self-protection. Security Target becomes more streamlined and easier to write, understand and evaluate. Security Target becomes more streamlined and easier to write, understand and evaluate. This approach fits perfectly with the “top-down” security design. This approach fits perfectly with the “top-down” security design. Ultimately reduces the cost of both preparation and evaluation Ultimately reduces the cost of both preparation and evaluation

Thank you! Albert Dorofeev General Manager Sony Secure Communications Europe

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.