IT Security Evaluation By Sandeep Joshi

Slides:



Advertisements
Similar presentations
Security Requirements
Advertisements

Module 1 Evaluation Overview © Crown Copyright (2000)
Configuration management
University of Tulsa - Center for Information Security Common Criteria Dawn Schulte Leigh Anne Winters.
Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
ANSI/ASQ E Overview Gary L. Johnson U.S. EPA
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #18-1 Chapter 18: Evaluating Systems Goals Trusted Computer System Evaluation.
4/28/20151 Computer Security Security Evaluation.
CS526Topic 22: TCSEC and Common Criteria 1 Information Security CS 526 Topic 22: TCSEC and Common Criteria.
Chapter 16: Standardization and Security Criteria: Security Evaluation of Computer Products Guide to Computer Network Security.
Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.
Effective Design of Trusted Information Systems Luděk Novák,
The Common Criteria for Information Technology Security Evaluation
1 norshahnizakamalbashah CEM v3.1: Chapter 10 Security Target Evaluation.
Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.
The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 10 – Trusted Computing.
An Overview of Common Criteria Protection Profiles María M. Larrondo Petrie, PhD March 26, 2004.
Security Models and Architecture
Secure Operating Systems Lesson 0x11h: Systems Assurance.
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
1 Lecture 8 Security Evaluation. 2 Contents u Introduction u The Orange Book u TNI-The Trusted Network Interpretation u Information Technology Security.
Security Controls – What Works
COEN 351: E-Commerce Security Public Key Infrastructure Assessment and Accreditation.
Software Project Transition Planning
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Stephen S. Yau CSE , Fall Evaluating Systems for Functionality and Assurance.
Lecture 13: Security Control Issues Wayne Patterson SYCS 654 Spring 2010.
Configuration Management
Fraud Prevention and Risk Management
Comparison between Family of PPs and PP with Packages Brian Smithson and Ron Nevo.
Gurpreet Dhillon Virginia Commonwealth University
Assurance Continuity: What and How? Nithya Rachamadugu September 25, 2007.
1 Autumn 2008 TM8104 IT Security Evaluation Guide on the production of Protection Profiles Karin Sallhammar Q2S/NTNU 29/11/2003 Reference: ISO/IEC TR
Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005.
A Security Business Case for the Common Criteria Marty Ferris Ferris & Associates, Inc
IS 2620: Developing Secure Systems Assurance and Evaluation Lecture 8 March 15, 2012.
Evaluating Systems Information Assurance Fall 2010.
ISA 562 Internet Security Theory & Practice
Lecture 15 Page 1 CS 236 Online Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Background. History TCSEC Issues non-standard inflexible not scalable.
1 Common Criteria Ravi Sandhu Edited by Duminda Wijesekera.
Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.
The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;
CMSC : Common Criteria for Computer/IT Systems
ECE Prof. John A. Copeland fax Office: GCATT Bldg.
TM8104 IT Security EvaluationAutumn CC – Common Criteria (for IT Security Evaluation) The CC permits comparability between the results of independent.
Specific Safety Requirements on Safety Assessment and Safety Cases for Predisposal Management of Radioactive Waste – GSR Part 5.
Proposed Privacy Taxonomy for IOT Scott Shorter, Electrosoft, These slides are based on work contributed to the IDESG Use Case AHG in January.
Security fundamentals Topic 2 Establishing and maintaining baseline security.
1 Using Common Criteria Protection Profiles. 2 o A statement of user need –What the user wants to accomplish –A primary audience: mission/business owner.
Verification Formal Verification & Formal Evaluation Derived from Purdue: Cerias.
SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:
TM8104 IT Security EvaluationAutumn Evaluation - the Main Road to IT Security Assurance CC Part 3.
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University
CSCE 727 Awareness and Training Secure System Development and Monitoring.
Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 5: Security Architecture and Models.
1 Security Architecture and Designs  Security Architecture Description and benefits  Definition of Trusted Computing Base (TCB)  System level and Enterprise.
Computer Security Introduction
Introduction for the Implementation of Software Configuration Management I thought I knew it all !
The Common Criteria for Information Technology Security Evaluation
Ch.18 Evaluating Systems - Part 2 -
Official levels of Computer Security
Software Reviews.
IT SECURITY EVALUATION ACCORDING TO HARMONIZED AND APPROVED CRITERIA
Presentation transcript:

IT Security Evaluation By Sandeep Joshi Common Criteria Common Criteria IT Security Evaluation By Sandeep Joshi Sandeep Joshi Southern Methodist University

Southern Methodist University List of Terms… Term Meaning CC Common Criteria (Official ISO name is Evaluation Criteria for Information Technology Security) Class Grouping of families that share a common focus Component Smallest selectable set of elements Evaluation Assurance Level (EAL) A package consisting of assurance components that represents a point on CC predefined assurance scale Family A grouping of components that share security objective but may differ in emphasis Sandeep Joshi Southern Methodist University

Southern Methodist University List of Terms… Term Meaning Organizational Security Policy One or more security rules, procedures, practices or guidelines imposed by organization upon its operations Package A reusable set of either functional or assurance components, combined together to satisfy set of security policies Protection Profile (PP) An implementation independent set of security requirements Security Target A set of security requirements and specification to be used as a basis for evaluation of identified TOE Semi-Formal Expressed in a restricted syntax language with defined semantics Sandeep Joshi Southern Methodist University

Southern Methodist University List of Terms Term Meaning Target Of Evaluation An IT product or system and its associated administrator and user guidance documentation, that is the subject of evaluation TOE Resource Anything consumable or usable in TOE TOE Security Function (TSF) A set consisting of all hardware, software and firmware of the TOE that must be relied upon for the correct enforcement of TSP TOE Security Policy (TSP) A set of rules that regulate how assets are managed, protected and distributed within a TOE Trusted Channel A means by which a use and a TSF can communicate with necessary confidence to support TSP Sandeep Joshi Southern Methodist University

Southern Methodist University Common Criteria History… Originated out of three standards ITSEC (Information Technology Security Evaluation Criteria) European Standard, developed in early 1990s, by UK, France, the Netherlands, and Germany TCSEC (Trusted Computer System Evaluation Criteria) Widely known as “Orange Book” Sandeep Joshi Southern Methodist University

Southern Methodist University History… TCSEC (Trusted Computer System Evaluation Criteria) Issued by United States Government National Computer Security Council, as DoD standard 5200.28-STD, December 1985 CTCPEC (Canadian Trusted Computer Product Evaluation Criteria) Sandeep Joshi Southern Methodist University

Southern Methodist University History… First Draft (Version 1.0) was published in January 1996 for comments Version 2.0 was published in 1998, and was accepted by ISO as an Final Committee Draft (FCD) document Version 2.0 became ISO standard sometime in June 1999 with minor, mostly editorial modifications. Sandeep Joshi Southern Methodist University

Southern Methodist University History Two versions of CCs were released since then… Version 2.1 was released in August 1999, and now accepted as ISO-15408 standard Version 2.2, the newest version, released this year (2004). Sandeep Joshi Southern Methodist University

Southern Methodist University Why should we use the CC? What support does CC have? What guarantees do CC-certified/validated products provide? Where should we start, if we want to achieve CC-certificate/validation for our product? Sandeep Joshi Southern Methodist University

What support does CC have?.. National security and standards organizations within Canada, France, Germany, Netherlands, UK and USA worked in collaboration to replace their existing security evaluation criteria (SEC) Sandeep Joshi Southern Methodist University

What support does CC have? Acceptance by ISO will ensure that CC rapidly becomes the world standard for security specification and evaluation Wider choice for evaluated products for consumers Greater understanding of consumer requirements Greater access to markets for developers Sandeep Joshi Southern Methodist University

What guarantees products will provide? A sound basis for confidence that security measures are appropriate to meet a given threat and that they are correctly implemented Quantifies/measures the extent to which security has been assessed Includes an assurance scale, called as Evaluation Assurance Level (EAL) Sandeep Joshi Southern Methodist University

Southern Methodist University Who could be affected? Developers Vendors Common Criteria Accreditors Certifiers Approvers Evaluators Consumers Sandeep Joshi Southern Methodist University

Southern Methodist University What is CC? Overview Building Blocks Security and Functional Requirements Security Assurance Requirements Protection Profiles (PP) Security Targets (ST) Sandeep Joshi Southern Methodist University

Southern Methodist University Overview… Consumer Developer Evaluator Introduction and General Model For background and reference purposes Security Functional Requirements Guidance for formulating statement of requirements Reference when interpreting statements of functional requirements Mandatory to determine if product meets requirements Security Assurance Requirements Guidance formulating level of assurance Reference interpreting assurance requirements Sandeep Joshi Southern Methodist University

Southern Methodist University Overview Sandeep Joshi Southern Methodist University

Southern Methodist University Building Blocks… Security Functional Requirements Grouped into 11 classes Members of each class shares common focus, but differ in emphasis Audit, Cryptographic Support, Communication, User Data Protection, Identification and Authentication, Security Management, Privacy, Protection of TOE security functions, Resource Utilization, TOE Access, Trusted Path/Channels Sandeep Joshi Southern Methodist University

Southern Methodist University Building Blocks Audit class contains 6 families dealing with various aspects of auditing data generation, analysis, event storage etc. Each family contains one or more components Audit data generation has 2 components 1 dealing with generation of audit records 2 dealing with association of user with auditable event Sandeep Joshi Southern Methodist University

Security Assurance Requirements… Grouped into Classes  Families  Components In all 8 basic classes and two special classes for PPs and STs Configuration Management, Guidance Documents, Vulnerability Assessment, Delivery and Operation, Life Cycle Support, Assurance Maintenance, Development, Tests Sandeep Joshi Southern Methodist University

Security Assurance Requirements… Provides 7 predefined assurance packages Known as Evaluation Assurance Levels (EAL) Raising scale of assurance From EAL1 to EAL7 Sandeep Joshi Southern Methodist University

Security Assurance Requirements… EAL1: Functionally Tested Provides evaluation of product as made available to user Independent testing against specification Examination of guidance documents EAL2: Structurally Tested Applicable where developer/user need low  moderate level of assurance For example, legacy systems EAL3: Methodically Tested and Checked Provides analysis supported by “gray box” testing Selective confirmation of test results Sandeep Joshi Southern Methodist University

Security Assurance Requirements… EAL4: Methodically Designed, Tested and Reviewed Low level analysis of design, and subset of implementation Independent search for vulnerability EAL5: Semi-formally Designed and Testes Analysis of complete implementation Supplemented by formal model Semiformal presentation of functional model, and high level design Search for vulnerability must ensure resistance etc Sandeep Joshi Southern Methodist University

Security Assurance Requirements EAL6: Semi-formally Verified design and Tested Analysis with modular and layered approach to design and implementation Plus EAL5 and lower level testing EAL7: Formally Verified design and Tested Evaluation of formal model with, formal presentation of formal specification Evidence of “white-box” testing Sandeep Joshi Southern Methodist University

Southern Methodist University Protection Profiles… What is Protection Profile? Essentially an implementation independent statement of security requirements that is shown to address threats that exists in a specified environment Sandeep Joshi Southern Methodist University

Southern Methodist University Protection Profiles… What it contains? Introduction  PP Identification, PP Overview TOE Description TOE Security Environment  Assumptions, Threats, Organizational Security Policies Security Objectives  For TOE, For Environment IT Security Requirements  TOE Security Requirements Functional Assurance  Security Requirements for IT environment PP Application Notes Rationale  Objectives, Requirements Sandeep Joshi Southern Methodist University

Southern Methodist University Protection Profiles When would you want a PP? When setting standards for particular product type A government wishes to specify security requirements for a class of security products, like firewalls, etc. Or, a firm needs an IT system that addresses its security issues Sandeep Joshi Southern Methodist University

Southern Methodist University Security Targets… What is Security Target? A basis against which evaluation is performed Contains security threats, objectives, requirements, summary specification of functions and assurance measures When is ST Needed? When submitting product for evaluation Sandeep Joshi Southern Methodist University

Southern Methodist University Security Targets… What are the contents of ST Document? Introduction  ST Identification, ST Overview, CC conformance TOE Description TOE Environment  Assumptions, Threats, Organizational Security Policies Security Objectives  For TOE, For environment IT Security Requirements  TOE Security Requirements  Functional, Assurance  Security Requirements for IT environment TOE Summary Specification TOE Security Function, Assurance Measures PP Claims  PP Reference, PP Refinement, Additions Rationale Security Objective Rationale Security Requirements Rationale TOE Summary Specification PP Claims Rationale Sandeep Joshi Southern Methodist University

Southern Methodist University Reference http://csrc.nist.gov/cc/ Sandeep Joshi Southern Methodist University

Southern Methodist University Questions!!! Sandeep Joshi Southern Methodist University