An Overview of Common Criteria Protection Profiles María M. Larrondo Petrie, PhD March 26, 2004.

Slides:

Advertisements

Similar presentations

Security Requirements

Advertisements

Module 1 Evaluation Overview © Crown Copyright (2000)

University of Tulsa - Center for Information Security Common Criteria Dawn Schulte Leigh Anne Winters.

Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

Software Quality Assurance Plan

Chapter 16: Standardization and Security Criteria: Security Evaluation of Computer Products Guide to Computer Network Security.

Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.

Effective Design of Trusted Information Systems Luděk Novák,

The Common Criteria for Information Technology Security Evaluation

IT Security Evaluation By Sandeep Joshi

1 norshahnizakamalbashah CEM v3.1: Chapter 10 Security Target Evaluation.

The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.

Conformity Assessment Practical Implications InterAgency Committee on Standards Policy June 2007 Gordon Gillerman Conformity Assessment Advisor Homeland.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

October 3, Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.

Security Controls – What Works

8 November Common Criteria Protection Profiles and the NSA Strategy for Their Use Within the U.S. Department of Defense Louis.

COEN 351: E-Commerce Security Public Key Infrastructure Assessment and Accreditation.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

1 Integrating Information Security Into the Procurement Process for Large Systems MITRE © 2003 The MITRE Corporation. All rights reserved.

Stephen S. Yau CSE , Fall Evaluating Systems for Functionality and Assurance.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Stephen S. Yau CSE , Fall Security Strategies.

National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Gurpreet Dhillon Virginia Commonwealth University

SEC835 Database and Web application security Information Security Architecture.

Security models for medical and genetic information Eduardo B. Fernandez, María M. Larrondo Petrie, Tami Sorgente, Alvaro Escobar, and Andrei Bretan.

A Security Business Case for the Common Criteria Marty Ferris Ferris & Associates, Inc

Information Systems Security Computer System Life Cycle Security.

Chapter Three IT Risks and Controls.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Background. History TCSEC Issues non-standard inflexible not scalable.

Conformance Mark Skall Lynne S. Rosenthal National Institute of Standards and Technology

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Integrated Enterprise-wide Risk Management Protecting Critical Information Assets and Records FIRM Forum.

1 Common Criteria Ravi Sandhu Edited by Duminda Wijesekera.

Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.

10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.

Conformity Assessment Overview Nuclear Energy Standards Coordinating Collaborative November 2009 Gordon Gillerman Chief Standards Services Division National.

The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;

Certification and Accreditation CS Syllabus Ms Jocelyne Farah Mr Clinton Campbell.

CMSC : Common Criteria for Computer/IT Systems

TM8104 IT Security EvaluationAutumn CC – Common Criteria (for IT Security Evaluation) The CC permits comparability between the results of independent.

1 MISA Model Douglas Petry Manager Information Security Architecture Methodist Health System Managed Information Security.

1 Using Common Criteria Protection Profiles. 2 o A statement of user need –What the user wants to accomplish –A primary audience: mission/business owner.

1 Common Criteria Discussions CCSDS Security Working Group Fall 2007 Meeting 3-5 October 2007 ESA/ESOC, Darmstadt Germany (Hotel am Bruchsee, Heppenheim)

SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

Chapter 8: Principles of Security Models, Design, and Capabilities

Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University

The NIST Special Publications for Security Management By: Waylon Coulter.

CSCE 727 Awareness and Training Secure System Development and Monitoring.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 1: Why Study Information Security?

Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.

© ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance.

Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.

The Common Criteria for Information Technology Security Evaluation

BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.

Partnerships for VoIP Security VoIP Protection Profiles

Introduction to the Federal Defense Acquisition Regulation

AMI Security Roadmap April 13, 2007.

DRAFT ISO 10007:2017 Revision Overview Quality management – Guidelines for configuration management ISO/TC176 TG 01.

IT SECURITY EVALUATION ACCORDING TO HARMONIZED AND APPROVED CRITERIA

Presentation transcript:

An Overview of Common Criteria Protection Profiles María M. Larrondo Petrie, PhD March 26, 2004

Overview Common Criteria CC Information Assurance IATFF CC Protection Profiles –Structure –Development Tools Case Study – Role Based Access Control References

Common Criteria Common Criteria (CC) – replaces security criteria and processes used in the (14) common criteria countries with the goal that product evaluations conducted in one country would be accepted in other countries US entities involved in CC is National Information Assurance Partnership NIAP, a partnership between –National Institute of Standards and Technology NIST –National Security Agency NSA

Common Criteria: What is it? Common Criteria (CC) – catalog of criteria and a framework for organizing a subset of the criteria into security specification Who uses it? Common Criteria Product Vendors Certifiers EvaluatorsConsumersApprovers Accreditors Developers

Common Criteria Evolution of International Security Standards Orange Book (TCSEC) 1985 UK Confidence Levels 1989 German Criteria French Criteria Canadian Criteria CTCPEC) 1993 Federal Criteria (FC) Draft 1993 ITSEC 1991 Common Criteria V V V ISO International Standard

Common Criteria - Terminology PP - Protection Profile– implementation independent criteria SP - Security Profile– implementation dependent criteria TOE – Target of Evaluation – what you are describing – your product EAL – Evaluation Assurance Level – CC assurance levels – 7 hierarchical – EAL1thru EAL7 – EAL1 (least amount) CEM – Common Evaluation Method – set of steps for validating assurance requirements in an SP – Only addresses levels EAL1 through EAL4.

CC Protection Profile (PP) High-level expression of desired security properties (i.e. security environment, security objectives and security requirements) A mechanism to provide Consumers the ability to specify their security requirements Generic so multiple implementations may meet the stated requirements PP represents “I want” from giles.ppt

CC Security Target (ST) High-level expression of claimed security properties A mechanism to provide Vendors the ability to make claims regarding their security products Specific to an implementation ST represents “I provide”

IATFF What? A security guidance document developed by NSA’s ISSO organization with support from security advocates in government and industry Constraints? –Unclassified –Published on the Internet Primary Coordination forum? Information Assurance Technical Framework Forum (IATFF)

IATF Help government users become wiser consumers of implementing security solutions Assist industry in understanding the government’s needs and the nature of the desired solutions to these needs Focus Government and Industry investment resources on the security technology gaps

How does the Framework help Government Users? By describing their needs to the industry providers By “suggesting” the important characteristics of security solutions to different classes of problems By providing an assessment of the security technology available on the open market

Security Methodology Organizational Security Policy Risk Assessment Certification and Accreditation Non-TechnicalTechnical Security Countermeasures Life-Cycle Security Management Adversaries, Motivations, and Attacks National/ Service/Agency Policies, Regulations, Standards Mission Needs

National Policy NSTISSIC, NSTISSAM PeopleOperations GIG Policy GIG IA Policy & Implementation Guidance Technology GIG Architecture Services, Protocols, etc. Information Assurance Technical Framework Defend the Computing Environment Supporting Infrastructures Detect & Respond KMI/ PKI Executive Summaries, Protection Profiles Defend the Network & Infrastructure Defend the Enclave Boundary NIAP -Testing -Evaluation -Certification DITSCAP Certification and Accreditation process Intel Comm. DCID 6/3 Flow from Policy to Specification

People Operations Successful Mission Execution Information Assurance Technology Defense In Depth Strategy Defend the Computing Environment Supporting Infrastructures Defend the Enclave Boundary Detect & Respond KMI/PKI Defend the Network & Infrastructure How It’s Organized Central Change: Alignment with Defense-In-Depth NSF Chapter 5 “Security Solutions Framework” NSF Chapter 5 “Security Solutions Framework” Chapter 8 Chapter 7 Chapter 6 Chapter 5 IATF:

Today’s Framework Elements Information Assurance Technical Framework (IATF) Main Body Information Assurance Tutorial & General Guidance Executive Summaries Concise, Definitive Security Requirements For Specific Cases Protection Profiles Formal Common Criteria Documents for Defining Testable Requirements IATF Release 2.0, Figure 1-2, Composition of the IATF IATF Release 2.0, Figure 1-2, Composition of the IATF Appendix F: Case Specific Guidance (aka “executive summaries”) Appendix F: Case Specific Guidance (aka “executive summaries”) Appendix G: Protection Profiles Appendix G: Protection Profiles The “Document” Protection Profile for ______ Executive Summary for ______ User Situation & Need for Information Assurance Solution

IATF: Information Assurance Technical Framework Forum

IATF: Information Assurance Technical Framework Forum

Three Kinds of Protection Profiles DoD (COTS) Acquisition Protection Profiles –Developed To Become Binding Procurement Guidance for DoD –Must Be Achievable with Today’s Technology –May Be Accompanied by Additional Specification Data –Will Be Coordinated DoD-Wide by OSD –Ultimately “Owned” by OASD(C3I) Technology Goal Protection Profiles –Developed To Influence Development of New Technology –Focused on Future Needs or Implementations –“Owned” by NSA Specific Need Protection Profiles –Developed In Response to a Customer’s Specific Need –Subject to Customer Approval –“Owned” by the Customer

Common Criteria Protection Profile Common Criteria Protection Profile (CC PP) – an implementation independent statement of security requirements that is shown to address threats that exist in a specified environment A PP is appropiate when –Consumer group wishes to specify security requirements for an application type (e.g., electronic funds transfer) –Government wishes to specify security requirements for a class of security products (e.g., firewalls) –An organization wishes to purchase an IT system to address its security requirements (e.g., patient records for a hospital)

Contents of a Protection Profile PP Introduction –PP Identification –PP Overview Target of Evalustion (TOE) TOE Security Environment –Assumptions –Threats –Organizational security policies Security Objectives –Security objectives for the TOE –Security objectives for the environment IT Security Requirements –TOE Security Requirements Security functional req. Security assurance req. –Sec. reqs. for IT environment PP Application Notes Rationales –Security objectives rationale –Security requirements rational

What is in a PP Security Environment Defined –The TOE will be used in environments in which no higher than sensitive but unclassified information is processed, or the sensitivity level of information in both the internal and external networks is the same. Firewalls compliant provide access control policies, extensive auditing and a low level of assurance. Secure Usage Assumptions –Connectivity Assumptions Single entry point –Physical Assumptions Control of physical access –Personnel Assumptions Trustworthy Administrator

What is in a PP Organizational Security Policies Threats to Security –Threats Addressed by the TOE An unauthorized person may gain logical access to TOE Lack of audit trail Undetected penetration attempts –Threats to be Addressed by Operating Environment Hostile system administrator Sophisticated attacks on higher-level protocols Security Objectives Functional Security Requirements and Assurance

The CC Toolbox Information Assurance “TurboTax” design tool for: –Architects –System Engineers –Requirements Activities Focused on: –Application of the CC –Describing Security Features –Specifying Security Requirements –Drafting ST’s and PP’s

Registered Protection Profiles Sets of registered Protection Profiles exist at the following locations: – ndex.html – – – (currently being updated so I could not look up the list to see if it including what we are trying to propose) –

References [NIST, 2003] “Common Criteria for IT Security Evaluation: Common Language to Express Common Needs”, Computer Security Resource Center (CSRC), National Institute of Standards and Technology, created 12 November 2002, last updated 19 May 2003, “Common Criteria for Information Technology Security Evaluation, User Guide, CESG, UK and NIST, USA, Syntegra, October [Towns and Britton, 1999] Towns, M. and K. Britton. Protection Profile Development Workshop: Student Handbook, Ver. 2.0, NIAP/NIST, [Grainger 2000] Granger, G. Common Criteria Tools, Mitretek Systems, May 25, 2000.