1 A Common-Criteria Based Approach for COTS Component Selection Wes J. Lloyd Colorado State University Young Researchers Workshop (YRW) 2004.

Slides:

Advertisements

Similar presentations

University of Tulsa - Center for Information Security Common Criteria Dawn Schulte Leigh Anne Winters.

Advertisements

Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.

Test Automation Success: Choosing the Right People & Process

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

Software Quality Assurance Plan

1 Software Processes A Software process is a set of activities and associated results which lead to the production of a software product. Activities Common.

CS487 Software Engineering Omar Aldawud

The software process A software process is a set of activities and associated results which lead to the production of a software product. This may involve.

Information Security of Embedded Systems : Design of Secure Systems Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Effective Design of Trusted Information Systems Luděk Novák,

IT Security Evaluation By Sandeep Joshi

1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.

June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #18-1 Chapter 18: Introduction to Assurance Overview Why assurance? Trust and.

- 1 - Component Based Development R&D SDM Theo Schouten.

National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.

Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.

 1. Introduction  2. Development Life-Cycle  3. Current Component Technologies  4. Component Quality Assurance  5. Advantages and Disadvantages.

Gurpreet Dhillon Virginia Commonwealth University

Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005.

Quality Assurance for Component- Based Software Development Cai Xia (Mphil Term1) Supervisor: Prof. Michael R. Lyu 5 May, 2000.

A Security Business Case for the Common Criteria Marty Ferris Ferris & Associates, Inc

1 IBM Software Group ® Mastering Object-Oriented Analysis and Design with UML 2.0 Module 1: Best Practices of Software Engineering.

Chapter 2 The process Process, Methods, and Tools

1 A Disciplined Security Specification for a High- Assurance Grid by Ning Zhu, Jussipekka Leiwo, and Stephen John Turner Parallel Computing Centre Distributed.

-Nikhil Bhatia 28 th October What is RUP? Central Elements of RUP Project Lifecycle Phases Six Engineering Disciplines Three Supporting Disciplines.

Business Analysis and Essential Competencies

1 ISA&D7‏/8‏/ ISA&D7‏/8‏/2013 Systems Development Life Cycle Phases and Activities in the SDLC Variations of the SDLC models.

What is a life cycle model? Framework under which a software product is going to be developed. – Defines the phases that the product under development.

©Ian Sommerville 2000, Mejia-Alvarez 2009 Slide 1 Software Processes l Coherent sets of activities for specifying, designing, implementing and testing.

Topic (1)Software Engineering (601321)1 Introduction Complex and large SW. SW crises Expensive HW. Custom SW. Batch execution.

SCSC 311 Information Systems: hardware and software.

 CS 5380 Software Engineering Chapter 2 – Software Processes Chapter 2 Software Processes1.

Background. History TCSEC Issues non-standard inflexible not scalable.

What is a Business Analyst? A Business Analyst is someone who works as a liaison among stakeholders in order to elicit, analyze, communicate and validate.

Systems Design Approaches The Waterfall vs. Iterative Methodologies.

1 Common Criteria Ravi Sandhu Edited by Duminda Wijesekera.

The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;

Lecture 7: Requirements Engineering

Assessing the influence on processes when evolving the software architecture By Larsson S, Wall A, Wallin P Parul Patel.

21-22 May 2004IMPROQ 2004 / Impact of SW Processes on Quality Workshop 1 Quality for Components: Component and Component- Based Software Quality Issues.

Information Systems Engineering. Lecture Outline Information Systems Architecture Information System Architecture components Information Engineering Phases.

Summary of Distributed Computing Security Yifeng Zou Georgia State University

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

CMSC : Common Criteria for Computer/IT Systems

Systems Analysis and Design in a Changing World, Fourth Edition

Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.

TM8104 IT Security EvaluationAutumn CC – Common Criteria (for IT Security Evaluation) The CC permits comparability between the results of independent.

Capturing the requirements  Requirement: a feature of the system or a description of something the system is capable of doing in order to fulfill the.

1 Common Evaluation Methodology for IT Security Part 2: Evaluation Methodology chapter 5-8 Marie Elisabeth Gaup Moe 06/12/04.

Database Administration

SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:

TM8104 IT Security EvaluationAutumn Evaluation - the Main Road to IT Security Assurance CC Part 3.

 Many models have been proposed to deal with the problems of defining activities and associating them with each other  The first model proposed was the.

Cooperation & Interoperability Architecture & Ontology.

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

Lectures 2 & 3: Software Process Models Neelam Gupta.

Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University

Cmpe 589 Spring Fundamental Process and Process Management Concepts Process –the people, methods, and tools used to produce software products. –Improving.

Slide #18-1 Introduction to Assurance CS461/ECE422 Fall 2008 Based on slides provided by Matt Bishop for use with Computer Security: Art and Science.

Security Functional Requirements Kashif Imran. Overview Common Criteria Protection Profiles Security Objectives Security Requirements Security Functional.

The Common Criteria for Information Technology Security Evaluation

Ch.18 Evaluating Systems - Part 2 -

Identify the Risk of Not Doing BA

Software Processes (a)

2006 Annual Research Review & Executive Forum

THE ORANGE BOOK Ravi Sandhu

CS310 Software Engineering Lecturer Dr.Doaa Sami

Quality Assurance for Component-Based Software Development

Presentation transcript:

1 A Common-Criteria Based Approach for COTS Component Selection Wes J. Lloyd Colorado State University Young Researchers Workshop (YRW) 2004

2 Component-Based Software Development  Component Based Software Development (CBSD) –Develop software by integrating existing (COTS) Components to implement functional requirements of the system being developed  Components vs. Components off the shelf (COTS)  CBSD Promises: –High Quality, Feature Rich Software –Reduced System Development Time –Lower Development Costs

3 CBSD Challenges  Components sometimes do not –Meet Basic System Requirements –Meet Future System Requirements  Poor selection of components can decrease: –System Maintainability –System Reliability –System Security

4 Need for Component Security  Government and Commercial Software Developers are motivated to use CBSD techniques –Develop and deliver software faster –Use security functions provided by preexisting components and frameworks  Problem –Secure Components are desired –Must ensure integrity and confidentiality of data exposed to components

5 Component Selection Problem  Best component must be selected from component candidates in order to fulfill system requirements  Existing Selection Processes only poorly consider the evaluation of non-functional requirements. [1]  Security requirements are primarily classified as non-functional requirements. [2]  Problem: Existing CBSE component selection processes only loosely specify how to evaluation security of components.

6 Common Criteria (CC) for IT Security Evaluation  Standards Document providing criteria for security specification and evaluation of software systems  The CC provides: –A hierarchically organized set of standard security requirements –A hierarchically organized set of security assurance/evaluation activities –A process for system security evaluation

7 Common Criteria Security Requirements  Reusable Security Requirements organized in a hierarchical manner –Classes Group of families which focus on specific areas of security Families Grouping of components sharing security objectives –Components Related sets of security requirements Component elements Individual Security Requirements

8 Common Criteria Security Classes  Security Audit (FAU): Logging  Communication (FCO): Identification of parties, repudiation  Cryptographic Support (FCS): Cryptography  User Data Protection (FDP): Access control  Identification and Authentication (FIA)  Security Management (FMT): System security & mgmt.  Privacy (FPR): Anonymity, psuedonymity  Protection of the system security functions (FPT)  Resource Utilization (FRU): Utilization limitations  System Access (FTA): Access/connection limits  Trusted path/channels (FTP): Secure channels, sockets

9 Evaluation Assurance Levels (EALs)  CC defines (7) EALs –Each subsequent level specifies additional evaluation activities. –Evaluation level is achieved by conducting additional assessment activities with increasing scope, depth, and rigor at each subsequent level EAL1: Functionally Tested EAL2: Structurally Tested EAL3: Methodically Tested and Checked EAL4: Methodically Designed, Tested, and Reviewed EAL5: Semi formally designed and tested EAL6: Semi formally verified, designed, and tested EAL7: Formally verified, designed, and tested

10 Evaluation Assurance Activities D- Developer, C- Document Assessment, E- Evaluator Activities

11 Common Criteria Evaluation Process

12 Component Security  Research Goal –Determine if the Common Criteria for IT systems can be applied to define security requirements and evaluate security attributes of (COTS) components for use in component based systems? –Does such an approach aid component selection, component security specification and evaluation?

13 Common Criteria Based Selection Process  Step 0: System High Level Design –Specify Component Architecture –Consider evaluation of component architectures/frameworks based on security requirements  Step 1: Component Requirements Definition –Generate a Security Target (ST) document to elicit security requirements for the desired COTS component Use CC Security Requirements

14 Common Criteria Based Selection Process (2)  Step 2: Component Search –Conduct search by identifying claims of support for identified requirements (security and general requirements) in product brochures, features lists, and documentation. –If no components are found: ST could be revised to have less stringent security requirements Abandon Search, Develop Component from scratch

15 Common Criteria Based Selection Process (3)  Step 3: Component Evaluation –Perform full or partial EAL Level 1 evaluation on the candidate components –Partial evaluation can reduce time/cost Suggested order of activities to rapidly eliminate candidates: –ADV_FSP: Functional Specification and documentation evaluation –ADV_RCR Evaluation of the representation correspondence to functional requirements –ATE_IND independent testing –AGD_ADM Administrator Guidance –AGD_USR User Guidance –ACM_CAP CM Capabilities –ADO_IGS Installation, generation, and start-up

16 Common Criteria Based Selection Process (4)  Step 3: Component Evaluation… –Halt evaluation activities when only one appropriate component remains –If multiple candidates exist after EAL Level 1 evaluation Revise ST to include more rigorous security requirements -OR- Perform EAL Level 2 evaluation Repeat process until an appropriate component is identified  Step 4: Component Selection  Step 5: Component Operation

17 Common Criteria Based Selection Process (5) System High Level Design Component Evaluation Component Requirements Definition: Create ST Component Search Component Selection Integrate and Operate Component Abort Search – Develop Component

18 Process Application Example  Consider a component based system –CBS needs to provide data encryption service  An off-the-shelf component to provide data encryption service is desired

19 Process Application Example  Step 0: –The high level design specifies Java as the language of implementation. –The component based system will consist of distributed client nodes which communicate with each other over an open network channel. –Encryption must be used to protect data. –The component must provide an implementation to the Java Encryption Extension (JCE)

20 Process Application Example (2)  Step 1: Generate an Security Target (ST) document

21 Process Application Example (3)  Step 2: A search initially identifies (4) candidate components: –RSA Bsafe –IAIK-JCE –Is Networks Provider –Logi.crypto  Step 3: A partial EAL level 1 assessment evaluates the (4) candidate components eliminating those which fail to provide security functions as specified by the ST. –As needed the ST can be adjusted after first assessment cycle, or a full EAL level 1 could be conducted

22 Process Application Example (4)  In this basic example all of the candidate components met initial security requirements defined in the ST.  Enhancing the requirements was required to eliminate candidate components

23 Future Work  CHALLENGE: An Empirical evaluation of software development processes is very difficult –Consider complexities of scientifically evaluating various software processes: The Waterfall Model The Spiral Model eXtreme Programming  Conduct an exploratory investigation applying the CC-based selection process to investigate research questions –Identify Specific areas to narrow research –Identify opportunities for science

24 Future Work  Exploratory Investigation – Research Questions –Does the CC-based selection process provide advantages over existing processes or ad hoc approaches for COTS Selection, COTS Security Specification, and COTS Security Evaluation? –What difficulties are encountered: specifying security requirements, evaluating component security? –Which evaluation activities provide the least/most information regarding COTS functionality? Which are time consuming? –What effort is required to train developers on the use of the process? Which parts of the process are difficult to understand and apply?

25 Future Work  Integrate enhancements to the selection process based on lessons learned from exploratory investigations  Consider enhancements to the selection process by introducing the use of formal decision making techniques such as the weighted sum metric (WSM) and the Analytic Hierarchy Process (AHP)  Develop Protection Profiles (PPs) for common COTS Components –PPs are reusable sets of CC security requirements for common systems. –PPs are already used to define common sets of security requirements for systems.

26 References 1. Ruhe, G., Intelligent Support for Selection of COTS Products, in Proceedings of the Net.Object Days 2002, Erfurt, Springer, 2003, pp Franz, E., Pohl, C., Towards Unified Treatment of Security and Other Non-Functional Properties, In proceedings of the 2004 AOSD Technology for Application-Level Security Workshop, AOSD 2004, Lancaster, UK, ISO/IEC (1999) Common Criteria for Information Technology Security Evaluation, v 2.1, Nat’l Inst. Standards and Technology, Washington, DC, August 1999, 4. Han, J., Zheng, Y., Security Characterization and Integrity Assurance for Component-Based Software, in proceedings of the international conference on Software Methods and Tools (SMT 2000), Wollongong, NSW Australia, pp , 2000.

27 Questions / Suggestions