Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005.

Slides:



Advertisements
Similar presentations
RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
Advertisements

Security Requirements
Module 1 Evaluation Overview © Crown Copyright (2000)
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Software Quality Assurance Plan
Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.
Thoughts on Technology Issues for Small Business Implementing Technical Safeguards to support Your Policies.
Security and Personnel
Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.
Effective Design of Trusted Information Systems Luděk Novák,
IT Security Evaluation By Sandeep Joshi
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Auditing Computer Systems
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
Security Controls – What Works
Information Security Policies and Standards
1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.
Information Systems Security Officer
NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Computer Security: Principles and Practice
First Practice - Information Security Management System Implementation and ISO Certification.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Stephen S. Yau CSE , Fall Security Strategies.
Session 3 – Information Security Policies
Fraud Prevention and Risk Management
S.ICZ Frantisek Vosejpka The enforcement of NATO INFOSEC requirements into the policy and architecture of CISs CATE 2003 Brno,
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
QUALITY MANAGEMENT SYSTEM ACCORDING TO ISO
Approaches for forest certification System versus performance ? Presentation prepared by Pierre Hauselmann for the WWF / WB Alliance Capacity building.
SEC835 Database and Web application security Information Security Architecture.
1 Autumn 2008 TM8104 IT Security Evaluation Guide on the production of Protection Profiles Karin Sallhammar Q2S/NTNU 29/11/2003 Reference: ISO/IEC TR
The Key Process Areas for Level 2: Repeatable Ralph Covington David Wang.
1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.
Introduction to Software Quality Assurance (SQA)
Information ITIL Technology Infrastructure Library ITIL.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
UNCLASSIFIED DITSCAP Primer. UNCLASSIFIED 1/18/01DITSCAP Primer.PPT 2 DITSCAP* Authority ASD/C3I Memo, 19 Aug 92 –Develop Standardized C&A Process DODI.
1 Common Criteria Ravi Sandhu Edited by Duminda Wijesekera.
The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;
FOURTH EUROPEAN QUALITY ASSURANCE FORUM "CREATIVITY AND DIVERSITY: CHALLENGES FOR QUALITY ASSURANCE BEYOND 2010", COPENHAGEN, NOVEMBER IV FORUM-
Georgia Institute of Technology CS 4320 Fall 2003.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Common Criteria V3 Overview Presented to P2600 October Brian Smithson.
CMSC : Common Criteria for Computer/IT Systems
Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.
QUALITY MANAGEMENT STATEMENT
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:
Version 02U-1 Computer Security: Art and Science1 Correctness by Construction: Developing a Commercial Secure System by Anthony Hall Roderick Chapman.
Risk Identification and Risk Assessment
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University
ROMANIA NATIONAL NATURAL GAS REGULATORY AUTHORITY Public Service Obligations in Romanian Gas Sector Ligia Medrea General Manager – Authorizing, Licensing,
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.
Security Development Lifecycle (SDL) Overview
CS457 Introduction to Information Security Systems
IS4550 Security Policies and Implementation
IS4680 Security Auditing for Compliance
HIPAA Security Standards Final Rule
IS4680 Security Auditing for Compliance
Engineering Processes
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005

2 Introduction usage of Common Criteria (CC) compliance with Higher Level Security Policy legal requirements / principles (CZ Act #148/98) organization security requirements Life Cycle Definition of the entire IS (planning, development, implementation, approval, operation, further development and withdrawal) solution of respective Security Areas (personal security, physical security, cryptographic information protection, administrative security and organizational measures) Certification / Approval to operate The security design of an IS handling classified information requires:

3 Preliminary/Expert IS Security Design and Risk Analysis Identify the scope of the IS an existing IS or newly designed IS (with preliminary or expert security architecture) The IS architecture should be based on User Operational Requirements Security Requirements Risk Analysis (assets, threats, vulnerabilities, countermeasures, …)

4 Example

5 IS Security Design The “IS Security Design” as such must include the necessary security requirements and be eligible for evaluation. This implies: the IS Security Design is made within the structure prescribed for the Security Target by CC; the Design follows the risk analysis results; threats must be covered by the CC requirements and additional higher level security policy requirements; separate security requirements for the TCB and border devices; for each security technology determine a consistent range of security functional and security assurance requirements; necessary IT products conforming to the set requirements may be chosen on the market or developed.

6 Security ObjectiveDescriptionISBorder O.I&A user’s unique Identification and Authentication prior to granting access … Yes O.RESIDUAL_INFO…Yes O.DOMAIN_SEPARATION…Yes O.INFORMATION_FLOW…Yes O.SELF_PROTECT_NODE…Yes O.DEFENCE_IN_DEPTH…Yes O.ANTIVIR…Yes etc. IT Security Objectives Assumptions, Organizational Security Policies, Threats to Security… IS Description - Security Objectives

7 Non-IT Security Objectives Security ObjectiveDescription O.INSTALLATION Procedures for delivery, installation, administration and operation must be established. … O.VERIFICATION Ensure that security implementation is verified … prior to the approval to operate classified information O.IS_LIVE_CYCLE The IS life cycle stages and rules are established for both the IS operator and supplier’s environments O.TRUST_APL_SW Only trusted application SW, free from malicious codes and causing no failures, will be installed etc. IS Description - Security Objectives

8 Objectives of IS Security Environment Security ObjectiveDescription OE.PHYSICAL_SEC All the personnel responsible for the IS must ensure that the security-critical components of the IS are protected against a physical attack … OE.PERSONAL_SEC The personal security requirements must be met (i.e. CZ Act #148/1998) OE.DOCUMENT_SEC Departmental administrative security is pursued according to NSA Directive #137/2003 OE.NO_EVIL_USERS etc. OE.INCIDENT_REACT etc. IS Description - Security Objectives

9 IS Security Functional Requirements (SFR) IS Security Functional Requirements CC IDFunctional component Security audit (FAU) FAU_GEN.1 … see CC FAU_GEN.2 … see CC etc. Extended functional requirements (FEX) FEX_RPL.1 Secure data replication between the distributed IS components FEX_WAR.1 Warning to the user about the legal implications of unauthorized system use FEX_ANV.1 Antivirus protection etc.

10 IS Security Functional Requirements (SFR) IS Internal Security Environment Requirements Class IDFunctional component Physical Security (FPH) FPH_SAR.1Assets being placed in a security area FPH_SAR.2Servers and interface devices separated from users FPH_SAR.3Cryptographic devices separated from the other assets Personnel Security (FPE) FPE_CLE.1Personal Clearance Certificate FPE_ASS.1Need-to-Know assignment FPE_ASS.2Assignment for the role in IS management FPE_ASS.3External Organization and Contractor assignment Document Security (FDS) … Border Protection (FBP) … Organizational Measures (FOR) …

11 IS Security Assurance Requirements (SAR) The security assurance requirements should be established differently for each IT product: TCB - EAL3 suffices for IT in an IS with “system-high” security mode of operation; Antivirus – selected on the basis of practical operational experience, i.e. reliability and good performance in terms of prevention, detection and remediation; Border – EAL is required for border security devices and components depending on the level of the ISs being interconnected (EAL4 for Restricted and Limited levels); Crypto – The products used for cryptographic protection of classified information requires appropriate NSA certificate; Good and strong commercial crypto device or SW suffice for cryptographic protection of the LIMITED information.

12 IS Specification Summary IS Security Functions - Locations of Security Mechanisms on HW components ComputerDomain W2KW2K AVAV ATAT DADA CGCG CDCD SSBSSB Working StationAllXX DC ServerAllX Servers (Apl, DB)AllXXX DA ServerAllXX R-CG ServerRestrictXXXX L-CG ServerLimitedXXX SSBAllX CS - Comm. stationWANXX X – Security mechanism is located on the computer

13 IS Specification Summary - Allocation of Functional Requirements to Security Mechanisms CC ID or Extended ID W2KAVATDACGCDSSBEnv FAU_GEN.1XXXXXXX FAU_GEN.2XXXX FAU_SAA.2XX etc. FEX_RPL.1 X FEX_VAR.1 X FEX_ANV.1 X etc. FPH_SAR.1 X etc., …X

14 IS Specification Summary Measures for realization of IS Security Assurance Requirements EAL3 requirements are applied to W2K (actually W2K complies with EAL4 Augmented) EAL3 requirements are applied to the IS environment EAL4 requirements are applied to the DA, CG and SSB special SW The additional requirements are applied to the certified crypto-device and a commercial crypto-device - Security Assurance Requirements mapping (the same way as Functional Requirements in the previous chart)

15 Rationale all threats and organizational policies have been covered by at least one IT, non-IT or environment Security Objective, and these are sufficient to deal with them; all Security Objectives (for IT, non-IT and environment) have been covered by the Security Functional Requirements (SFR) and the Security Assurance Requirements (SAR); the SFR and the SAR are capable of covering the requirements for overall IS security. The rationale includes commercial certified and non-certified components, newly developed components and those for the cryptographic protection; The rationale demonstrates the completeness of the security target implementation. The last section provides a review of Vulnerabilities and the level of Residual Threats which they are exposed to.

16 Selection and Development of Products for IS Selection of commercial products the Security Target and a Certificate the certificate is not required for products with lower demands for guarantees (reliable products verified by practice) Development of new products on the basis of written document “Requirements for Product Development” IS implementation requires products which comply with the above specified SFR and SAR The Certification Authority issues a certificate for the entire IS on the basis of the test results and the evaluation of all the IS security components.

17 Conclusion The solution presented in this article suggests possible procedures in using the Common Criteria when designing a complex IS. This procedure makes it possible to break down the overall security requirements into partial domains and technologies and shows the way to the development of necessary secure IT products.

Thank you for attention František VOSEJPKA CIS Security consultant S.ICZ a.s.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.