Lecture 15 Page 1 CS 236 Online Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Slides:



Advertisements
Similar presentations
Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.
Advertisements

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.
CS526Topic 22: TCSEC and Common Criteria 1 Information Security CS 526 Topic 22: TCSEC and Common Criteria.
Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.
The Common Criteria for Information Technology Security Evaluation
IT Security Evaluation By Sandeep Joshi
1 norshahnizakamalbashah CEM v3.1: Chapter 10 Security Target Evaluation.
Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.
The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.
The Security Analysis Process University of Sunderland CIT304 Harry R. Erwin, PhD.
Secure Operating Systems Lesson 0x11h: Systems Assurance.
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
COEN 351: E-Commerce Security Public Key Infrastructure Assessment and Accreditation.
Lesson 1-What Is Information Security?. Overview History of security. Security as a process.
Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Evaluating Systems Information Assurance Fall 2010.
Updates on Korean Scheme IT Security Certification Center, National Intelligence Service The 8 th ICCC in Rome, Italy.
ITEC224 Database Programming
Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.
ISO 9000 & TOTAL QUALITY ISO 9000 refers to a group of quality assurance standards established by the International Organization for Standardization.This.
Background. History TCSEC Issues non-standard inflexible not scalable.
1 Common Criteria Ravi Sandhu Edited by Duminda Wijesekera.
Lecture 13 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 16 Page 1 CS 136, Fall 2012 Evaluating System Security CS 136 Computer Security Peter Reiher November 27, 2012.
Lecture 9 Page 1 CS 236 Online Assurance of Trusted Operating Systems How do I know that I should trust someone’s operating system? What methods can I.
CMSC : Common Criteria for Computer/IT Systems
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 18 Page 1 CS 136, Fall 2010 Evaluating System Security Web Security CS 136 Computer Security Peter Reiher December 2, 2010.
Security fundamentals Topic 2 Establishing and maintaining baseline security.
1 Using Common Criteria Protection Profiles. 2 o A statement of user need –What the user wants to accomplish –A primary audience: mission/business owner.
Lecture 2 Page 1 CS 236 Online Prolog to Lecture 2 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
1 Common Criteria Discussions CCSDS Security Working Group Fall 2007 Meeting 3-5 October 2007 ESA/ESOC, Darmstadt Germany (Hotel am Bruchsee, Heppenheim)
SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:
Lecture 4 Page 1 CS 111 Online Modularity and Virtualization CS 111 On-Line MS Program Operating Systems Peter Reiher.
Lecture 17 Page 1 CS 236 Online Prolog to Lecture 17 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang1 A Comparison of Commercial and Military Computer Security Policies Authors:
Lecture 14 Page 1 CS 111 Summer 2013 Security in Operating Systems: Basics CS 111 Operating Systems Peter Reiher.
Lecture9 Page 1 CS 236 Online Operating System Security, Con’t CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University
Lecture 3 Page 1 CS 236 Online Security Mechanisms CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 10 Page 1 CS 111 Online Memory Management CS 111 On-Line MS Program Operating Systems Peter Reiher.
Lecture 4 Page 1 CS 111 Online Modularity and Memory Clearly, programs must have access to memory We need abstractions that give them the required access.
1 Chapter 2 SW Process Models. 2 Objectives  Understand various process models  Understand the pros and cons of each model  Evaluate the applicability.
Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 5: Security Architecture and Models.
Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.
Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.
Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.
The Common Criteria for Information Technology Security Evaluation
Outline Basic concepts in computer security
Outline What if your task isn’t writing secure code?
Evaluating Existing Systems
Evaluating Existing Systems
Official levels of Computer Security
Evaluating Program Security
Evaluating System Security Computer Security Peter Reiher May 31, 2016
HART Technologies Process Overview
Evaluating Program Security
Assurance of Trusted Operating Systems
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Evaluating Program Security
Presentation transcript:

Lecture 15 Page 1 CS 236 Online Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Lecture 15 Page 2 CS 236 Online Evaluating Program Security What if your task isn’t writing secure code? It’s determining if someone else’s code is secure –Or, perhaps, their overall system How do you go about evaluating code or a working system for security?

Lecture 15 Page 3 CS 236 Online Secure System Standards Several methods proposed over the years to evaluate system security Meant for head-to-head comparisons of systems –Often operating systems, sometimes other types of systems –Usually for HW/SW, not working systems

Lecture 15 Page 4 CS 236 Online Some Security Standards U.S. Orange Book Common Criteria for Information Technology Security Evaluation There were others we won’t discuss in detail

Lecture 15 Page 5 CS 236 Online The U.S. Orange Book The earliest evaluation standard for trusted operating systems Defined by the Department of Defense in the late 1970s Now largely a historical artifact

Lecture 15 Page 6 CS 236 Online Purpose of the Orange Book To set standards by which OS security could be evaluated Fairly strong definitions of what features and capabilities an OS had to have to achieve certain levels Allowing “head-to-head” evaluation of security of systems –And specification of requirements

Lecture 15 Page 7 CS 236 Online Orange Book Security Divisions A, B, C, and D –In decreasing order of degree of security Important subdivisions within some of the divisions Required formal certification from the government (NCSC) –Except for the D level

Lecture 15 Page 8 CS 236 Online Why Did the Orange Book Fail? Expensive to use Didn’t meet all parties’ needs –Really meant for US military –Inflexible Certified products were slow to get to market Not clear certification meant much –Windows NT was C2, but that didn’t mean NT was secure in usable conditions Review procedures tied to US government

Lecture 15 Page 9 CS 236 Online The Common Criteria Modern international standards for computer systems security Covers more than just operating systems –Other software (e.g., databases) –Hardware devices (e.g., firewalls) Design based on lessons learned from earlier security standards Lengthy documents describe the Common Criteria

Lecture 15 Page 10 CS 236 Online Common Criteria Approach The CC documents describe –The Evaluation Assurance Levels (EAL) 1-7, in increasing order of security The Common Evaluation Methodology (CEM) details guidelines for evaluating systems PP – Protection Profile –Implementation-independent set of security requirements

Lecture 15 Page 11 CS 236 Online Another Bowl of Common Criteria Alphabet Soup TOE – Target of Evaluation TSP – TOE Security Policy –Security policy of system being evaluated TSF – TOE Security Functions –HW, SW used to enforce TSP ST – Security Target –Predefined sets of security requirements

Lecture 15 Page 12 CS 236 Online What’s the Common Criteria About? Highly detailed methodology for specifying : 1.What security goals a system has? 2.What environment it operates in? 3.What mechanisms it uses to achieve its security goals? 4.Why anyone should believe it does so?

Lecture 15 Page 13 CS 236 Online How Does It Work? Someone who needs a secure system specifies what security he needs –Using CC methodology –Either some already defined PPs –Or he develops his own He then looks for products that meet that PP –Or asks developers to produce something that does

Lecture 15 Page 14 CS 236 Online How Do You Know a Product Meets a PP? Dependent on individual countries Generally, independent labs verify that product meets a protection profile In practice, a few protection profiles are commonly used Allowing those whose needs match them to choose from existing products

Lecture 15 Page 15 CS 236 Online Status of the Common Criteria In wide use Several countries have specified procedures for getting certifications –Some agreements for honoring other countries’ certifications Many products have received various certifications

Lecture 15 Page 16 CS 236 Online Problems With Common Criteria Expensive to use Slow to get certification –Certified products may be behind the market Practical certification levels might not mean that much –Windows 2000 was certified EAL4+ –But kept requiring security patches... Perhaps more attention to paperwork than actual software security –Lower, commonly used EALs only look at process/documentation, not actual HW/SW

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.