Copyright atsec information security, IBM, 2007 How To Eat A Mammoth Experiences With the Evaluation of Complex Software Products Under the Common Criteria.

Slides:

Advertisements

Similar presentations

Enabling Technology Innovation using Open Source Software

Advertisements

© Crown Copyright (2000) Module 3.1 Evaluation Process.

Module 1 Evaluation Overview © Crown Copyright (2000)

Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.

Information Security Level 2 – Sensitive© 2009 – Proprietary and Confidential Information of Amdocs Recommend Friends Program.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.

Effective Design of Trusted Information Systems Luděk Novák,

IT Security Evaluation By Sandeep Joshi

The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.

Mission: IMPOSSIBLE Diane R Brent, PMP IBM Linux Technology Center Poughkeepsie, NY ________.

Sarbanes Oxley & CMMI Mazars / Lamri

October 3, Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.

Dr. Julian Lo Consulting Director ITIL v3 Expert

1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.

Cathay Pacific Doing More with Less

School of Computing, Dublin Institute of Technology.

Quality is about testing early and testing often Joe Apuzzo, Ngozi Nwana, Sweety Varghese Student/Faculty Research Day CSIS Pace University May 6th, 2005.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

COMP8130 and 4130Adrian Marshall 8130 and 4130 Test Management Adrian Marshall.

EC Review – 01/03/2002 – G. Zaquine – Quality Assurance – WP12 – CS-SI – n° 1 DataGrid Quality Assurance Gabriel Zaquine Quality Engineer - WP12 – CS-SI.

National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.

Chapter 3 Software process Structure Chapter 3 Software process Structure Moonzoo Kim KAIST 1.

Release & Deployment ITIL Version 3

Copyright atsec information security, 2007 Bringing an Independent, Standards-Based Approach to Global IT Security Consulting and Product Evaluation Staffan.

Assurance Continuity: What and How? Nithya Rachamadugu September 25, 2007.

Smartcard Evaluation TM8104 – IT Security Evaluation Linda Ariani Gunawan.

A Security Business Case for the Common Criteria Marty Ferris Ferris & Associates, Inc

Test Organization and Management

Conformity Assessment and Accreditation Mike Peet Chief Executive Officer South African National Accreditation System.

 To explain the importance of software configuration management (CM)  To describe key CM activities namely CM planning, change management, version management.

1 © Quality House QUALITY HOUSE The best testing partner in Bulgaria.

ETICS2 All Hands Meeting VEGA GmbH INFSOM-RI Uwe Mueller-Wilm Palermo, Oct ETICS Service Management Framework Business Objectives and “Best.

Accelerating Development Using Open Source Software Black Duck Software Company Presentation.

EMI INFSO-RI SA2 - Quality Assurance Alberto Aimar (CERN) SA2 Leader EMI First EC Review 22 June 2011, Brussels.

Creator: ACSession No: 16 Slide No: 1Reviewer: SS CSE300Advanced Software EngineeringFebruary 2006 (Software Quality) Configuration Management CSE300 Advanced.

Lecture 15 Page 1 CS 236 Online Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Basic of Project and Project Management Presentation.

© 2014 IBM Corporation Are you using your degree? Barbara Neumann June 9, 2014.

Report on the Evaluation Function Evaluation Office.

1 Common Criteria Ravi Sandhu Edited by Duminda Wijesekera.

Copyright © 2009 Intel Corporation. All rights reserved. Intel, the Intel logo, Intel Education Initiative, and the Intel Teach Program are trademarks.

Implementing QI Projects Title I HIV Quality Management Program Case Management Providers Meeting May 26, 2005 Presented by Lynda A. O’Hanlon Title I HIV.

The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;

© M S GIS & Mapping Implementing GIS © M S GIS & Mapping Training and Information A Successful Project A Case Study - The Geo Pres Project To Finish a.

IRIS - International Railway Industry Standard The Quality Standard for the Railway Industry ACRI Prague, 2nd April 2008 Angela de Heymer Manager Quality.

Perttu Tolvanen Web & CMS Expert, Partner North Patrol Oy, Clash of the intranet CMSs SharePoint vs. Confluence vs. Liferay vs. Drupal.

Paul Hardiman and Rob Brown SMMT IF Planning and organising an audit.

CMSC : Common Criteria for Computer/IT Systems

Engineering e-Business Applications for Security DISCUSSANT GERALD TRITES, FCA, CA*IT/CISA.

On Demand Business © 2004 IBM Corporation Certification and Accreditation Sandra Jolla, Program Manager June 14, /10/04 IBM Certified for e-business.

TM8104 IT Security EvaluationAutumn CC – Common Criteria (for IT Security Evaluation) The CC permits comparability between the results of independent.

Safety Management System Implementation Michael Niels Thorsen Moscow 15 September 2005.

Presentation to ISSD Task Force INFORMATION SYSTEMS SECURITY DIVISION Reorganization Study Prepared: May 6, 1991 Revised: May 7, 1991.

1 Using Common Criteria Protection Profiles. 2 o A statement of user need –What the user wants to accomplish –A primary audience: mission/business owner.

François Josserand European Policies Research Centre (EPRC) University of Strathclyde Interregional cooperation Lessons from Nordic-Scottish projects.

The Marine Stewardship Council: A Multi- Stakeholder Fisheries Assessment Programme for Sustainable Fisheries Oluyemisi Oloruntuyi (MSC)

SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:

…. Innovative Approach. Strider InfoTech Overview We are fast paced, fast growing IT solution provider Started in 2005 Motto: To help our clients maintain.

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University

ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.

9 th International Common Criteria Conference Report to IEEE P2600 WG Brian Smithson Ricoh Americas Corporation 10/24/2008.

The standard solutions to improving environmental performance Vicki Gomersall, Product Manager.

Testing under the Agile Method CSCI 521 Software Project Management based on the book Testing Extreme Programming by Lisa Crispin and Tip House.

9th International Common Criteria Conference Report to IEEE P2600 WG

Introducing ISTQB Agile Foundation Extending the ISTQB Program’s Support Further Presented by Rex Black, CTAL Copyright © 2014 ASTQB 1.

Configuration management

The Grand Goal: One Evaluation Per Planet

Presentation transcript:

Copyright atsec information security, IBM, 2007 How To Eat A Mammoth Experiences With the Evaluation of Complex Software Products Under the Common Criteria Gerald Krummeck (atsec), Bill Penny (IBM)

Copyright atsec information security, IBM, 2007 Agenda  Our Experience  Challenges from complex systems  Evaluations under the Common Criteria  The influence of complexity  Strategies in mastering complexity  Summary

Copyright atsec information security, IBM, 2007 atsec‘s Experience  Evaluation Labs in Germany, USA, Sweden  More than half of all OS evaluations performed world-wide z/OS (IBM Mainframes) z/VM (IBM Mainframes) Linux (SuSE, Red Hat, Oracle) AIX Cray PR/SM, AIX LPAR  Databases IBM DB2 Oracle DB  Tivoli System Management Products

Copyright atsec information security, IBM, 2007 IBM‘s experience  ISO 9001 Certified since 1993  WW development organization US, Canada, Germany, Australia, US Mexico, Russia, China  Historically Independent  Long History of IT Management Project Management System Management Process Control  Large Complex Systems HW, SW New Function and Service Models  Support Largest WW Business Requirements High availability, security, integrity

Copyright atsec information security, IBM, 2007 Challenges from complex systems Dimensions of complexity in evaluations  Size of the product  Size of the TOE (what part will be evaluated)  Amount of security functions Protection Profiles  Depth of evaluation (EAL)  Global distribution of development Multi-national Large number of organisational units

Copyright atsec information security, IBM, 2007 Evaluation under Common Criteria Security Target Functional Specification High-Level Design Low-Level Design Implemen- tation Tests Vulnerability Analysis Guidance documentation Development Process (Life Cycle) Delivery and Operation Configuration Management Product Processes Security Policy Model Design Correspondence

Copyright atsec information security, IBM, 2007 Influence of Complexity  Simple Systems „Isolated“ evaluation possible Without knowledge of its origin and heritage Emphasis on design, test, guidance, vulnerability analysis  Complex Systems Cannot be fully investigated Need to find additional ways to establish assurance/trustworthiness Establish trust in the development process

Copyright atsec information security, IBM, 2007 Example: IBM z/OS Version 1Release 8  Size Several Millions LOC (Assembler, PL/X, C, Java) Over 30 years development history Over 300 Manuals ( pages) Over 630 Claims on security functions in the ST 10 development sites distributed globally  10 CM systems  Common Corporate Standards and Processes Toute la Gaule est occupée… Toute?

Copyright atsec information security, IBM, 2007 Interim Result  You cannot look at everything  But you don‘t need to Security functions can be located quite accurately and can be tested thoroughly Requires sufficient experience and product know-how of the evaluators  Development processes become very important  Build trust in the developer to comply with his duties for every piece that has not been scrutinized by the evaluators  Again: Evaluators need experience and product know-how: It is an illusion to assume that everybody can perform a good evaluation just by applying the CC methodology (not everybody can eat the mammoth without choking on it) Customers need to identify the right laboratory for them with evaluators skilled in their type of product

Copyright atsec information security, IBM, 2007 Strategies to master complexity  Not everything at once  How to eat the mammoth  Assistance  Site Certification

Copyright atsec information security, IBM, 2007 Not everything at once  Start modest Focus on core functionality Start with lower assurance level (EAL2 oder EAL3) Pro: Get your first certificate in due time Con: lower assurance level than competition  Example Linux: Start with EAL2, restrictive configuration Now EAL4, CAPP/LSPP, almost all packages included In between: write low-level design, add audit functions

Copyright atsec information security, IBM, 2007 Example z/OS  MVS: Orange Book B1 (in the mist of times…)  V1R6 – 2005 EAL3, CAPP+LSPP (multilevel security) Core functions: RACF, BCP, JES2, CS390, …  V1R7 – 2006 EAL4 Additional security functions  V1R8 – 2007 Major expansion of security functionality  V1R9 …

Copyright atsec information security, IBM, 2007 How to eat a Mammoth?  Bite by bite, of course!  Don‘t become intimidated by the size  Don‘t try to swallow it in one piece, either  Important factors: Experience Confidence Perseverance

Copyright atsec information security, IBM, 2007 Assistance  2 Teams from evaluation lab  Evaluators Working on-site with developers is beneficial Additional testers with product know-how  Consultants Help developer to gather evidence, prepare required documents Do not influence product itself or developer‘s decisions  Experienced certifiers help, too

Copyright atsec information security, IBM, 2007 Developer committment  Multi-year committment  Strong project management to coordinate all participating organizations  Strong technical leadership  „Divide and Conquer“ Strong leaders at distributed locations Educate, track, report Focus by area (ST, CM,HLD, Test)  Communicate with Evaluation Team Open, early and frequent discussions

Copyright atsec information security, IBM, 2007 Site Certification  Reduce complexity of the evaluation by reference to certification of sites  Idea Certify development process for one site Re-use certificate in all applicable evaluations  BSI tasked with development of site certification methodology  Since 2005 development and test of certification process  2006 first pilot certification  Acceptance in CC community  Still more experience needed.

Copyright atsec information security, IBM, 2007 Conclusion  Evaluation of complex products fits well in CC scheme  Medium to long term strategy (and committment!) Start modest Increase assurance level and functionality  Processes must fit  Find the right partner with experience and product know-how ITSEF and certification body

Copyright atsec information security, IBM, 2007 Questions, Comments