Presentation is loading. Please wait.

Presentation is loading. Please wait.

BSI activities in developing PPs and the BSI-PP/ST-Guide Bundesamt für Sicherheit in der Informationstechnik / Federal Office for Information Security.

Published byHollie Stokes Modified over 10 years ago

Similar presentations

Presentation on theme: "BSI activities in developing PPs and the BSI-PP/ST-Guide Bundesamt für Sicherheit in der Informationstechnik / Federal Office for Information Security."— Presentation transcript:

1 BSI activities in developing PPs and the BSI-PP/ST-Guide Bundesamt für Sicherheit in der Informationstechnik / Federal Office for Information Security ICCC September 2007 Frank Grefrath

2 Frank Grefrath September 2007 Slide 2 Agenda  BSI-activities in PP-certification  Introduction of the PP “Digitales Wahlstift-System, V. 1.0.1“  Introduction of the BSI-PP/ST-Guide

3 Frank Grefrath September 2007 Slide 3 Recently certified PPs in BSI-CC-Scheme  BSI-PP-0031-2007: “Protection Profile Digitales Wahlstift- System, V. 1.0.1“  The PP defines the minimum requirements for IT-security of systems for technical assistance in elections on the basis of a digital election pen  BSI-PP-0034-2007: “Mobile Synchronisation Services Protection Profile, V. 1.1”  The purpose of such a system is to provide secure remote access of mobile users (e.g. using a PDA) to e-mail or PIM (personal information management) services located in a company’s intranet

4 Frank Grefrath September 2007 Slide 4 Recently certified PPs in BSI-scheme  BSI-PP-0035-2007: „Security IC Platform Protection Profile” (Update of BSI-PP-0002-2001)  The defined TOE is a smartcard integrated circuit which is composed of a processing unit, security components, I/O ports (contact-based and/or contactless) and volatile and non-volatile memories (hardware)  Different PPs for the German electronic health systems are currently under evaluation

5 Frank Grefrath September 2007 Slide 5 Protection Profile for a digital election system System Overview  A digital election system which is compliant to the PP serves for electronic assistance in complex elections  The voter makes his votes with a digital pen on a special kind of paper  The camera of the pen records his votes and then the data is transferred to a PC  There the data is analysed, the votes are counted automatically and a protection against manipulation of the election result is generated

6 Frank Grefrath September 2007 Slide 6 Protection Profile for a digital election system Motivation / Benefit  Voting takes place in a familiar way for the voter making crosses with a pen on paper  Vote counting can be carried out much faster and easier  Typical failures in manual counting can be avoided  In cases of doubt the electronic election result can be controlled by manually counting the paper ballots  Complex elections can be conducted without great manpower requirements

7 Frank Grefrath September 2007 Slide 7 Protection Profile for a digital election system Main IT-Security Features  Recording the votes on the paper ballots with the pen  Transferring the election data to a PC via USB  Storing the data on the PC without being traceable to the voter  Analysing the votes and dividing them into valid, doubtable and invalid votes  Judging of the doubtable votes by the scrutineers  Automatic calculation of the election result  Generation and display of a proof of origin  Logging of security relevant events

8 Frank Grefrath September 2007 Slide 8 Protection Profile for a digital election system Physical Boundaries of the TOE  Hardware: Digital election pens and docking stations  Firmware: Firmware of the digital election pen  Recording the marks on the paper  Software: TOE application software for  Controlling the pens  Storing of the election data during the election  Judging and counting the votes  Generating a proof of origin  Logging security relevant events

9 Frank Grefrath September 2007 Slide 9 Protection Profile for a digital election system TOE Security Environment  The PP contains assumptions covering the following aspects:  Usage assumptions resulting from the German election law  Trustworthy and carefully working administrators and scrutineers  Correctly and securely configured PC platform  The TOE counters the following threats:  Disclosure of election data and protocol data  Disturbance and manipulation of the technical procedures  Unrealised manipulation of the election pen and the election result  Successful tracing between election data and voter

10 Frank Grefrath September 2007 Slide 10 Protection Profile for a digital election system General Regulations  Validity: Valid until June 30 th, 2008  CC Assurance level: EAL 3  Combined evaluation:  EAL3-CC-certification by the BSI  Approval by the Physikalisch Technische Bundesanstalt according to the German election law with source code analysis and emission measurement

11 Frank Grefrath September 2007 Slide 11 BSI PP/ST-Guide Introduction  CC, Version 3.1  Intended audience for the guide:  PP/ST-readers, with less or without CC-knowledge  PP/ST-writers  Evaluators, certifiers

12 Frank Grefrath September 2007 Slide 12 BSI PP/ST-Guide Structure of the guide  What is the purpose of PPs/STs? Which role does a PP play when purchasing a product?  Reading PPs/STs  Writing of PPs in two different methods  Stove-piping method  Explanation method  Writing of STs

13 Frank Grefrath September 2007 Slide 13 BSI PP/ST-Guide Stove-Piping-Method  Procedure:  Determine which SFRs for the TOE and which security objectives for the operational environment are desired  Create a single security objective for the TOE for each SFR  Create an OSP for each security objective for the TOE  Create an assumption for each security objective for the operational environment  Write the remaining chapters (PP introduction and conformance claims)

14 Frank Grefrath September 2007 Slide 14 BSI PP/ST-Guide Stove-Piping-Method  Advantages:  Simple and fast method to write a PP  The PP almost automatically meets many of the requirements of the APE-class  Disadvantages:  The question why the TOE implements the description of the PP is not answered  The PP merely states on three different levels (TOE security environment, security objectives, SFRs) “This is what the TOE does.”

15 Frank Grefrath September 2007 Slide 15 BSI PP/ST-Guide Explanation Method - Overview  Focus is lying on deriving the various items in a PP, rather than simply stating them.  Procedure (part 1):  Write the conformance claims  Analyse the OSPs  Analyse the threats  Derive the security objectives for the TOE and the operational environment including the security objectives rationale

16 Frank Grefrath September 2007 Slide 16 BSI PP/ST-Guide Explanation Method - Overview  Procedure (part 2):  Derive the SFRs including the Security Requirements Rationale  Define the SARs and explain why you have chosen them  Write the PP introduction

17 Frank Grefrath September 2007 Slide 17 BSI PP/ST-Guide Explanation Method - Analysing the SPD  Analysing the OSPs  Laws, rules, practices or guidelines  Analysing the threats  Question for definition: What happens when I don't have a TOE?  What are the assets to be protected?  What are the adverse actions?  Who are the threat agents?  Assumptions will not be defined

18 Frank Grefrath September 2007 Slide 18 BSI PP/ST-Guide Explanation Method - Deriving the objectives  Deriving the security objectives for the TOE and the operational environment  Purpose:  Providing a high-level, natural language solution of the problem  Building a bridge between the threats and OSPs on one side, and the SFRs on the other side  Three questions:  Where will the TOE be placed and can it be physically attacked there?  What is the purpose of the TOE?  How is the TOE managed?

19 Frank Grefrath September 2007 Slide 19 BSI PP/ST-Guide Explanation Method - Deriving the SFRs  Deriving the SFRs  Not yet worked out, but will be added in the next version  Considered approach:  Short introducing statement to CC Part 2  Different examples for each functional class  Possibly more detailed explanations to certain aspects like the definition of access control policies, information flow policies or an I&A policy

20 Frank Grefrath September 2007 Slide 20 BSI PP/ST-Guide Publication  The Guide is currently developed by the BSI in a project  Upon completion the Guide will be published on the BSI homepage: http://www.bsi.de

21 Frank Grefrath September 2007 Slide 21 Contact Bundesamt für Sicherheit in der Informationstechnik (BSI) / Federal Office for Information Security Godesberger Allee 185-189 53175 Bonn Frank Grefrath Tel: +49 (0)228-9582-5838 Fax: +49 (0)228-9582-5477 Frank.Grefrath@bsi.bund.de

Download ppt "BSI activities in developing PPs and the BSI-PP/ST-Guide Bundesamt für Sicherheit in der Informationstechnik / Federal Office for Information Security."

Similar presentations

PROGRESS User Committee Meeting, December 11, 20021 On the Fundamental Design Gap in Complex Systems Mark Verhappen Piet van der Putten.

PROGRESS User Committee Meeting, December 11, On the Fundamental Design Gap in Complex Systems Mark Verhappen Piet van der Putten.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Software Quality Assurance Plan

Software Quality Assurance Plan
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.
Mobile Marketing in Practice

Mobile Marketing in Practice
Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.

Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.
Effective Design of Trusted Information Systems Luděk Novák,

Effective Design of Trusted Information Systems Luděk Novák,
Policies vs Threats by Albert Dorofeev, Sony Corporation 10 th International Common Criteria Conference, 2009.

Policies vs Threats by Albert Dorofeev, Sony Corporation 10 th International Common Criteria Conference, 2009.
IT Security Evaluation By Sandeep Joshi

IT Security Evaluation By Sandeep Joshi
1 norshahnizakamalbashah-19112007- CEM v3.1: Chapter 10 Security Target Evaluation.

1 norshahnizakamalbashah CEM v3.1: Chapter 10 Security Target Evaluation.
German Research Center for Artificial Intelligence Protection Profile for Central Requirements for Online Voting German Research Center for Artificial.

German Research Center for Artificial Intelligence Protection Profile for Central Requirements for Online Voting German Research Center for Artificial.
1 Software Requirement Analysis Deployment Package for the Basic Profile Version 0.1, January 11th 2008.

1 Software Requirement Analysis Deployment Package for the Basic Profile Version 0.1, January 11th 2008.
July 11 th, 2005 Software Engineering with Reusable Components RiSE’s Seminars Sametinger’s book :: Chapters 16, 17 and 18 Fred Durão.

July 11 th, 2005 Software Engineering with Reusable Components RiSE’s Seminars Sametinger’s book :: Chapters 16, 17 and 18 Fred Durão.
Chapter 3: System design. System design Creating system components Three primary components – designing data structure and content – create software –

Chapter 3: System design. System design Creating system components Three primary components – designing data structure and content – create software –
Introduction to Databases

Introduction to Databases
1 Terrie Diaz/ James Arnold 27 September 2007 Threats, Policies, and Assumptions in the Common Criteria What is the target of evaluation anyhow?

1 Terrie Diaz/ James Arnold 27 September 2007 Threats, Policies, and Assumptions in the Common Criteria What is the target of evaluation anyhow?
Creating Architectural Descriptions. Outline Standardizing architectural descriptions: The IEEE has published, “Recommended Practice for Architectural.

Creating Architectural Descriptions. Outline Standardizing architectural descriptions: The IEEE has published, “Recommended Practice for Architectural.
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Computer Security: Principles and Practice

Computer Security: Principles and Practice

Similar presentations

Ads by Google