Download presentation
Presentation is loading. Please wait.
Published bySpencer Bruce Modified over 9 years ago
1
Standards In The Evaluation Of IT Security Steve Randall & Scott Cadzow TC-MTS#39 20-21 October 2004 Sophia Antipolis 39TD025
2
12-Oct-04TC-MTS 39TD0252 Common Criteria Products offering security features always carefully evaluated (particularly by government bodies) Mid-90s, evaluation bodies got together to define a single set of evaluation requirements, the “Common Criteria (CC)” in ISO/IEC 15408 Part 1: Introduction and general model Part 2: Security functional requirements Part 3: Security assurance requirements Rapidly growing interest in security and evaluation within commercial world Key aspects of CC: Formal evaluation process Using trained evaluators International recognition of results
3
12-Oct-04TC-MTS 39TD0253 CC Terminology Protection Profile (PP) Abstract specification of required security functionality Security Target (ST) Concrete specification of a product providing required security functionality Target Of Evaluation (TOE) Actual product providing required security functionality
4
12-Oct-04TC-MTS 39TD0254 Standards and CC [1] CC generally used to evaluate product Communications products often incorporate implementations of standards Standards are rarely evaluated under CC The question for TISPAN: Can standards be written in a way that simplifies the evaluation of products implementing them?
5
12-Oct-04TC-MTS 39TD0255 Standards and CC [2] Protocol standards are spiritually close to PPs Specify implementation independent requirements Use formalized text to specify requirements (shall, may, should…) Use specification languages for design, validation and testing (SDL, UML, MSC, ASN.1, TTCN) Have traceability: Title Version numbering Change control
6
12-Oct-04TC-MTS 39TD0256 What is TISPAN Doing ? - Long Term - Providing guidance to standards developers on standards preparation To allow evaluation To achieve higher quality standards Introducing CC vocabulary Requirements stated in terms of ISO/IEC 15408 Part 2 Evaluation stated as a goal of standardisation
7
12-Oct-04TC-MTS 39TD0257 What is TISPAN Doing ? - Short Term – A guide to CC as it applies to standards Evaluation Assurance Levels (EALs) Functional requirements classes Evaluation classes Proforma for PP Guidance on preparing a standard for CC evaluation: Format Content Development process Proforma for ST Format and overview of developers’ responsibilities in preparing a product for evaluation
8
12-Oct-04TC-MTS 39TD0258 Evaluation Assurance Levels (EAL) EAL 1:Functionally tested EAL 2:Structurally tested EAL 3:Methodically tested and checked EAL 4:Methodically designed, tested and reviewed EAL 5:Semiformally designed and tested EAL 6:Semiformally verified design and tested EAL 7: Formally verified design and tested
9
12-Oct-04TC-MTS 39TD0259 CC Specification Structure Functional requirements and evaluation requirements categorized as Classes, Families and Components. Class Family Component
10
12-Oct-04TC-MTS 39TD02510 Functional Requirements Classes FAU:Security Audit FCO:Communication FCS:Cryptographic Support FDP:User Data Protection FIA:Identification and Authentication FMT:Security Management FPR:Privacy FPT:Protection of TOE Security Functions FRU:Resource Utilization FTA:TOE Access FTP:Trusted Paths and Channels
11
12-Oct-04TC-MTS 39TD02511 Example Families (FIA) FIA_AFL:Authentication Failures FIA_ATD:User Attributes Definition FIA_SOS:Specification Of Secrets FIA_USU:User Authentication FIA_UID:User Identification FIA_USB:User-Subject Binding
12
12-Oct-04TC-MTS 39TD02512 Assurance Classes APE:Protection Profile Evaluation ASE:Security Target Evaluation ACM:Configuration Management ADO:Delivery and Operation ADV:Development AGD:Guidance Documents ALC:Life Cycle Support ATE:Tests AVA:Vulnerability Analysis
13
12-Oct-04TC-MTS 39TD02513 Example Families (ADV) ADV_FSP:Functional Specification ADV_HLD:High-Level Design ADV_IMP:Implementation representation ADV_INT:TOE Security Function Internals ADV_LLD:Low-Level Design ADV_RCR:Representation Correspondence ADV_SPM:Security Policy Modelling
14
12-Oct-04TC-MTS 39TD02514 Protection Profile Although content similar, PP is written in a different way to a standard. It is, therefore: unlikely (and undesirable) that ETSI will change the style of its standards; unreasonable to expect ISO and the security community to change the way a PP is written; unrealistic to expect an evaluator to find all PP information in an ETSI standard (or multiple standards); inefficient to write out information twice (once in a standard and again in the PP). “PICS” approach adopted where information is summarized in a table which includes references to text rather than the text itself.
15
12-Oct-04TC-MTS 39TD02515 PP Header ETSI Protection Profile Introduction Doc No.VersionDate Full Title OverviewCopy the Scope clause here Description This should come directly from the first clause in the main body of the standard (clause 4?) which is likely to be a general introduction.
16
12-Oct-04TC-MTS 39TD02516 PP Security Environment aSecurity Environment (This section should summarize the Vulnerability Analysis) a.1Assumptions a.1.1Users are assumed to be suitably authorizedB.4.2 a.2Assets a.2.5Authentication keys7.5, B.8.1 a.3Threat agents a.3.2Unauthorized software applicationsB.9.1 a.4Threats a.4.8Unauthorized modification or destruction of an authentication keyB.9.5 a.5Security policies (OPTIONAL) a.5.3Common Criteria for Information Technology Security EvaluationISO/IEC 15408
17
12-Oct-04TC-MTS 39TD02517 PP Security Objectives bSecurity Objectives (Information likely to come from a different doc, e.g., Stage 1 or Stage 2) b.1Security objectives for the TOE b.1.1Users must be identified and authenticated on registrationEG 205 123 §5.4 b.2Security objectives for the environment b.2.1 The database of user registration information must be up ‑ to ‑ date EG 205 123 §5.6
18
12-Oct-04TC-MTS 39TD02518 PP Security Requirements cSecurity Requirements (Information should come directly from the security standard) c.1TOE security requirements c.1.1TOE security functional requirements c.1.1.7It shall be possible for a suitably authorized user to establish and modify the access rights of other users FDP_ACF.1.28.7 c.1.3TOE security assurance requirements c.1.3.1A TOE implementing this PP shall be evaluated at CC EAL4 ISO/IEC 15408 ‑ 3 c.2Environment security requirements (OPTIONAL) c.2.4User authentication data shall be protected during transmission through the network FDP_ETC.27.3
19
12-Oct-04TC-MTS 39TD02519 PP Additional Information dAdditional Information (OPTIONAL) eRationale Reference to a document or annex explaining how the selected security objectives and requirements counter the threats identified in the Vulnerability Analysis. It is probably a good idea to include the rationale in the Vulnerability Analysis.
20
Standards In The Evaluation Of IT Security 39TD025
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.