Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Crown Copyright (2000) Module 2.4 Development Environment.

Published byAshton Price Modified over 10 years ago

Similar presentations

Presentation on theme: "© Crown Copyright (2000) Module 2.4 Development Environment."— Presentation transcript:

1 © Crown Copyright (2000) Module 2.4 Development Environment

2 You Are Here M2.1 Security Requirements M2.2 Development Representations M2.3 Functional Testing M2.4 Development Environment M2.5 Operational Environment M2.6 Vulnerability Analysis M2.7 Penetration Testing M2.8 Assurance Maintenance/Composition MODULE 2 - ASSURANCE

3 What is the DEA? Scope –TOE development, production and maintenance Contributes to Assurance by –providing confidence in TOE integrity Involves –examination of procedures and standards –site visits

4 Aspects Covered Configuration Management Development Environment Security Development Tools

5 Configuration Management Configuration System –prevention of unauthorised changes –acceptance procedures Configuration Items Automation

6 Development Environment Security Security Measures –Physical –Procedural –Personnel –Logical Integrity of TOE Confidentiality of Design

7 Development Tools Programming Languages –must be well defined –meaning of all statements unambiguous Selected implementation-dependent options documented –languages –compilers

8 Site Visits Objective - find out what actually happens Confirm documented procedures and measures followed Examine documentary evidence

9 ITSEC Requirements AspectE1E2E3E4E5E6 Version controlTOECL DEA visit 44444 Acceptance procedures 4444 Automated Tool Support 444 Rebuild TOE 444 Dependencies between CIs 44 Developers Security 4444 Languages & Compilers 4444

10 CC Requirements AspectEAL1EAL2EAL3EAL4EAL5EAL6EAL7 Version controlTOECL DEA visit 44444 Acceptance procedures 4444 Automated Tool Support 4444 Dependencies of CIs 44 Development Security 44444 Life-cycle model DEVSTD MES Tools & Techniques 4444

11 Lifecycle Model - 1 Life-cycle model must ensure adequate control over TOE development and maintenance Covers procedures, tools and techniques Intent is to minimise risk of introduction of security flaws

12 Lifecycle Model - 2 Examples Waterfall Model V Model Rapid Application Development (RAD)

13 Flaw Remediation Identify Flaws Documentation Resolution Assurance Maintenance

14 Evaluation Reporting Examination of documentation –show how & where requirements satisfied Site visits –development staff interviewed –evidence inspected –coverage of aspects

15 Summary Confidence in the TOE integrity Site visits –preparation the key –records Where does it fit ?

16 Further Reading ITSEC evaluation UK SP 05 Part III, Chapter 8 CC evaluation CC Part 1, Section 4.2.1 CC Part 3, Sections 2.6.1, 2.6.5, 8 and 12 CEM Part 2, Chapters 5-8 (ACM/ALC sections)

Download ppt "© Crown Copyright (2000) Module 2.4 Development Environment."

Similar presentations

© Crown Copyright (2000) Module 2.6 Vulnerability Analysis.

© Crown Copyright (2000) Module 2.6 Vulnerability Analysis.
Supporting further and higher education JISC VRE Programme Quality Planning 12/01/05.

Supporting further and higher education JISC VRE Programme Quality Planning 12/01/05.
© Crown Copyright (2000) Module 2.3 Functional Testing.

© Crown Copyright (2000) Module 2.3 Functional Testing.
16 August 2010© Crown Copyright (2010)1 Module 2.8 Assurance Continuity and Composition.

16 August 2010© Crown Copyright (2010)1 Module 2.8 Assurance Continuity and Composition.
© Crown Copyright (2000) Module 3.1 Evaluation Process.

© Crown Copyright (2000) Module 3.1 Evaluation Process.
Security Requirements

Security Requirements
© Crown Copyright (2000) Module 2.0 Introduction to Module 2.

© Crown Copyright (2000) Module 2.0 Introduction to Module 2.
© Crown Copyright (2000) Module 2.5 Operational Environment.

© Crown Copyright (2000) Module 2.5 Operational Environment.
Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
© Crown Copyright (2000) Module 3.2 Evaluation Management.

© Crown Copyright (2000) Module 3.2 Evaluation Management.
© Crown Copyright (2000) Module 2.7 Penetration Testing.

© Crown Copyright (2000) Module 2.7 Penetration Testing.
© Crown Copyright (2000) Module 2.2 Development Representations.

© Crown Copyright (2000) Module 2.2 Development Representations.
Software Quality Assurance Plan

Software Quality Assurance Plan
The New GMP Annex 11 and Chapter 4 Deadline for coming into operation: 30 June 2011.

The New GMP Annex 11 and Chapter 4 Deadline for coming into operation: 30 June 2011.
University of Tulsa - Center for Information Security Common Criteria Dawn Schulte Leigh Anne Winters.

University of Tulsa - Center for Information Security Common Criteria Dawn Schulte Leigh Anne Winters.
Software Quality Assurance Plan

Software Quality Assurance Plan
Enterprise Resource Planning

Enterprise Resource Planning
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
IT Security Evaluation By Sandeep Joshi

IT Security Evaluation By Sandeep Joshi
1 norshahnizakamalbashah-19112007- CEM v3.1: Chapter 10 Security Target Evaluation.

1 norshahnizakamalbashah CEM v3.1: Chapter 10 Security Target Evaluation.

Similar presentations

Ads by Google