Clasifica las historias pensamiento flexible inflexible auto r mabel freixes
Background. History TCSEC Issues non-standard inflexible not scalable.
-
Upload
maude-carroll -
Category
Documents
-
view
220 -
download
0
Transcript of Background. History TCSEC Issues non-standard inflexible not scalable.
Background
1985 TCSEC USA
1991 ITSEC Europe(France, Germany,Netherlands, UK)
1993 CTCPEC Canada
1993 FC(draft) USA
History
June 1993 All collaborate onCommon Criteria
January 1996 Version 1.0
October 1997 Version 2.0 Beta
June 1999 ISO 15408/version 2.1
TCSEC Issues
• non-standard
• inflexible
• not scalable
The Global Information Grid (GIG) and the Common Criteria (CC)
Global Information Grid•Clinger-Cohen Act of 1996 (reference (d)) and Title 10, U.S.C., Section 2223 (reference (a))•All DoD and Intelligence Community Computers
Information Assurance G&PM:5.2.20. Consult the IA Technical Framework (IATF) and published Common Criteria (CC) Protection Profiles for guidance regarding common classes of network and system attacks, interoperability and compatibility with the defense-in-depth strategy, and IA solutions that should be considered tocounter attacks.
5.2.21. Acquire IA solutions that have been evaluated using the CommonCriteria Evaluation and Validation Scheme based on the National InformationAssurance Program (NIAP) process.
NIAP - Collaboration between NIST and NSA for security evaluation
Common Criteria Sections
I. Introduction and General Model
II. Security Functional Requirements
III. Security Assurance Requirements
I. Introduction and General Model
• Defines general concepts and principals of IT security evaluation.
• Provides constructs for defining and selecting security objectives
• Provides guidelines for writing high-level specifications
II. Security Functional Requirements
• Provides functional components
III. Security Assurance Requirements
• Provides assurance requirements
• Evaluation Criteria of PP and ST
• Provides evaluation levels with a predefined scale (EAL’s)
Common Criteria
I. Introduction and General Model
I. Introduction and General Model
Definitions-
Target of Evaluation (TOE) — An IT product or system and its associated administrator and user guidance
documentation that is the subject of an evaluation.
Protection Profile (PP) — An implementation-independent set of security requirements for a category of TOEs that
meet specific consumer needs.
Security Target (ST) — A set of security requirements and specifications to be used as the basis for evaluation of an identified TOE.
I. Introduction and General Model
Protection Profiles
• Operating System
• Firewall
• Database
• Smart Card
• etc.
I. Introduction and General Model
Security Targets
• NT 4.0
• Oracle 8
• Checkpoint-1
• Visa SmartCard
• etc.
Requirements Structure
•Class
•Family
•leveling-specifies if components are hierarchic
•Component
•dependencies-other components that are relied upon
Requirements Structure
CLASS_FAMILY.Component
Class FIA-Identification and authentication
Family FIA_UID-User Identification
Component FIA_UID.1-Timing of Identification
Common Criteria
II. Security Functional Requirements
II. Security Functional Requirements
Level Example
Class Cryptographic Support
Family Cryptographic Key Management
Component Cryptographic Key Generation
Hierarchy of Security Functional Requirements
II. Security Functional RequirementsSecurity Functional Component•Dependencies
-Components rely on other components for satisfaction•Operations
-Iteration-Assignment:
FAU_ARP.1.1 The TSF shall take [assignment: list of the least disruptive actions]
upon detection of a potential security violation.
-Selection: FAU_GEN.1.1 The TSF shall be able to generate an audit record of the following
auditable events: a) Start-up and shutdown of the audit functions; b) All auditable events for the [selection: minimum, basic, detailed, not specified] level of audit;
-Refinement
ClassFAUFCOFCSFDPFIAFMTFPRFPTFRUFTAFTP
NameAuditCommunicationsCryptographic SupportUser Data ProtectionIdentification & AuthenticationSecurity ManagementPrivacyProtection of TOE Security FunctionsResource UtilizationTOE AccessTrusted Path / Channels
Security Functional Classes
II. Security Functional Requirements
Common Criteria
III. Security Assurance Requirements
III. Security Assurance Requirements
Definitions-
Package — A reusable set of either functional or assurance components (e.g. an EAL), combined together to satisfy a
set of identified security objectives.
Evaluation Assurance Level (EAL) — A package consisting of assurance components from Part 3 that represents a point on the CC predefined assurancescale.
III. Security Assurance Requirements
Level Example
Class Delivery and Operation
Family Delivery
Component Detection of modification
Hierarchy of Security Assurance Requirements
ClassACMADOADVAGDALCATEAVAAPEASEAMA
NameConfiguration ManagementDelivery & OperationDevelopmentGuidance DocumentsLife Cycle SupportTestsVulnerability AssessmentProtection Profile EvaluationSecurity Target EvaluationMaintenance of Assurance
III. Security Assurance RequirementsSecurity Assurance Classes
III. Security Assurance Requirements
EAL Level Rough TCSECequivalent
Features
EAL1 N/A Functionally tested
EAL2 C1 Structurally testedGood commercial practice
EAL3 C2 Methodically testedProactive security design
EAL4 B1 Methodically designed, tested, and checkedMaximum assurance without specialized knowledgeLikely maximum for security retrofit
EAL5 B2 Semiformally designed and testedIncludes covert channel analysisDevelopment environment controls
EAL6 B3 Semiformally verified design and testedStructured development processModular and layered design
EAL7 A1 Formally verified design
Evaluation Assurance Levels
Current Certified Protection Profiles
• C2 =Controlled Access Protection Profile (Version 1.d)
• B1=Labeled Security Protection Profile (Version 1.b)
• Traffic Filter Firewall Protection Profile for Low Risk Environments (Version 1.d)
Controlled Access Protection Profile (CAPP)
• Version 1.d
• Written by NSA
• Designed to replace C2
C2 vs CAPPC2 Sections CAPP Sections2.2.1 Security Policy 5.2 User Data Policy2.2.2 Accountability 2.2.2.1 Identification and
Authorization5.3 Identification and
Authorization 2.2.2.2 Audit 5.1 Security Audit
2.2.3 Assurance
2.2.3.1 Operational Assurance 5.5.15.5.3
Abstract Machine TestingDomain Seperation
2.2.3.2 Life-Cycle Assurance 6.6.3 Functional Testing2.2.4 Documentation 2.2.4.1 Security Feature User's
Guide6.4.2 User Guidance
2.2.4.2 Trusted Facility Manual 6.4.1 Administrator Guidance 2.2.4.3 Test Documentation 6.6 Security Testing 2.2.4.4 Design Documentation 6.3 Development
New Items in CAPP
5.1 Security Audit-lists 19 auditable events•All modifications to the values of security attributes•Actions taken due to audit storage failure
5.3.2 Strength of Authentication Data•Single guess has less than 1/1,000,000 chance•Multiple attempts in one minute have less than 1/100,000 chance
5.4 Security Management-specifies requirements and roles.
6.2 Delivery and Operation
Labeled Security Protection Profile(LSPP)
• Version 1.b
• Developed by NSA
• Designed to replace B1
B1 vs LSPPB1 Section LSPP Section2.1.1 Security Policy 5.2 User Data Policy3.1.2 Accountability 3.1.2.1 Identification and
Authorization5.3 Identification and
Authorization 3.1.2.2 Audit 5.1 Security Audit
3.1.3 Assurance
3.1.3.1 Operational Assurance 5.5.15.5.3
Abstract Machine TestingDomain Seperation
3.1.3.2 Life-Cycle Assurance 6.6.3 Functional Testing3.1.4 Documentation 3.1.4.1 Security Feature User's
Guide6.4.2 User Guidance
3.1.4.2 Trusted Facility Manual 6.4.1 Administrator Guidance 3.1.4.3 Test Documentation 6.6 Security Testing 3.1.4.4 Design Documentation 6.3 Development
New Items in LSPP
5.1 Security Audit-lists 19 auditable events•All attempts to import user data, including any security attributes•Actions taken due to audit storage failure
5.3.2 Strength of Authentication Data•Single guess has less than 1/1,000,000 chance•Multiple attempts in one minute have less than 1/100,000 chance
5.4 Security Management-specifies requirements and roles.
6.2 Delivery and Operation
ISO/IEC PDTR 15446• Expands on PPs and STs
• PPs and STs for composite TOEs
• Functional and Assurance Packages
• Generic and Worked Examples
Websites of InterestCommon Criteria
NIST- csrc.ncsl.nist.gov/cc
CC Toolbox- niap.nist.gov/tools/cctool.html
Others
GIG- cno-n6.hq.navy.mil/files.htm
NIAP- niap.nist.gov