• No results found

Computer and Network Security

N/A
N/A
Protected

Academic year: 2021

Share "Computer and Network Security"

Copied!
19
0
0

Loading.... (view fulltext now)

Full text

(1)

Computer and Network Security

Common Criteria

R. E. Newman

Computer & Information Sciences & Engineering University Of Florida

Gainesville, Florida 32611-6120 nemo@cise.ufl.edu

(2)

Common Criteria

Consistent Terminology, Practices, Mechanisms

(3)

1

Definitions

1.1

Security vs. assurance vs. trust

(4)

Common Criteria

Cooperative effort among

Canada, France, Germany, The Netherlands, UK, USA (NSA, NIST)

Defines sets of security criteria that may be used to define needs and claims

Does NOT Specify development approach for products

Specify particular forms or formats for product specification Specify evaluation methodology

Guarantee fitness for use of an evaluated product

F ig u re 1 : 3

(5)

CC Terms

Class − grouping of families with a common focus

Component − smallest selectable set of elements for inclusion in PP, ST, or package Element − an indivisible security requirement

Evaluation − assessment of PP, ST or TOE against defined criteria

Evaluation Assurance Level (EAL) − A package of assurance components from Part 3 representing a point on the CC predefined assurance scale

Evaluation Scheme − an administrative and regulatory framework under which the CC is applied

Family − a grouping of components that share security objectives but differ in emphasis or rigor

Package − a reusable set of either functional or assurance components (e.g., an EAL) that together satisfy a defined set of security objectives

Protection Profile (PP) − an implementation−independent set of security

requirements for a category of TOEs that meets specific customer needs

F ig u re 2 : 4

(6)

TOE Security Policy − a set of rules that regulate how assets are managed, protected, and distributed in a TOE

CC Terms

Security Function (SF) − a part or parts of the TOE relied upon to enforce a subset of rules of the TSP

Security Function Policy (SFP) − the security policy enforced by a SF

Security Objective − a statement of intent to counter identified threats and/or to satisfy identified organizational security policies or assumptions

Security Target (ST) − a set of security requirements and specifications to be used to evaluate an identified TOE

Strength of Function (SOF) − a qualification of a TOE SF expressing the minimum effort assumed to be required to defeat its underlying mechanisms

Target of Evaluation (TOE) − an IT product or system and its administrative and user guides that is subject to evaluation

TOE Security Functions (TSF) − the hardware, firmware, and software that enforce the TSP of a TOE F ig u re 3 : 5

(7)

Evaluation Criteria Evaluation Scheme Evaluation Methodology Operate TOE Evaluation Results Evaluate TOE Develop TOE TOE and Evidence Evaluation Security Requirements (PP and ST)

TOE Evaluation Process

feedback F ig u re 4 : 6

(8)

TOE Evaluation Representation Requirements

At each level of refinement in the TOE specification and development process, representations must be detailed and complete enough to ensure:

(a) Sufficiency − that the refinement is a complete instantiation of the higher levels (i.e., all TSFs, properties, behaviors defined at a higher level must be demonstrably present at the lower level); (b) Necessity − that the refinement is an accurate instantiation of higher

levels (i.e., that there are no TSFs, properties or behaviors at the lower level that are not present at a higher level).

F ig u re 5 : 7

(9)

TOE Security Environment

TSE includes all relevant laws, regulations, organizational security policies, customs, knowledge, expertise, and threats present or assumed (CONTEXT).

The PP or ST writer must take into account:

a) physical environment (including physical protection, personnel); b) assets requiring protection (direct and indirect);

c) TOE purpose (product type and intended use).

Security statements about the TOE made after threat, risk, and policy investigation: a) assumptions about the environment for the TOE to be considered secure; b) threats to asset security − threat agent, presumed attack method,

vulnerabilities exploited, assets attacked; c) applicable organizational policies and rules.

F ig u re 6 : 8

(10)

TOE Security Objectives

Statement of goals regarding threats to counter or policies to meet based on the purpose of the TOE and its assumed environment

Addresses all security concerns and declare which are to be handled by the TOE and which by its environment, based on engineering judgement, security policy, economic factors, risk acceptance decisions.

Security objectives for environment met by non−technical and procedural means

Security objectives for TOE and its IT environment refined into IT Security Requirements F ig u re 7 : 9

(11)

TOE IT Security Requirements

Refinement of TOE security objectives for TOE and its IT environment, which, if met, would ensure that the TOE meet its security objectives.

Decomposed into Functional Requirements and Assurance Requirements

If TOE SFs are realized by probabilistic or permuational mechanisms (e.g., hash functions, passwords,...), then an SOF may be specified (SOF−basic, SOF−medium, SOF−high)

Levied on TSFs

Functional requirements (part 2) include I&A, audit, non−repudiation, ...

Assurance requirements (part 3) levied on a) actions of developer, b) evidence produced, and c) actions of evaluator; assurance derived from

b) efficacy of SFs a) correctness of implementation of SFs F ig u re 8 : 1 0

(12)

TOE Summary Specification

Part of Security Target (ST)

Defines instantiation of security requirements for TOE:

High−level definition of Security Functions (SFs) claimed to meet the functional requirements; and

Assurance measures taken to meet assurance requirements.

F ig u re 9 : 1 1

(13)

Dependencies

May exist between functional components May exist between assurance components

May exist between functional and assurance components

Arise when a component is not sufficient by itself and relies on the presence of another component

Dependency descriptions are part of CC component definitions

Must be satisfied when incorporating components into PPs and STs for completeness

F ig u re 1 0 : 1 2

(14)

Operations on Components

Iteration

Assignment

Selection

Refinement

may be used more than once with varying operations

specification of a parameter to be filled in when component used

specification of items from a list given in the component

addition of extra detail when component is used

F ig u re 1 1 : 1 3

(15)

Packages

Intermediate combination of components

Permits expression of a set of functional or assurance requirements that meet an identifiable subset of security objectives

Intended for reuse

May be used in larger packages, PPs, STs

EALs (Evaluation Assurance Levels) are predefined assurance packages in Part 3.

Each EAL is a baseline set of consistent assurance requirements for evaluation

F ig u re 1 2 : 1 4

(16)

Protection Profiles

from the CC, or

stated explicitly, along with an EAL (perhaps augmented)

Consistent set of functional and assurance requirements

Permit expression of security requirements for a set of TOEs that will comply fully with a set of security objectives

Intended for reuse

Contains rationale for objectives and requirements

F ig u re 1 3 : 1 5

(17)

Security Targets

A consistent set of security requirements made by reference to a PP

by explicit statement

fby reference to CC functional and assurance components, or

Contains the TOE Summary Specification, along with security requirements and objectives, and rationales for each

Basis for agreement among all parties as to what security the TOE offers

F ig u re 1 4 : 1 6

(18)

Protection Profile Specification

PP identification PP overview PP Introduction

TOE Description

TOE Security Environment Assumptions Threats

Organizational security policies Security Objectives For the TOE

For the environment

IT Security Requirements TOE Security Requirements

TOE assurance reqts TOE functional reqts Sec Reqts for the IT Env.

PP Application Notes

Rationale For Security Objectives For Security Requirements

F ig u re 1 5 : 1 7

(19)

Rationale For Security Objectives For Security Requirements PP Introduction

TOE Description

TOE Security Environment Assumptions Threats

Organizational security policies Security Objectives For the TOE

For the environment

IT Security Requirements TOE Security Requirements

TOE assurance reqts TOE functional reqts Sec Reqts for the IT Env.

Security Target Specification

ST identification ST overview CC conformance

TOE Summary Specification TOE Security Functions Assurance measures

PP reference, PP tailoring, PP additions PP Claims

For TOE Summary Specifications For PP Claims F ig u re 1 6 : 1 8

References

Related documents

We present a comparison among ten prices series of crude oils and fourteen price series of petroleum products, considering four distinct market areas (Mediterranean, North

At the time The Economics of Regulation was written, there was relatively little formal theoretical development of the properties of alternative incentive regulation mechanisms

We show that the opportunistic use of patents by NPEs will also generate a negative relationship between private value and citations which buttresses our main hypothesis: when

‘The combination of fundamental and applied research is the guiding principle of projects that NWO funds in the area of green chemistry’, says De Winde. NWO Chemical Sciences has

• Query, delete or notify the threshold of the performance management jobs • Manage subscriptions, query, subscribe or terminate subscriptions.. Performance

This cost comprises of fixed and variable production costs of blood products derived from whole blood, apheresis production cost at different sites, transportation cost

It then assesses progress in six key areas of reform: the role and structure of the State; attempts to improve agency performance; the introduction of resource and expenditure

This Presentation is brought to you for free and open access by the Elementary and Literacy Education Department at Cornerstone: A Collection of Scholarly and Creative Works