Managing IT security using Common Criteria · •Software • Combinations of above ......
Transcript of Managing IT security using Common Criteria · •Software • Combinations of above ......
![Page 1: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/1.jpg)
1
Managing IT security using Managing IT security using Common CriteriaCommon Criteria
ISACA – CETIC Meeting23 May 2007
![Page 2: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/2.jpg)
22
ObjectivesObjectives
Explain what are the Common Criteria
Explain how to use them effectively
Illustrate on examples
Focus:Security RequirementsAuditor point of view
![Page 3: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/3.jpg)
33
OverviewOverview
IT SecuritySecurity EvaluationsThe Common Criteria approach
A bit of history, actors, terminologiesProcess description with examplesDocument structure and justificationAssurance levels
Model-based supportA requirements engineering approachDocument management
ConclusionsReferences
![Page 4: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/4.jpg)
44
IT IT -- SecuritySecurity
process of protecting data from unauthorized access, use, disclosure, destruction, modification, or disruption
through the protection the confidentiality, integrity and availability of information
Complements SAFETY = prevent errors caused by unintentional damage or malfunctions
![Page 5: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/5.jpg)
55
Security EvaluationSecurity Evaluation
Independent (third party) attestation of a developer’s security claims against a defined security evaluation criteria.
Evaluations result in independent measure of assurance, therefore build confidence in security.
Secures development process and yields better product.
Comprehensive security solutions cannot be evaluated by simple examination!
![Page 6: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/6.jpg)
66
Evolution of Evaluations: Evolution of Evaluations: towards the Common Criteriatowards the Common Criteria
TCSEC1985
UK CLs1989
German Criteria
French Criteria
ITSEC1991
Federal CriteriaDraft 1993
Canadian Criteria
1993
v1.0 1996 v2.0 1998v3.0 2005Dutch
Criteria ISO/IEC 15408
Note: EBIOSNote: EBIOS
![Page 7: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/7.jpg)
77
Common Criteria PurposeCommon Criteria Purpose
From the User perspective:A way to define Information Technology (IT) security requirements for some IT products:
• Hardware• Software• Combinations of above
From the Developer/Vendor perspective:A way to describe security capabilities of their specific product
From the Evaluator/Scheme perspective:A tool to measure the belief we may attain about the security characteristics of a product.
![Page 8: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/8.jpg)
88
Evaluation PartiesEvaluation Parties
DeveloperSponsor
Evaluator
Overseer
- establish agreements- assure provision of
evaluation deliverables- support evaluation- develop and maintain
evaluation evidence
- perform CC evaluator actions- request and receive support- provide oversight deliverables- document and justify verdicts
- monitor / support evaluations- review oversight deliverables- create conditions that assure evaluations
conform to universal principles- approve or disapprove the overall verdict- document and justify the oversight verdict
![Page 9: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/9.jpg)
99
Common Criteria (CC) TerminologiesCommon Criteria (CC) TerminologiesTOE: target of evaluation = the product or system that is the subject of the evaluation
SFRs: Security Functional Requirements = specify individual security functions which may be provided by a product
PP: protection profile = a document, typically created by a user or user community, which identifies security requirements relevant to that user for a particular purpose. Implementation independent
ST: security target = the document that identifies the security properties of the target of evaluation. Each target is evaluated against the SFRs established in its ST, no more and no less
EAL: evaluation assurance level = numerical rating (1-7) assigned to the target to reflect the assurance requirements fulfilled during the evaluation; each package of assurance requirements covers the complete development of a product, with a given level of strictness
SOF : Strength of Function = a qualification of a TOE Security Function expressing the minimal efforts assumed to defeat its security mechanisms.
![Page 10: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/10.jpg)
1010
Development process (classical)Development process (classical)
![Page 11: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/11.jpg)
1111
Lifecycle detailsLifecycle details
![Page 12: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/12.jpg)
1212
Common Criteria ProcessCommon Criteria Process
Helmut Kurth, How Useful are Product Security Certifications for Users of the Product, June 2005
From assets From assets to threatsto threats
From Experts !From Experts !
EgEg. on human. on humanbehaviorsbehaviors
Outside system Outside system boundaries but boundaries but
impactingimpacting
![Page 13: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/13.jpg)
1313
Countering Countering the threatsthe threats
Addressing Addressing objectivesobjectivesby instantiating by instantiating CCCC
![Page 14: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/14.jpg)
1414
Security ClassesSecurity Classes
Tree-structured catalogueNotation convention
Class
Family Family
Component Component
Element Element
Class : common intent
Family : common objectives
Component : actual set of security requirements
Element : cannot be selectedindividually; explicit shallstatement
FIA_UID.1.1
Functional class :Identification & Authentication
Family : User Identification
Component/Element(Timing of Identification)
![Page 15: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/15.jpg)
1515
Security ClassesSecurity Classes
![Page 16: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/16.jpg)
1616
CC Evaluation ExampleCC Evaluation Example
![Page 17: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/17.jpg)
1717
Target of Evaluation (TOE)Target of Evaluation (TOE)
![Page 18: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/18.jpg)
1818
Evaluated ConfigurationEvaluated Configuration
![Page 19: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/19.jpg)
1919
Evaluated ConfigurationEvaluated Configuration
![Page 20: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/20.jpg)
2020
Security EnvironmentSecurity Environment
![Page 21: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/21.jpg)
2121
Security ObjectivesSecurity Objectives
![Page 22: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/22.jpg)
2222
Security ObjectivesSecurity Objectives
![Page 23: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/23.jpg)
2323
Threats and risk analysisThreats and risk analysis
![Page 24: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/24.jpg)
2424
Operations on requirementsOperations on requirements
generic requirements which can be “instantiated”using 4 mechanisms:
Selection: • fill a placeholder with one/several proposed proposition
Assignment: • specify the policy to meet the security requirement
Iteration• multiple instantiation is possible
Refinement: • make requirement more concrete• rationale must be provided
![Page 25: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/25.jpg)
2525
From Security Objectives From Security Objectives to Security Requirementsto Security Requirements
Cryptography:FCS_COP.1.1 - The TSF shall perform [assignment: list of cryptographic operations] in accordance with a specified cryptographic algorithm [assignment: cryptographic algorithm] and cryptographic key sizes [assignment: cryptographic key sizes] that meet the following: [assignment: list of standards].Concrete algorithms and key size ?
• Not now: deferred to design phase• So CC left uninstantiated at the PP level
Integrity Testing:FPT_TST.1.1 - The TSF shall run a suite of self tests [selection: during initial start-up, periodically during normal operation, at the request of the authorized user, at the conditions [assignment: conditions under which self test should occur]] to demonstrate the correct operation of the TSF.
![Page 26: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/26.jpg)
2626
Document : PP StructureDocument : PP Structure
![Page 27: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/27.jpg)
2727
Document: ST StructureDocument: ST Structure
![Page 28: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/28.jpg)
2828
Rationale: essential !Rationale: essential !
Do not just claim: justify !Analysis of a smart card protection profile
40Rationales
100Annexes
10Security Objectices
30Security Requirementes
10Security Environment
5TOE descriptionSize (pages)Part
![Page 29: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/29.jpg)
2929
Main RationalesMain Rationales
![Page 30: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/30.jpg)
3030
A look at the PP, ST evaluation elementsA look at the PP, ST evaluation elements
Developer Action elementsASE_OBJ.1.2D - The developer shall provide the security objectives rationale. ASE_PPC.1.2D - The developer shall provide the PP claims rationale for each provided PP claim. ASE_REQ.1.2D - The developer shall provide the security requirementsrationale. ASE_SRE.1.2D - The developer shall provide the security requirementsrationale. ...
Presentation of evidence:ASE_OBJ.1.4C - The security objectives rationale shall demonstrate thatthe stated security objectives are suitable to counter the identifiedthreats to security. ASE_OBJ.1.5C - The security objectives rationale shall demonstrate thatthe stated security objectives are suitable to cover all of the identifiedorganisational security policies and assumptions. ASE_PPC.1.1C - Each PP claim shall identify the PP for which compliance isbeing claimed, including qualifications needed for that claim. ASE_PPC.1.2C - Each PP claim shall identify the IT security requirementsstatements that satisfy the permitted operations of the PP or otherwisefurther qualify the PP requirements....
![Page 31: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/31.jpg)
3131
A look at the Rationales (smart card PP)A look at the Rationales (smart card PP)
![Page 32: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/32.jpg)
3232
Completeness, coverage: tabular format Completeness, coverage: tabular format
![Page 33: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/33.jpg)
3333
Some Textual RationalesSome Textual Rationales
Sufficiency:T.P_Probe (Physical Probing of the IC) deals withmechanical attacks on the structure of the TOEitself. It iscountered directly by O.Phys_Prot (PhysicalProtection) which ensures that the TOE is constructedusing such elements as (…)
Mutually supportive (=> not conflicting)The requirements represented in this protection profile were developed from a variety of sources including the direct experience of smart card security evaluations by major card associations. As such, the body of requirements has been indirectly shown to be consistent and mutually supportive through its successful application to major commercial systems. A further demonstration is presented below, showing that the security requirements work mutually so that each SFR is protected against bypassing, tampering and deactivation attacks by other SFRs.
![Page 34: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/34.jpg)
3434
More Textual RationalesMore Textual Rationales
Refinement: justify that: « Meeting the refined requirement will also meet
the original requirement, so this refinement is not an extension of the stated CC requirement. »
Extensions: eg. EAL4+AVA_VLA.3 Vulnerability Assessment -Vulnerability Analysis - Moderatelyresistant. EAL4 requires vulnerabilityassessment through imposition of AVA_VLA.2. This dictates a review of identified vulnerabilitiesonly.
![Page 35: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/35.jpg)
3535
Evaluation Assurance LevelsEvaluation Assurance Levels
1. Functionally tested
2. Structurally tested
3. Methodically tested and checked
4. Methodically designed, tested, and reviewed
5. Semi-formally designed and tested
6. Semi-formally verified design and tested
7. Formally verified design and tested
![Page 36: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/36.jpg)
3636
Assurance (process level)Assurance (process level)
EAL level=maturity of assurance process-Idea comparable to CMM-Informal -> semiformal -> formal lgge-1-2-3-4 = Basic-5 = Medium-6-7= High-Maximal “commercial” EAL today: EAL 4+
![Page 37: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/37.jpg)
3737
Assurance RequirementsAssurance Requirements
![Page 38: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/38.jpg)
3838
Assurance RequirementsAssurance Requirements
![Page 39: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/39.jpg)
39
ModelModel--based Supportbased Support
![Page 40: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/40.jpg)
4040
A large A large spectrumspectrum of techniquesof techniques
Nothing
Free
Text
Templa
tesTr
acea
bility
UML-like
Form
al
Models
(eg B)
Adoption
Maturity
CriticalSystems
Non criticalSystems
![Page 41: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/41.jpg)
4141
A modelA model--based approachbased approach
Modelling:Capturing assets and essential security propertiesIdentifying and addressing threatsCapturing all rationales behind this
Addressing the right EAL levelTextual, semi-formal, formal descriptionsSeamless refinement
Tool supportStructuring modelsFormalising modelsGenerating documents
![Page 42: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/42.jpg)
4242
A Requirements Point of ViewA Requirements Point of View
Goal ModelAnti-goals/Obstacles“Mitigating” GoalsRequirements
+ guidance
Rationale captureModel-based report generation
Goal-Oriented Req. Eng.
Finding/organizing threats ?Addressing threats ?Refining/Operationalizing ?
Document management ?Rationale generation ?
Issues
SecuritySecurity ThreatsSecurity ObjectivesSecurity Requirements
Documents (PP, ST)Rationale – JustificationTool = word processor
Security usingCommon Criteria
![Page 43: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/43.jpg)
4343
Toy Example: Toy Example: a simple smarta simple smart--card ecard e--pursepurse
High Level Functional requirements: 1. The system shall allow the user to pay for goods using a card previously
credited of an amount of money.2. On a pay transaction, the amount is deduced from the payer card and
transferred to the payee, provided the credit is sufficient. Parties are informed of the outcome (success or failure) of the transaction
Security requirements: 1. No value may be created: e-money should only be generated in
exchange for real one2. No value is lost: all value is accounted in the system 3. Money transfer should only occur between payer and payee and for the
agreed amount.
For sake of simplicity:1. the only transactions considered are to load the card and to unload for
paiement2. the system does not support: multiple currencies, transfert of electronic
money between cards, to accounts or for real money
![Page 44: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/44.jpg)
4444
Functional GoalsFunctional Goals
![Page 45: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/45.jpg)
4545
Modelling Environment Modelling Environment and Assetsand Assets
![Page 46: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/46.jpg)
4646
Threats: from Goals and AntiThreats: from Goals and Anti--goalsgoals
![Page 47: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/47.jpg)
4747
Document GenerationDocument Generation
All the information is in the model:Assets, treaths, objectives, requirementsAlso rationales !
• Completeness tables from traceability links• Textual justification attached to the model
Model-based approach:Manage and evolve the model, not the documentGenerate the document
Short tool demo
![Page 48: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/48.jpg)
4848
General ConclusionsGeneral Conclusions
Common Criteria provides strong guidelines for IT security
Support reuse: common criteria catalogueprotection profile libraryinstantiation primitives
Model engineering helps support/improve the processMore systematic identification of threatsBetter document managementImproved quality assurance
Formal level required to achieve high evaluation assurance levels: see next presentation
Extensible and also still evolving
Links with other norms:ISO 17799: good practicesEBIOS: CC compatible but includes other norms such as ISO17799
![Page 49: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/49.jpg)
4949
Benefits for the auditorBenefits for the auditor
Standard framework:clear evaluation criteriabased on a serious approach of IT security
Can be applied:for actual certification purposes in a wider scope
Auditor present in the CC process
Library of “domain specific” protection profiles (check list)
Evaluation assurance levels : maturity scalecurrent situation, target, what to improve first
![Page 50: Managing IT security using Common Criteria · •Software • Combinations of above ... Identification Component/ Element (Timing of Identification) 15 15 Security Classes. 16 16](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f905b743ba191556040b9e1/html5/thumbnails/50.jpg)
5050
ReferencesReferences
Common Criteria Familiarization (slides), NIST
Common Criteria for IT Security Evaluation, Part 1 (2 & 3), http://csrc.nist.gov/c
D.S. Herrman, Using the Common Criteria for IT Security Evaluation, CRC Press, 2003.
W Rankl, W. Effing, Smart Card Handbook – 3rd Edition, Wiley 2003
Smart Card Security User Group – Smart Card Protection Profile (SCSUG-SCPP), version 3.0, sept 2001
A. Van Lamsweerd & al, From System Goals to Intruder Anti-Goals: Attack Generation and Resolution for Security Requirement Engineering, in Proc RHAS’03, 2003
A. Van Lamsweerd & al, Elaborating Security Requirements by Construction of Intentional Anti-Models, in Proc ICSE’04, 2004
M. Vetterling, G. Wimmel, Secure Systems Development based on the Common Criteria – The PalME Project, FSE 10, 2002.