Security Product Evaluations - IEEEgrouper.ieee.org/groups/2600/presentations/IEEECC.pdfSecurity...
Transcript of Security Product Evaluations - IEEEgrouper.ieee.org/groups/2600/presentations/IEEECC.pdfSecurity...
Security Product Evaluations
Common Criteria
NIAP Website
www.niap.nist.gov
CC Documents
Historical Perspective
EuropeanNational
& RegionalInitiatives
‘89-’93
CanadianInitiatives
‘89-’93
CommonCriteriaProject
‘93--
ISOFDIS 15408
‘99
USTCSEC
‘83, ‘85
CTCPEC3
‘93
FederalCriteria
‘92
CommonCriteria
1.0
‘96
CommonCriteria
2.0
‘98
NIST’sMSFR
‘90
ITSEC1.2
‘91ISO
Initiatives‘92--
Security Product EvaluationsNational Information Assurance PartnershipNational Information Assurance PartnershipNational Information Assurance Partnership
NIAP Evaluates and Validates Security Solutions
Using the Common Criteria
Common Criteria Evaluation and Validation Scheme The program developed by NIST and NSA as part of the National Information Assurance Partnership (NIAP) establishing an organizational and technical framework to evaluate the trustworthiness of IT Products and protection profiles.
US Program Overview
NIAP AccreditsPrivate
Testing Labs
NIAP IssuesCC Certificates
to Products
Labs do CCEvaluations of
IT ProductsNIAP Reviews
& ValidatesLab Results
MRA NationsRecognize
Product Cert’s
• Booz Allen Hamilton Common Criteria Testing Laboratory
• Cable and Wireless Common Criteria Testing Laboratory
• COACT Inc. CAFE Laboratory
• Computer Sciences Corporation
• Critrian Independent Labs
• CygnaCom Solutions Security Evaluation Laboratory
• InfoGard Laboratories Inc.
• SAIC Common Criteria Testing Laboratory
Common Criteria Testing Laboratory Within the context of the Common Criteria Evaluation and Validation Scheme (CCEVS), an IT security evaluation facility, accredited by the National Voluntary Laboratory Accreditation Program (NVLAP) and aproved by the NIAP Validation Body to conduct Common Critieria-based evaluations.
CC Evaluations
Evaluation The assessment of an IT product against the Common Criteria using the Common Evaluation Methodology to determine whether or not the claims made are justified; or the assessment of a protection profile against the Common Criteria using the Common Evaluation Methodology to determine if the profile is complete, consistent, technically sound and hence suitable for use as a statement of requirements for one or more TOEs that may be evaluated.
EAL Equivalence
• EAL 1 =
• EAL 2 & 3 = Basic Assurance
• EAL 4 = Medium Assurance
• EAL 5, 6 & 7 = High Assurance
EALS
*TCSEC
C1C2B1B2B3A1
EALEAL1EAL2EAL3EAL4EAL5EAL6EAL7
NameFunctionally TestedStructurally TestedMethodically Tested & CheckedMethodically Designed, Tested & ReviewedSemiformally Designed & TestedSemiformally Verified Design & TestedFormally Verified Design & Tested
*TCSEC = “Trusted Computer Security Evaluation Criteria” -- ”Orange Book”
Evaluation Assurance LevelsApproximate Backward Compatibility Comparison
Typical CC Evaluations
• EAL 2 6 to 9 Months $200 K $400 K
• EAL 3 9 to 12 Months $300 $500 K
• EAL 4 1 Year + $500K +
STs PPsSecurity Target A specification of the security required (both functionality and assurance) in a Target of Evaluation (TOE), used as a baseline for evaluation under the CC. The security target specifies the security objectives, the threats to those objectives, and any specific security mechanisms that will be employed.
Protection Profile An implementation independent set of security requirements for a category of IT products which meet specific consumer needs.
Security Target Contents• Introduction
• TOE Description
• Security Environment Assumptions Threats Organizational Security Policies
• Security Objectives
• Security Requirements Functional Req’ts Assurance Req’ts
• TOE Summary Specification
• PP Claims
• Rationale
Target of Evaluation An IT product or group of IT products configured as an IT System and associated documentation that is the subject of a security evaluation under the CC.
Also, a protection profile that is the subject of a security evaluation under the CC.
Target Of Evaluation• Target of Evaluation (TOE)
An IT product or system that is the subject of an evaluation.
• TOE Security Policy (TSP)
The rules that regulate how assets are managed, protected
and distributed within a TOE.
• TOE Security Functions (TSF)
All parts of the TOE that must be relied upon for the
correct enforcement of the TSP.
CC Terminology
Acronym Overload
Classes of Security Functional Requirements
ClassClassFAUFCOFCSFDPFIAFMTFPRFPTFRUFTAFTP
NameNameAuditCommunicationsCryptographic SupportUser Data ProtectionIdentification & AuthenticationSecurity ManagementPrivacyProtection of TOE Security FunctionsResource UtilizationTOE AccessTrusted Path / Channels
Classes of Security Assurance Requirements
ClassClassACMADOADVAGDALCATEAVAAPEASEAMA
NameNameConfiguration ManagementDelivery & OperationDevelopmentGuidance DocumentsLife Cycle SupportTestsVulnerability AssessmentProtection Profile EvaluationSecurity Target EvaluationMaintenance of Assurance
Protection Profile Contents
• Introduction
• TOE Description
• Security Environment Assumptions Threats Organizational Security Policies
• Security Objectives
• Security Requirements
• Functional Req’ts
• Assurance Req’ts
• Rationale
Specification of the Attacker
• Corporate Security
• HIPPA / Gramm-Leach-Bliley
• Department of Defense
• Department of Energy
The Security Target Addresses the Sophistication of the Attacker
Protection Profile for Which Consumer ???
Using CC
• IT Product ConsumersLook for PPs matching your security requirements -- use in procurement
specifications
• Consumer Consortia (Users Groups)Use CC to build PPs expressing members’ needsWork with Product Developers to build matching products
• Product DevelopersUse CC to specify product security capabilities via Security Targets
• Product Evaluators/ValidatorsUse CC-compliant Protection Profiles & Security Targets as yardstick for
measuring product compliance
Questions?