security evaluation
play

Security Evaluation CSM27 Computer Security Dr Hans Georg Schaathun - PowerPoint PPT Presentation

Security Evaluation CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey Autumn 2008 Week 8 Dr Hans Georg Schaathun Security Evaluation Autumn 2008 Week 8 1 / 21 Overview Session objectives Discuss advantages and


  1. Security Evaluation CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey Autumn 2008 – Week 8 Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 1 / 21

  2. Overview Session objectives Discuss advantages and limitations of security evaluations Clarify fundamental concepts and terminology in security evaluation Give an overview of the Common Criteria, enabling students to find appropriate documentation when needed Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 2 / 21

  3. Overview Can we trust a secure product/system? Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 3 / 21

  4. Overview Can we trust a secure product/system? Do you trust the manufacturer? Can you scrutinise and evaluate the product/system yourself? Is there an indenpendent evaluation or certification? Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 3 / 21

  5. Overview Can we trust a secure product/system? Do you trust the manufacturer? Can you scrutinise and evaluate the product/system yourself? Is there an indenpendent evaluation or certification? What is the difference between product and system ? What practical difference does it make for the evaluator? Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 3 / 21

  6. Overview Evaluation Standards TCSEC ( Orange Book ) – USA 1983–1999 CTCSEC – Canada 1989 ITSEC – Europe 1991–2001 (EU Council 1995) Common Criteria – Canada, France, Germany, the Netherlands, UK, and USA, 1998– International treaty: Common Criteria Recognition Agreement Evaluation Scheme needed to join Replaces TCSEC, ITSEC, ... Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 4 / 21

  7. Fundamental Concepts Target Product generic products generic requirements Security Classes (TCSEC) Protection Profile (Common Criteria) System local and individual requirements dialogue between security expert and non-expert user Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 5 / 21

  8. Fundamental Concepts Target Product generic products generic requirements Security Classes (TCSEC) Protection Profile (Common Criteria) System local and individual requirements dialogue between security expert and non-expert user Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 5 / 21

  9. Fundamental Concepts Target Product generic products generic requirements Security Classes (TCSEC) Protection Profile (Common Criteria) System local and individual requirements dialogue between security expert and non-expert user Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 5 / 21

  10. Fundamental Concepts Target Product generic products generic requirements Security Classes (TCSEC) Protection Profile (Common Criteria) System local and individual requirements dialogue between security expert and non-expert user Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 5 / 21

  11. Fundamental Concepts Target Product generic products generic requirements Security Classes (TCSEC) Protection Profile (Common Criteria) System local and individual requirements dialogue between security expert and non-expert user Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 5 / 21

  12. Fundamental Concepts Target Product generic products generic requirements Security Classes (TCSEC) Protection Profile (Common Criteria) System local and individual requirements dialogue between security expert and non-expert user Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 5 / 21

  13. Fundamental Concepts Target Product generic products generic requirements Security Classes (TCSEC) Protection Profile (Common Criteria) System local and individual requirements dialogue between security expert and non-expert user Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 5 / 21

  14. Fundamental Concepts Purpose Distinctions in the Orange Book Evaluation assess achievement of claimed properties Certification suitability for a given application Accreditation acceptance for a given application Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 6 / 21

  15. Fundamental Concepts Method We have to avoid Different results from different evaluations Security bugs found after a positive evaluation Goals: Reproducability and Repeatability Two methodologies Product-oriented (aka. investigational) considers the final product Establishes trust in a particular product Process-oriented (aka. audit-oriented) considers the development process (Potentionally) Establishes trust in a particular producer Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 7 / 21

  16. Fundamental Concepts Method We have to avoid Different results from different evaluations Security bugs found after a positive evaluation Goals: Reproducability and Repeatability Two methodologies Product-oriented (aka. investigational) considers the final product Establishes trust in a particular product Process-oriented (aka. audit-oriented) considers the development process (Potentionally) Establishes trust in a particular producer Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 7 / 21

  17. Fundamental Concepts Method We have to avoid Different results from different evaluations Security bugs found after a positive evaluation Goals: Reproducability and Repeatability Two methodologies Product-oriented (aka. investigational) considers the final product Establishes trust in a particular product Process-oriented (aka. audit-oriented) considers the development process (Potentionally) Establishes trust in a particular producer Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 7 / 21

  18. Fundamental Concepts Organisational Framework Government Agencies (initial US approach) Private Enterprises with Government Accreditation Government Certificates (UK 1991) Private Certification (Germany) What is the contract between . . . ? Sponsor Evaluator Manufacturer Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 8 / 21

  19. Fundamental Concepts Organisational Framework Government Agencies (initial US approach) Private Enterprises with Government Accreditation Government Certificates (UK 1991) Private Certification (Germany) What is the contract between . . . ? Sponsor Evaluator Manufacturer Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 8 / 21

  20. Fundamental Concepts Organisational Challenges Consistency across independent agencies Different people make different interpretations Interpretation drift Different interpretations at different times Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 9 / 21

  21. Fundamental Concepts Structure Functionality Which features are provided? Effectiveness Are the features appropriate for the requirements? Assurance How thorough/certain is the evaluation? The orange book couples the three considerations into discrete security classes ITSEC makes the three considerations separately Flexible framework; open for new requirements Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 10 / 21

  22. Fundamental Concepts Structure Functionality Which features are provided? Effectiveness Are the features appropriate for the requirements? Assurance How thorough/certain is the evaluation? The orange book couples the three considerations into discrete security classes ITSEC makes the three considerations separately Flexible framework; open for new requirements Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 10 / 21

  23. The Common Criteria The Common Criteria International Treaty Common standards documents CC documents CC Evaluation Methodology (CEM) Member states may have different implementations Evaluation Scheme or National Scheme Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 11 / 21

  24. The Common Criteria Basic Concepts Protection Profile (PP) describes the protection needed in a given application scenario Security Target (ST) describes the protection provided by (classes of) systems/products ST implements a PP Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 12 / 21

  25. The Common Criteria Security Functional Requirements This part of the CC defines the required structure and content of security functional components for the purpose of security evaluation. It includes a catalogue of functional components that will meet the common security functionality requirements of many IT products. Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 13 / 21

  26. The Common Criteria Security Functional Requirements This part of the CC defines the required structure and content of security functional components for the purpose of security evaluation. It includes a catalogue of functional components that will meet the common security functionality requirements of many IT products. Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 13 / 21

  27. The Common Criteria Functional Requirements Classes An example Communications class (two families) Non-repudiation of origin Non-repudiation of receipt Cryptographic support Security Audit User data protection . . . Dr Hans Georg Schaathun Security Evaluation Autumn 2008 – Week 8 14 / 21

Recommend


More recommend