tm8104 it security evaluationautumn 20091 cc – common criteria (for it security evaluation) the cc...
TRANSCRIPT
TM8104 IT Security Evaluation Autumn 2009 1
CC – Common Criteria (for IT Security Evaluation)
The CC permits comparability between the results of independent security evaluations. The CC does so by providing a common set of requirements for the security functionality of IT products and for assurance measures applied to these IT products during a security evaluation. These IT products may be implemented in hardware, firmware or software.
TM8104 IT Security Evaluation Autumn 2009 2
CC Scope
Common Criteria (CC), is a multipart standard meant to be used as the basis for evaluation of security properties of IT products. By establishing such a common criteria base, the results of an IT security evaluation may be meaningful to a wider audience.
TM8104 IT Security Evaluation Autumn 2009 3
CC Target Audience
• Consumers– to help decide whether a TOE fulfils their security
needs
• Developers– to help identifying security requirements to be
addressed by the TOE
• Evaluators– to help forming judgment about the conformance
of the TOE to their security requirements
TM8104 IT Security Evaluation Autumn 2009 4
CC Has Limited Coverage
The CC does not cover:– administrative measures such as organisational,
personnel, physical, and procedural controls– physical aspects of IT security such as
electromagnetic emanation – evaluation methodology – the administrative and legal framework under
which the criteria may be applied – the accreditation process– inherent qualities of cryptographic algorithms
TM8104 IT Security Evaluation Autumn 2009 5
WG 1 WG 2 WG 3Security
EvaluationCriteria
JTC 1ISO/IEC Joint Technical Committee no. 1
Information Technology
SC 27Security Techniques
SecurityTechniques and
Mechanisms
Requirements,Security Services
and Guidelines
ISO/IEC standardisation ofIT Security Evaluation Criteria
TM8104 IT Security Evaluation Autumn 2009 6
WG 3 Terms of Reference
1. Standards for IT Security evaluation and certification of IT systems,components, and products. This will include consideration of computer networks,distributed systems, associated application services, etc.
2. Three aspects may be distinguished:a) evaluation criteriab) methodology for application of the criteriac) administrative procedures for evaluation, certification and accreditation schemes.
3. This work will reflect the needs of relevant market sectors in society, as representedin ISO, expressed in standards for security functionality and assurance.
4. Account will be taken of related ISO standards for quality management and testingso as not to duplicate these efforts.
TM8104 IT Security Evaluation Autumn 2009 7
History of IT Security Evaluation Criteria
1985 1990 1995
CanadianInitiatives
CTCPEC3
Europeannational andRegionalinitiatives
ISOStandard
NISTMSFR
ITSEC1.2
FederalCriteria
1997
ISOInitiatives
1998
CommonCriteriaProject
CCV.1.0
CCV.2.0
USOrangeBook
1999
CD/DIS
TM8104 IT Security Evaluation Autumn 2009 8
The CC Development Project
Legal Notice: The governmental organisations listed below contributed to the development of this version of the Common Criteria for Information Technology Security Evaluation. As the joint holders of the copyright in the Common Criteria for Information Technology Security Evaluation, version 3.1 Parts 1 through 3 (called “CC 3.1”), they hereby grant non-exclusive license to ISO/IEC to use CC 3.1 in the continued development/maintenance of the ISO/IEC 15408 international standard. However, these governmental organisations retain the right to use, copy, distribute, translate or modify CC 3.1 as they see fit.
TM8104 IT Security Evaluation Autumn 2009 9
CC Part One
Scope:
* IT - Security; reduction of risks associated with threats tothe information arising directly or indirectlyfrom human error or deliberate subversion
* Threat analysis; to discover conceivable threats
* Risk analysis; to determine countermeasures
TM8104 IT Security Evaluation Autumn 2009 10
The CC Development Club
Australia/New Zealand: The Defence Signals Directorate and the Government Communications Security Bureau respectively; Canada: Communications Security Establishment; France: Direction Centrale de la Sécurité des Systèmes d'Information; Germany: Bundesamt für Sicherheit in der Informationstechnik; Japan: Information Technology Promotion Agency Netherlands: Netherlands National Communications Security Agency; Spain: Ministerio de Administraciones Públicas and Centro Criptológico Nacional; United Kingdom: Communications-Electronics Security Group; United States: The National Security Agency and the National Institute of Standards and Technology.
TM8104 IT Security Evaluation Autumn 2009 11
General Evaluation Model
TM8104 IT Security Evaluation Autumn 2009 12
Evaluation Concepts and Relationships
TM8104 IT Security Evaluation Autumn 2009 13
Influence of evaluation
Potential for influence
SecurityRequirements(PP and ST)
EvaluationRequirements
(CC)
TOE andEvaluationEvidence
EvaluationReport
OperationReport
DevelopTOE
EvaluateTOE
OperateTOE
TM8104 IT Security Evaluation Autumn 2009 14
Use of evaluation results
Register of protection profiles
Evaluated productscatalogue
Securityrequirements
Evaluationresults
DevelopandevaluateTOE
Catalogueproduct
Accredit system
Evaluatedproduct
Accreditedsystem
System accreditationcriteria
TM8104 IT Security Evaluation Autumn 2009 15
The Protection Profile (PP)
TM8104 IT Security Evaluation Autumn 2009 16
TOE in its environment
TOE
Security Objectives
Security Objectives
ENVIRONMENTSecurityPolicy
Threats
LawsCustoms
Knowledge Expertise
TM8104 IT Security Evaluation Autumn 2009 17
Specification hierarchy
OBJECTIVES
REQUIREMENTS
TOE SPECIFICATION
TOE IMPLEMENTATION
AbstractionLevel
Desired behaviour;may be tested (100%)
Absence of undesired behaviour;cannot be exhaustively tested
TM8104 IT Security Evaluation Autumn 2009 18
TM8104 IT Security Evaluation Autumn 2009 19
Basic relationship of theProtection Profile and the
Security Target
Objectives Requirements Specifications Mechanisms
Protection Profile
Security Target
TOE
TM8104 IT Security Evaluation Autumn 2009 20
Evaluation Results
TM8104 IT Security Evaluation Autumn 2009 21
The Double Hierarchy
Functions
Assurance
Class
Class
Class
Class
Family
Family
Family
Family
Family
Family
Family
Family
Component
Component
Component
Component
Component
Component
Component
Component
Component
Component
Component
Component
Component
Component
Element
Element
Element
Element
Element
Element
Element
Element
Element
Element
Element
Element
FunctionalPackage
FunctionalPackage
AssuranceLevel
AssuranceLevel
ProtectionProfile
PP refinements
TM8104 IT Security Evaluation Autumn 2009 22
The Evaluation Process
• ST/TOE Evaluation– an ST evaluation is carried out by applying the
Security Target evaluation criteria to the Security Target.
– a TOE evaluation is more complex• ST• TOE• Development environment
– Design documents– Developer test results
• applying SARs on the evaluation evidence
TM8104 IT Security Evaluation Autumn 2009 23
CC Part 2 - The Functional Class Set
• FAU - Security Audit• FCO - Communication• FCS - Cryptographic Support• FDP - User Data Protection• FIA - Identification and Authentication• FMT – Security Management• FPR - Privacy • FPT - Protection of the Trusted Security Functions• FRU - Resource Utilization• FTA - TOE Access• FTP - Trusted Paths/Channels
TM8104 IT Security Evaluation Autumn 2009 24
CC Part 3 - Assurance Levels
• EAL0 - Unassured• EAL1 - Functionally tested• EAL2 - Structurally tested• EAL3 - Methodically tested and checked• EAL4 - Methodically designed, tested, and
reviewed• EAL5 - Semiformally designed and tested• EAL6 - Semiformally verified design and
tested• EAL7 - Formally verified design and tested