Evaluation Concepts and Relationships

Download Report

Transcript Evaluation Concepts and Relationships

CC – Common Criteria
(for IT Security Evaluation)
The CC permits comparability between the
results of independent security evaluations.
The CC does so by providing a common set
of requirements for the security functionality
of IT products and for assurance measures
applied to these IT products during a security
evaluation. These IT products may be
implemented in hardware, firmware or
software.
TM8104 IT Security Evaluation
Autumn 2009
1
CC Scope
Common Criteria (CC), is a multipart standard
meant to be used as the basis for evaluation
of security properties of IT products. By
establishing such a common criteria base, the
results of an IT security evaluation may be
meaningful to a wider audience.
TM8104 IT Security Evaluation
Autumn 2009
2
CC Target Audience
• Consumers
– to help decide whether a TOE fulfils their security
needs
• Developers
– to help identifying security requirements to be
addressed by the TOE
• Evaluators
– to help forming judgment about the conformance
of the TOE to their security requirements
TM8104 IT Security Evaluation
Autumn 2009
3
CC Has Limited Coverage
The CC does not cover:
– administrative measures such as organisational,
personnel, physical, and procedural controls
– physical aspects of IT security such as
electromagnetic emanation
– evaluation methodology
– the administrative and legal framework under
which the criteria may be applied
– the accreditation process
– inherent qualities of cryptographic algorithms
TM8104 IT Security Evaluation
Autumn 2009
4
ISO/IEC standardisation of
IT Security Evaluation Criteria
JTC 1
ISO/IEC Joint Technical Committee no. 1
Information Technology
SC 27
Security Techniques
WG 1
Requirements,
Security Services
and Guidelines
TM8104 IT Security Evaluation
WG 2
Security
Techniques and
Mechanisms
WG 3
Security
Evaluation
Criteria
Autumn 2009
5
WG 3 Terms of Reference
1. Standards for IT Security evaluation and certification of IT systems,
components, and products. This will include consideration of computer networks,
distributed systems, associated application services, etc.
2. Three aspects may be distinguished:
a) evaluation criteria
b) methodology for application of the criteria
c) administrative procedures for evaluation, certification and accreditation schemes.
3. This work will reflect the needs of relevant market sectors in society, as represented
in ISO, expressed in standards for security functionality and assurance.
4. Account will be taken of related ISO standards for quality management and testing
so as not to duplicate these efforts.
TM8104 IT Security Evaluation
Autumn 2009
6
History of IT Security
Evaluation Criteria
1985
1990
1995
Canadian
Initiatives
1997 1998 1999
CTCPEC
3
CC
V.2.0
CC
V.1.0
US
Orange
Book
NIST
MSFR
European
national and
Regional
initiatives
Federal
Criteria
Common
Criteria
Project
ITSEC
1.2
CD/DIS
ISO
Standard
ISO
Initiatives
TM8104 IT Security Evaluation
Autumn 2009
7
The CC Development Project
Legal Notice:
The governmental organisations listed below
contributed to the development of this version of the
Common Criteria for Information Technology Security
Evaluation. As the joint holders of the copyright in the
Common Criteria for Information Technology Security
Evaluation, version 3.1 Parts 1 through 3 (called “CC
3.1”), they hereby grant non-exclusive license to
ISO/IEC to use CC 3.1 in the continued
development/maintenance of the ISO/IEC 15408
international standard. However, these governmental
organisations retain the right to use, copy, distribute,
translate or modify CC 3.1 as they see fit.
TM8104 IT Security Evaluation
Autumn 2009
8
CC Part One
Scope:
* IT - Security;
reduction of risks associated with threats to
the information arising directly or indirectly
from human error or deliberate subversion
* Threat analysis;
to discover conceivable threats
* Risk analysis;
to determine countermeasures
TM8104 IT Security Evaluation
Autumn 2009
9
The CC Development Club
Australia/New Zealand: The Defence Signals Directorate and the
Government Communications Security Bureau respectively;
Canada: Communications Security Establishment;
France: Direction Centrale de la Sécurité des Systèmes d'Information;
Germany: Bundesamt für Sicherheit in der Informationstechnik;
Japan: Information Technology Promotion Agency
Netherlands: Netherlands National Communications Security Agency;
Spain: Ministerio de Administraciones Públicas and
Centro Criptológico Nacional;
United Kingdom: Communications-Electronics Security Group;
United States: The National Security Agency and the
National Institute of Standards and Technology.
TM8104 IT Security Evaluation
Autumn 2009
10
General Evaluation Model
TM8104 IT Security Evaluation
Autumn 2009
11
Evaluation Concepts and
Relationships
TM8104 IT Security Evaluation
Autumn 2009
12
Influence of evaluation
Security
Requirements
(PP and ST)
Develop
TOE
TOE and
Evaluation
Evidence
Evaluation
Requirements
(CC)
Evaluate
TOE
Evaluation
Report
Operate
TOE
Operation
Report
Potential for influence
TM8104 IT Security Evaluation
Autumn 2009
13
Use of evaluation results
Evaluated
products
catalogue
Register of
protection
profiles
Security
requirements
Develop
and
evaluate
TOE
Catalogue
product
Evaluated
product
Evaluation
results
Accredit
system
Accredited
system
System
accreditation
criteria
TM8104 IT Security Evaluation
Autumn 2009
14
The Protection Profile (PP)
TM8104 IT Security Evaluation
Autumn 2009
15
TOE in its environment
Security
Policy
ENVIRONMENT
Threats
Security Objectives
Customs
TOE
Laws
Security Objectives
Knowledge
TM8104 IT Security Evaluation
Expertise
Autumn 2009
16
Specification hierarchy
Abstraction
Level
OBJECTIVES
Desired behaviour;
may be tested (100%)
REQUIREMENTS
Absence of undesired
behaviour;cannot be
exhaustively tested
TOE SPECIFICATION
TOE IMPLEMENTATION
TM8104 IT Security Evaluation
Autumn 2009
17
TM8104 IT Security Evaluation
Autumn 2009
18
Basic relationship of the
Protection Profile and the
Security Target
Protection Profile
Security Target
TOE
Objectives
TM8104 IT Security Evaluation
Requirements
Specifications
Mechanisms
Autumn 2009
19
Evaluation Results
TM8104 IT Security Evaluation
Autumn 2009
20
The Double Hierarchy
Component
Family
Class
Component
Element
Element
Element
Component
Family
Functional
Package
Component
Component
Class
Functions
Family
Family
Assurance
Component
Component
Family
Class
Element
Element
Element
Element
Element
Element
Component
Functional
Package
Assurance
Level
Protection
Profile
Component
Family
Class
Component
Family
Family
Component
Component
Component
Component
Element
Element
Element
Assurance
Level
PP refinements
TM8104 IT Security Evaluation
Autumn 2009
21
The Evaluation Process
• ST/TOE Evaluation
– an ST evaluation is carried out by applying the
Security Target evaluation criteria to the Security
Target.
– a TOE evaluation is more complex
• ST
• TOE
• Development environment
– Design documents
– Developer test results
• applying SARs on the evaluation evidence
TM8104 IT Security Evaluation
Autumn 2009
22
CC Part 2 - The Functional
Class Set
•
•
•
•
•
•
•
•
•
•
•
FAU - Security Audit
FCO - Communication
FCS - Cryptographic Support
FDP - User Data Protection
FIA - Identification and Authentication
FMT – Security Management
FPR - Privacy
FPT - Protection of the Trusted Security Functions
FRU - Resource Utilization
FTA - TOE Access
FTP - Trusted Paths/Channels
TM8104 IT Security Evaluation
Autumn 2009
23
CC Part 3 - Assurance Levels
•
•
•
•
•
EAL0 - Unassured
EAL1 - Functionally tested
EAL2 - Structurally tested
EAL3 - Methodically tested and checked
EAL4 - Methodically designed, tested, and
reviewed
• EAL5 - Semiformally designed and tested
• EAL6 - Semiformally verified design and
tested
• EAL7 - Formally verified design and tested
TM8104 IT Security Evaluation
Autumn 2009
24