Transcript Module 2.5 Operational Environment

Module 2.5
Operational Environment
© Crown Copyright (2000)
“You Are Here”
MODULE 2 - ASSURANCE
M2.1 Requirements
M2.2 Development Representations
M2.3 Functional Testing
M2.4 Development Environment
M2.5 Operational Environment
M2.6 Vulnerability Analysis
M2.7 Penetration Testing
M2.8 Assurance Maintenance/Composition
Introduction
• Analysis of how the TOE should be
operated in practice
– Operational Guidance
– Delivery
– Installation, Generation and Start-up
• Operational Environment Visit
Operational Guidance
• User documentation
– how do I change my password ?
– how do I shutdown ?
• Administration documentation
– adding a user
– changing minimum password lengths
Delivery
• Customer receives the TOE
– has it been tampered with?
– is it the right one?
– how is this checked?
Installation, Generation and
Start-up
• Install and generate the TOE
– is it configured securely ?
• Start the TOE
– has it started up securely ?
ITSEC Requirements
Aspect
E1
E2
E3
E4
E5
E6
User Documentation






Administration Documentation






Delivery procedures






Configuration/installation







Formal configuration options
Secure startup & operation
Hardware diagnostics
Trusted recovery procedures














CC requirements
Aspect
EAL1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7
Administrator guidance







User guidance



















TOE delivery procedures
Installation, generation &
start-up

Evaluation Reporting
• Examination of documentation
– show how & where requirements satisfied
• Site visit ?
– staff interviewed
– evidence inspected
Summary
• Operational Guidance
• Delivery
• Installation, Generation and Start-up
Further Reading
ITSEC Evaluation
• UKSP 05 Part III, Chapters 9 - 10
CC Evaluation
• CC Part 3, Sections 2.6.2, 2.6.4, 9 and 11
• CEM Part 2, Chapters 5-8 (ADO and AGD
sections)
Exercise 1 - Guidance
• Function 1: The TOE shall uniquely identify and
authenticate users.
• Function 2: The TOE shall allow a subject with an access
right the ability to extend that access right to another
subject.
• Function 3: The TOE shall not echo passwords to the
screen.
• Function 4: The TOE shall provide tools to examine the
accounting logs for the purpose of audit.
Exercise 1 - Guidance
(Continued)
• Function 5: The TOE shall clear a screen of data when the
user logs out and when the workstation is locked due to a
period of inactivity.
• Function 6: The TOE shall permit a configurable number
of consecutive log-on attempts.
• Function 7: The TOE shall ensure that passwords are
changed at least every 6 months.
• Function 8: The TOE can completely deny users or groups
of users access to an object.