Upload
dara
View
85
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Common Criteria. Dawn Schulte Leigh Anne Winters. Outline. What is the Common Criteria? Origins of the Common Criteria Common Criteria Basics Security Functional Requirements Security Assurance Requirements Evaluation Assurance Levels Common Criteria in the US Common Criteria and C&A - PowerPoint PPT Presentation
Citation preview
University of Tulsa - Center for Information Security
Common Criteria Common Criteria
Dawn SchulteLeigh Anne Winters
University of Tulsa - Center for Information Security
OutlineOutline
• What is the Common Criteria?• Origins of the Common Criteria• Common Criteria Basics• Security Functional Requirements• Security Assurance Requirements• Evaluation Assurance Levels• Common Criteria in the US• Common Criteria and C&A• Centralized Certified Products List
University of Tulsa - Center for Information Security
What is the Common What is the Common Criteria?Criteria?
• The Common Criteria represents the outcome of a series of efforts to develop criteria for evaluation of IT security that are broadly useful within the international community.
• Standardizes– Security Functionality– Evaluation Assurance
University of Tulsa - Center for Information Security
Origins of the Origins of the Common CriteriaCommon Criteria
Netherlands
United States
Canada
France
United Kingdom
Germany
University of Tulsa - Center for Information Security
Origins of the Origins of the Common CriteriaCommon Criteria
University of Tulsa - Center for Information Security
Origins of the Origins of the Common CriteriaCommon Criteria
• Version 1.0 (Jan 1996) – published for comment
• Version 2.0 (May 1998) – takes account of extensive review
• Version 2.0 (1999) – adopted by ISO as ISO 15408
University of Tulsa - Center for Information Security
Pop Quiz!!Pop Quiz!!
1. Name one of the two areas that CC standardizes.
2. Name one of the six countries that participates in the CC
University of Tulsa - Center for Information Security
Common Criteria:Common Criteria:Three PartsThree Parts
• Part 1: Intro and General Model• Part 2: Security Functional Requirements• Part 3: Security Assurance Requirements
University of Tulsa - Center for Information Security
Intro and General Model:Intro and General Model:
DefinitionsDefinitions
• Target of Evaluation (TOE) – an IT product or system and its associated administrator and user guidance documentation that is the subject of evaluation
• Protection Profile (PP) – an implementation-independent set of security requirements for a category of TOEs that meet specific consumer needs.
• Security Target (ST) – a set of security requirements and specifications to be used as the basis for evaluation of an identified TOE.
University of Tulsa - Center for Information Security
Common Criteria UsersCommon Criteria Users
User Uses of Common Criteria
Consumers To find requirements for security features that match their own risk assessment. To shop for products that have ratings with those features. To publish their security requirements so that vendors can design products that meet them.
Developers To select security requirements that they wish to include in their products. To design and build a product in a way that can prove to evaluators that the product meets requirements. To determine their responsibilities in supporting and evaluating their product.
Evaluators To judge whether or not a product meets its security requirements. Provide a yardstick against which evaluations can be performed. Provide input when forming specific evaluation methods.
University of Tulsa - Center for Information Security
Pop Quiz!!Pop Quiz!!
1. True or False: The Protection Profile answers the question “What will I provide?”
2. List one interested party in the CC.3. Name one part of the CC.
University of Tulsa - Center for Information Security
Security Functional Security Functional RequirementsRequirements
Security Functional Requirements describe the expected behavior of a TOE
University of Tulsa - Center for Information Security
Security Functionality:Security Functionality:
OrganizationOrganization
• The CC security requirements are organized into the hierarchy of – Class-Family-Component
• This hierarchy is provided to help consumers to locate specific security requirements and the right components to combat threats.
University of Tulsa - Center for Information Security
Security Functionality:Security Functionality:
Functional Requirement Functional Requirement ClassesClasses
• Audit (FAU)• Cryptographic Support (FCS)• Communications (FCO)• User Data Protection (FDP)• Identification and Authentication (FIA)• Security Management (FMT)• Privacy (FPR)• Protection of the TOE Security Functions (FPT)• Resource Utilization (FRU)• TOE Access (FTA)• Trusted Path/Channels (FTP)
University of Tulsa - Center for Information Security
Pop Quiz!!Pop Quiz!!
1. Name the levels of the hierarchy.2. Security Functional Requirements
describe the _____ ______ of a TOE.3. Name one Functional Requirement Class.
University of Tulsa - Center for Information Security
Security AssuranceSecurity Assurance
Grounds for confidence that an IT product or system meets its security objectives.
University of Tulsa - Center for Information Security
Security Assurance:Security Assurance:
How to gain assurance…How to gain assurance…EvaluationEvaluation
Analysis– Design representations– Flaws– Functional tests and results– Guidance documents– Processes procedures– Penetration testing
University of Tulsa - Center for Information Security
Security Assurance:Security Assurance:
Assurance Requirement Assurance Requirement ClassesClasses
• Evaluation of PPs and STs– Protection Profile Evaluation (APE)– Security Target Evaluation (ASE)
• Evaluation Assurance Classes– Configuration Management (ACM)– Delivery and Operation (ADO)– Development (ADV)– Guidance documents (AGD)– Life Cycle Support (ALC)– Tests (ATE)– Vulnerability Assessment (AVA)
• Assurance Maintenance Class– Maintenance of Assurance (AMA)
University of Tulsa - Center for Information Security
Pop Quiz!!Pop Quiz!!
1. Fill in the blank….Grounds for confidence that an IT product or system meets its _________.
2. How can you gain assurance?3. Name one Assurance Requirement Class.
University of Tulsa - Center for Information Security
Why go through the Why go through the process?process?
• Internationally recognized• Independent quality mark• Some customers may desire a CC
Certificate• Good marketing
University of Tulsa - Center for Information Security
Evaluation Assurance Evaluation Assurance LevelsLevels
• 7 Evaluation Assurance Levels (EAL)– Each level offers an increasing level of assurance
• EAL1-EAL2: Basic Level Assurance• EAL3- EAL4: Moderate Level Assurance• EAL5-EAL7: High Level Assurance
– Cost and time required increases with each level– Only Levels 1-4 are mutually recognized
University of Tulsa - Center for Information Security
EAL1 & EAL2: EAL1 & EAL2: Basic Level AssuranceBasic Level Assurance
• EAL1 – Functionally Tested– Applicable where threats to security are not viewed as serious– Provides an evaluation of the TOE as made available to the
consumer• Independent testing against specification• Examination of documentation
• EAL2 – Structurally Tested– Applicable where consumers or designers require a low to
moderate level of independently assured security– Complete development record not available– Legacy Systems, limited developer access, etc.
University of Tulsa - Center for Information Security
EAL3 & EAL4:EAL3 & EAL4:Moderate Level Moderate Level
AssuranceAssurance• EAL3 – Methodically Tested and Checked
– Applicable when developers or user require a moderate level of independently assured security.
– Thorough investigation of the TOE and its development.
• EAL4 – Methodically Designed, Tested and Reviewed– Highest level at which it is likely to be economically
feasible to certify an existing product.– Developers must be prepared to incur additional
security-specific engineering costs.
University of Tulsa - Center for Information Security
EAL5 - EAL7:EAL5 - EAL7:High Level AssuranceHigh Level Assurance
• EAL5 – Semiformally Designed and Tested• EAL6 – Semiformally Verified Design and
Tested• EAL7 – Formally Verified Design and
Tested
• NOTE: No product has been evaluated at EAL5-7 at this time.
University of Tulsa - Center for Information Security
Pop Quiz!!Pop Quiz!!
1. Give one reason why a developer should have a product CC certified.
2. Which EAL offers basic assurance with minimal cost and involvement of the developer?
3. Which EALs are mutually recognized?
University of Tulsa - Center for Information Security
Common Criteria in the Common Criteria in the USUS
• National Information Assurance Partnership (NIAP)– established 1997
– Partnership between NSA and NIST
– Promote the development of technically sound security requirements for IT products and systems and appropriate metrics for evaluating those products and systems
– Common Criteria Evaluation and Validation Scheme (CCEVS)
• NSTISSP No. 11 – Effective July 2002, COTS products must be validated by:
• NIAP CCEVS
• NIST FIPS Cryptomodule Validation Program
University of Tulsa - Center for Information Security
Common Criteria Common Criteria and C&Aand C&A
• 2 Parallel Security Processes:– Certification ad Accreditation (C&A)– Evaluation
• C&A:– Provides information to make a decision about the risk of
operating an information system.
• Evaluation:– Determines whether an information technology product
complies with established standards.– Can be used in the DITSCAP process.
University of Tulsa - Center for Information Security
Common Criteria Common Criteria and C&Aand C&A
• Part of all phases of the DITSCAP process• C4.2.3.2. “When the Phase 2 initial
certification analysis is completed the system should have a documented security specification,” … “COTS and GOTS products used in the system design must be evaluated to ensure that they have been integrated properly and that their functionality meets the security and operational needs of the system.”
» DITSCAP APPLICATION MANUAL
University of Tulsa - Center for Information Security
Pop Quiz!!Pop Quiz!!
1. What does CCEVS stand for?2. What two agencies form the National
Information Assurance Partnership?3. Certification and Accreditation provides
information to make a decision about the _______ of operating an information system.
University of Tulsa - Center for Information Security
Centralized CertifiedCentralized CertifiedProducts ListProducts List
• Centralized Certified Products List (CCPL) is produced to assist in the selection of products that will provide an appropriate level of information security.
• Types of Products:– Firewalls, operating systems, switchs, VPNs, PKI, guards,
biometrics, smart cards, etc.
• Total list can be found at: www.commoncriteria.org
University of Tulsa - Center for Information Security
Evaluated Operating Evaluated Operating SystemsSystems
University of Tulsa - Center for Information Security
Last Pop Quiz!!!Last Pop Quiz!!!
1. If you were going to purchase a security product where could you find the products that had been evaluated by the Common Criteria?
2. Name two types of products that have been evaluated.
University of Tulsa - Center for Information Security
For Further Information For Further Information ……
• Common Criteria: www.commoncriteria.org
• NIAP: http://naip.nist.gov• NSA: www.radium.ncsc.mil• United Kingdom: www.cesg.gov.uk/cchtml
University of Tulsa - Center for Information Security
Questions?Questions?