Professional Documents
Culture Documents
Title
Slide
CRITERIA FOR
INFORMATION SECURITY
PRODUCTS
Ravi Sandhu
George Mason University
Fairfax, Virginia
USA
SECURITY OBJECTIVES
SECRECY
(CONFIDENTIALITY)
INTEGRITY
AVAILABILITY
(DENIAL OF SERVICE)
SECURITY TECHNIQUES
Prevention
access control
Detection
auditing
Tolerance
practicality
good
goodprevention
prevention and
and detection
detection both
both require
require
good
good authentication
authentication as
asaafoundation
foundation
SECURITY TRADEOFFS
SECURITY
COST
FUNCTIONALITY
EASE OF USE
ACHIEVING
SECURITY
Policy
what?
Mechanism
how?
Assurance
how well?
EVALUATION CRITERIA
SECURITY TARGET
Policy
PRODUCT
Assurance
??
Mechanism
CRITERIA DATES
USA
ORANGE BOOK
|
1.0
|
UK, Germany |
3.0
|
2.0
|
Canadian CTCPEC
| France
1.0
|
1.2
|
1.0
|
US Federal Criteria
Common Criteria
|
1985
|
1990
|
1995
CRITERIA RELATIONSHIPS
USA ORANGE BOOK
UK
Germany
European
Community
ITSEC
France
Federal Criteria
DRAFT
Common Criteria
PROPOSED
Canada
DRIVING FACTORS
INTERNATIONAL
COMPUTER
MARKET
TRENDS
COMPATIBILITY
WITH EXISTING
CRITERIA
COMMON
CRITERIA
&
PRODUCT
EVALUATION
MUTUAL
RECOGNITION
OF EVALUATIONS
SYSTEM
SECURITY
CHALLENGES
OF THE
90'S
10
ORANGE BOOK
USA ORANGE BOOK
UK
Germany
European
Community
ITSEC
France
Federal Criteria
DRAFT
Common Criteria
PROPOSED
Canada
11
NO SECURITY
A1
Verified Design
B3
Security Domains
B2
Structured Protection
B1
C2
C1
Minimal Protection
12
B1
B2
B3
Failed A1
A1
13
ORANGE BOOK
CRITERIA
SECURITY POLICY
ACCOUNTABILITY
ASSURANCE
DOCUMENTATION
14
SECURITY POLICY
C1
Discretionary Access Control
Object Reuse
Labels
Label Integrity
Exportation of Labeled Information
Labeling Human-Readable Output
Mandatory Access Control
Subject Sensitivity Labels
Device Labels
C2
+
B1
+
+
added requirement
B2
B3
+
+
+
+
+
+
+
+
A1
+
15
ACCOUNTABILITY
C1
Identification and Authentication
Audit
Trusted Path
C2
+
B1
+
+
added requirement
B2
+
+
B3
A1
+
+
+
+
16
ASSURANC
E
C1
System Architecture
System Integrity
Security Testing
Design Specification and Verification
Covert Channel Analysis
Trusted Facility Management
Configuration Management
Trusted Recovery
Trusted Distribution
C2
+
+
+
B1
+
B2
+
B3
+
A1
+
+
+
+
+
+
+
+
+
+
+
+
added requirement
+
+
+
+
+
+
17
DOCUMENTATION
C1
Security Features User's Guide
Trusted Facility Manual
Test Documentation
DesignDocumentation
C2
+
+
+
+
B1
B2
B3
A1
+
+
+
added requirement
18
19
POLICY VS ASSURANCE
p
o
l
i
c
y
B3 A1
B2
B1
C2
C1
assurance
20
EUROPEAN
ITSEC
USA ORANGE BOOK
UK
Germany
European
Community
ITSEC
France
Federal Criteria
DRAFT
Common Criteria
PROPOSED
Canada
21
POLICY
or
FUNCTIONALITY
ASSURANCE
EFFECTIVENESS
CORRECTNESS
22
POLICY IN ITSEC
Open ended
Orange Book classes are grand-fathered in
Some new classes are identified
23
ORANGE BOOK
F-C1
C1
F-C2
C2
F-B1
B1
F-B2
B2
F-B3
B3
24
OBJECTIVE
F-IN
F-AV
F-DI
F-DC
F-DX
25
ASSURANCE:
EFFECTIVENESS
CONSTRUCTION
Suitability Analysis
Binding Analysis
Strength of Mechanism Analysis
List of Known Vulnerabilities in Construction
OPERATION
Ease of Use Analysis
List of Known Vulnerabilities in Operational Use
26
ASSURANCE:
CORRECTNESS
ITSEC
E0
E1
C1
E2
C2
E3
B1
E4
B2
E5
B3
E6
A1
27
UK
Germany
European
Community
ITSEC
France
Federal Criteria
DRAFT
Common Criteria
PROPOSED
Canada
28
EC
ITSEC
Canada
TPEP
Federal
Criteria
for
IT Security
Integrity Research
NRC Report
"GSSP"
Minimum Security
Functionality Requirements
(MSFR)
Advances in
Technology
Orange
Book
29
ITSEC EVALUATION
SECURITY TARGET
Policy
PRODUCT
Assurance
??
Mechanism
30
PROTECTION
PROFILE
SECURITY
TARGET
Assurance
PRODUCT
Mechanism
Policy
Assurance
??
Customer
Supplied
??
Vendor
Supplied
31
PROTECTION PROFILE
STRUCTURE
PROTECTION PROFILE
Descriptive
Elements
Section
Product
Rationale
Section
Functional
Requirements
Section
Development
Assurance
Requirements
Section
Evaluation
Assurance
Requirements
Section
32
Registry of
Protection Profiles
(PP)
PP1 PP2
Security Target
(ST)
ST
pp1
Product 1
PPA = Protection Profile Analysis
...
PPn
ST
ppn
Product n
Evaluation 1
Evaluation 2
Evaluation 3
33
UK
Germany
European
Community
ITSEC
France
Federal Criteria
DRAFT
Common Criteria
PROPOSED
Canada
34
ITSEC
1.2
Usage &
Reviews
Canada
CTCPEC
3.0
Orange
Book
Usage
FedCrit
1.0
Public
Comment
Joint
Technical
Groups
EC-NA
EC-NA
Alignment
Alignment
--------Common
Common
Criteria
Criteria
ISO
SC27
WG3
35