1 / 35

Title Slide

Title Slide. EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA. SECURITY OBJECTIVES. SECRECY (CONFIDENTIALITY). AVAILABILITY (DENIAL OF SERVICE). INTEGRITY. Prevention access control Detection auditing

aldon
Download Presentation

Title Slide

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA

  2. SECURITY OBJECTIVES SECRECY (CONFIDENTIALITY) AVAILABILITY (DENIAL OF SERVICE) INTEGRITY

  3. Prevention access control Detection auditing Tolerance practicality SECURITY TECHNIQUES good prevention and detection both require good authentication as a foundation

  4. SECURITY TRADEOFFS SECURITY COST FUNCTIONALITY EASE OF USE

  5. Policy what? Mechanism how? Assurance how well? ACHIEVING SECURITY

  6. EVALUATION CRITERIA SECURITY TARGET Policy Assurance PRODUCT Mechanism ??

  7. | | | | | | | | | | | | 1985 1990 1995 CRITERIA DATES USAORANGE BOOK 3.0| 1.0| 2.0| | Canadian CTCPEC UK, Germany | | France 1.0| 1.2| European Community ITSEC 1.0| US Federal Criteria Common Criteria

  8. USA ORANGE BOOK UK Germany France Canada European Community ITSEC Federal Criteria DRAFT Common Criteria PROPOSED CRITERIA RELATIONSHIPS

  9. DRIVING FACTORS INTERNATIONAL COMPUTER MARKET TRENDS COMPATIBILITY WITH EXISTING CRITERIA COMMON CRITERIA & PRODUCT EVALUATION SYSTEM SECURITY CHALLENGES OF THE 90'S MUTUAL RECOGNITION OF EVALUATIONS

  10. ORANGE BOOK USA ORANGE BOOK UK Germany France Canada European Community ITSEC Federal Criteria DRAFT Common Criteria PROPOSED

  11. A1 Verified Design B3 Security Domains B2 Structured Protection B1 Labeled Security Protection C2 Controlled Access Protection C1 Discretionary Security Protection D Minimal Protection ORANGE BOOK CLASSES HIGH SECURITY NO SECURITY

  12. C1, C2 Simple enhancement of existing systems. No breakage of applications B1 Relatively simple enhancement of existing systems. Will break some applications. B2 Relatively major enhancement of existing systems. Will break many applications. B3 Failed A1 A1 Top down design and implementation of a new system from scratch ORANGE BOOK CLASSESUNOFFICIAL VIEW

  13. ORANGE BOOK CRITERIA SECURITY POLICY ACCOUNTABILITY ASSURANCE DOCUMENTATION

  14. C1 C2 B1 B2 B3 A1 Discretionary Access Control + + + Object Reuse + Labels + + Label Integrity + Exportation of Labeled Information + Labeling Human-Readable Output + Mandatory Access Control + + Subject Sensitivity Labels + Device Labels + SECURITY POLICY • added requirement

  15. C1 C2 B1 B2 B3 A1 Identification and Authentication + + + Audit + + + + Trusted Path + + ACCOUNTABILITY • added requirement

  16. C1 C2 B1 B2 B3 A1 System Architecture + + + + + System Integrity + Security Testing + + + + + + Design Specification and Verification + + + + Covert Channel Analysis + + + Trusted Facility Management + + Configuration Management + + Trusted Recovery + Trusted Distribution + ASSURANCE • added requirement

  17. C1 C2 B1 B2 B3 A1 Security Features User's Guide + Trusted Facility Manual + + + + + Test Documentation + + + DesignDocumentation + + + + DOCUMENTATION • added requirement

  18. Does not address integrity or availability Combines policy and assurance in a single linear rating scale Mixes policy and mechanism Mixes policy and assurance ORANGE BOOK CRITICISMS

  19. p o l i c y B3 A1 B2 B1 C2 C1 assurance POLICY VS ASSURANCE

  20. EUROPEAN ITSEC USA ORANGE BOOK UK Germany France Canada European Community ITSEC Federal Criteria DRAFT Common Criteria PROPOSED

  21. EVALUATION ASSURANCE POLICY or FUNCTIONALITY EFFECTIVENESS CORRECTNESS POLICY ASSURANCE UNBUNDLING

  22. Open ended Orange Book classes are grand-fathered in Some new classes are identified POLICY IN ITSEC

  23. ITSEC ORANGE BOOK F-C1 C1 F-C2 C2 F-B1 B1 F-B2 B2 F-B3 B3 ORANGE BOOK POLICYGRAND-FATHERING

  24. ITSEC OBJECTIVE F-IN High Integrity Requirements F-AV High Availability Requirements F-DI High Data Integrity during Data Exchange F-DC High Data Confidentiality during Data Exchange F-DX Networks with High Confidentiality and Integrity ITSEC NEW POLICIES others can be defined as needed

  25. CONSTRUCTION Suitability Analysis Binding Analysis Strength of Mechanism Analysis List of Known Vulnerabilities in Construction OPERATION Ease of Use Analysis List of Known Vulnerabilities in Operational Use ASSURANCE: EFFECTIVENESS

  26. ITSEC ORANGE BOOK (very roughly) E0 D E1 C1 E2 C2 E3 B1 E4 B2 E5 B3 E6 A1 ASSURANCE: CORRECTNESS

  27. US DRAFT FEDERAL CRITERIA USA ORANGE BOOK UK Germany France Canada European Community ITSEC Federal Criteria DRAFT Common Criteria PROPOSED

  28. Canada TPEP Orange Book EC ITSEC NIST/NSA Joint Work Commercial & Independent Initiatives NIST’s IT Security Requirements Study Integrity Research NRC Report "GSSP" “Minimum Security Functionality Requirements” (MSFR) Federal Criteria for IT Security Advances inTechnology INFLUENCES ON FEDERAL CRITERIA

  29. ITSEC EVALUATION SECURITY TARGET Policy Assurance PRODUCT Mechanism ??

  30. FEDERAL CRITERIA EVALUATION Policy Assurance PROTECTION PROFILE SECURITY TARGET ?? Policy Assurance Customer Supplied PRODUCT Mechanism ?? Vendor Supplied

  31. PROTECTION PROFILE STRUCTURE PROTECTION PROFILE Descriptive Elements Section Product Rationale Section Functional Requirements Section Development Assurance Requirements Section Evaluation Assurance Requirements Section

  32. Protection Profile Evaluation 1 PPA Registry of ... Protection Profiles PP1 PP2 PPn (PP) Evaluation 2 Security Target (ST) ST ST pp1 ppn Evaluation 3 Product 1 Product n PPA = Protection Profile Analysis FROM PROFILE TO PRODUCT

  33. TOWARDS A COMMON CRITERIA USA ORANGE BOOK UK Germany France Canada Federal Criteria DRAFT European Community ITSEC Common Criteria PROPOSED

  34. COMMON CRITERIA PLAN ITSEC 1.2 Usage & Reviews 1994: initial target 1996: more likely EC-NA Alignment ----- “Common Criteria” Canada CTCPEC 3.0 CC Editorial Board Usage & Reviews “Orange Book” Usage FedCrit 1.0 Joint Technical Groups ISO SC27 WG3 Public Comment

  35. Complexities of the open distributed computing and management environments (including use of crypto in conjunction with COMPUSEC) “Systems” and composability Problems Trusted applications development and evaluation methods, including high integrity and high availability systems Guidance on using IT security capabilities cost effectively in commercial environments Speedy but meaningful product and system evaluations, and evaluation rating maintenance CHALLENGES THAT REMAIN

More Related