1 / 18

František VOSEJPKA S. ICZ a.s. June 5, 2005

Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005. František VOSEJPKA S. ICZ a.s. June 5, 2005. Introduction. The security design of an IS handling classified information requires:. usage of Common Criteria (CC)

Download Presentation

František VOSEJPKA S. ICZ a.s. June 5, 2005

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Practical IS security design in accordance with Common CriteriaSecurity and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005

  2. Introduction The security design of an IS handling classified information requires: • usage of Common Criteria (CC) • compliance with Higher Level Security Policy • legal requirements / principles (CZ Act #148/98) • organization security requirements • Life Cycle Definition of the entire IS(planning, development, implementation, approval, operation, further development and withdrawal) • solution of respective Security Areas(personal security, physical security, cryptographic information protection, administrative security and organizational measures) • Certification / Approval to operate

  3. Preliminary/Expert IS Security Design and Risk Analysis • Identify the scope of the IS • an existing IS or • newly designed IS(with preliminary or expert security architecture) • The IS architecture should be based on • User Operational Requirements • Security Requirements • Risk Analysis(assets, threats, vulnerabilities, countermeasures, …)

  4. Example

  5. IS Security Design • the IS Security Design is made within the structure prescribed for the Security Target by CC; • the Design follows the risk analysis results; • threats must be covered by the CC requirements and additional higher level security policy requirements; • separate security requirements for the TCB and border devices; • for each security technology determine a consistent range of security functional and security assurance requirements; • necessary IT products conforming to the set requirements may be chosen on the market or developed. The “IS Security Design” as such must include the necessary security requirements and be eligible for evaluation. This implies:

  6. IS Description - Security Objectives Assumptions, Organizational Security Policies, Threats to Security… IT Security Objectives

  7. IS Description - Security Objectives Non-IT Security Objectives

  8. IS Description - Security Objectives Objectivesof IS Security Environment

  9. IS Security Functional Requirements (SFR) IS Security Functional Requirements

  10. IS Security Functional Requirements (SFR) IS Internal Security Environment Requirements

  11. IS Security Assurance Requirements (SAR) The security assurance requirements should be established differently for each IT product: • TCB - EAL3 suffices for IT in an IS with “system-high” security mode of operation; • Antivirus – selected on the basis of practical operational experience, i.e. reliability and good performance in terms of prevention, detection and remediation; • Border – EAL is required for border security devices and components depending on the level of the ISs being interconnected (EAL4 for Restricted and Limited levels); • Crypto – • The products used for cryptographic protection of classified information requires appropriate NSA certificate; • Good and strong commercial crypto device or SW suffice for cryptographic protection of the LIMITED information.

  12. IS Specification Summary IS Security Functions- Locations of Security Mechanisms on HW components X – Security mechanism is located on the computer

  13. IS Specification Summary - Allocation of Functional Requirements to Security Mechanisms

  14. IS Specification Summary - Security Assurance Requirements mapping (the same way as Functional Requirements in the previous chart) • Measures for realization of IS Security Assurance Requirements • EAL3 requirements are applied to W2K (actually W2K complies with EAL4 Augmented) • EAL3 requirements are applied to the IS environment • EAL4 requirements are applied to the DA, CG and SSB special SW • The additional requirements are applied to the certified crypto-device and a commercial crypto-device

  15. Rationale The rationale demonstrates the completeness of the security target implementation. • all threats and organizational policies have been covered by at least one IT, non-IT or environment Security Objective, and these are sufficient to deal with them; • all Security Objectives (for IT, non-IT and environment) have been covered by the Security Functional Requirements (SFR) and the Security Assurance Requirements (SAR); • the SFR and the SAR are capable of covering the requirements for overall IS security. The rationale includes commercial certified and non-certified components, newly developed components and those for the cryptographic protection; The last section provides a review of Vulnerabilities and the level of Residual Threats which they are exposed to.

  16. Selection and Development of Products for IS IS implementation requires products which comply with the above specified SFR and SAR • Selection of commercial products • the Security Target and a Certificate • the certificate is not required for products with lower demands for guarantees (reliable products verified by practice) • Development of new products • on the basis of written document “Requirements for Product Development” The Certification Authority issues a certificate for the entire IS on the basis of the test results and the evaluation of all the IS security components.

  17. Conclusion The solution presented in this article suggests possible procedures in using the Common Criteria when designing a complex IS. This procedure makes it possible to break down the overall security requirements into partial domains and technologies and shows the way to the development of necessary secure IT products.

  18. Thank you for attention František VOSEJPKA CIS Security consultant S.ICZ a.s. E-mail: frantisek.vosejpka@i.cz

More Related