350 likes | 360 Views
This presentation discusses the evolving criteria for information security products, including security objectives, security techniques, security tradeoffs, and achieving security evaluation criteria.
E N D
Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA
SECURITY OBJECTIVES SECRECY (CONFIDENTIALITY) AVAILABILITY (DENIAL OF SERVICE) INTEGRITY
Prevention access control Detection auditing Tolerance practicality SECURITY TECHNIQUES good prevention and detection both require good authentication as a foundation
SECURITY TRADEOFFS SECURITY COST FUNCTIONALITY EASE OF USE
Policy what? Mechanism how? Assurance how well? ACHIEVING SECURITY
EVALUATION CRITERIA SECURITY TARGET Policy Assurance PRODUCT Mechanism ??
| | | | | | | | | | | | 1985 1990 1995 CRITERIA DATES USAORANGE BOOK 3.0| 1.0| 2.0| | Canadian CTCPEC UK, Germany | | France 1.0| 1.2| European Community ITSEC 1.0| US Federal Criteria Common Criteria
USA ORANGE BOOK UK Germany France Canada European Community ITSEC Federal Criteria DRAFT Common Criteria PROPOSED CRITERIA RELATIONSHIPS
DRIVING FACTORS INTERNATIONAL COMPUTER MARKET TRENDS COMPATIBILITY WITH EXISTING CRITERIA COMMON CRITERIA & PRODUCT EVALUATION SYSTEM SECURITY CHALLENGES OF THE 90'S MUTUAL RECOGNITION OF EVALUATIONS
ORANGE BOOK USA ORANGE BOOK UK Germany France Canada European Community ITSEC Federal Criteria DRAFT Common Criteria PROPOSED
A1 Verified Design B3 Security Domains B2 Structured Protection B1 Labeled Security Protection C2 Controlled Access Protection C1 Discretionary Security Protection D Minimal Protection ORANGE BOOK CLASSES HIGH SECURITY NO SECURITY
C1, C2 Simple enhancement of existing systems. No breakage of applications B1 Relatively simple enhancement of existing systems. Will break some applications. B2 Relatively major enhancement of existing systems. Will break many applications. B3 Failed A1 A1 Top down design and implementation of a new system from scratch ORANGE BOOK CLASSESUNOFFICIAL VIEW
ORANGE BOOK CRITERIA SECURITY POLICY ACCOUNTABILITY ASSURANCE DOCUMENTATION
C1 C2 B1 B2 B3 A1 Discretionary Access Control + + + Object Reuse + Labels + + Label Integrity + Exportation of Labeled Information + Labeling Human-Readable Output + Mandatory Access Control + + Subject Sensitivity Labels + Device Labels + SECURITY POLICY • added requirement
C1 C2 B1 B2 B3 A1 Identification and Authentication + + + Audit + + + + Trusted Path + + ACCOUNTABILITY • added requirement
C1 C2 B1 B2 B3 A1 System Architecture + + + + + System Integrity + Security Testing + + + + + + Design Specification and Verification + + + + Covert Channel Analysis + + + Trusted Facility Management + + Configuration Management + + Trusted Recovery + Trusted Distribution + ASSURANCE • added requirement
C1 C2 B1 B2 B3 A1 Security Features User's Guide + Trusted Facility Manual + + + + + Test Documentation + + + DesignDocumentation + + + + DOCUMENTATION • added requirement
Does not address integrity or availability Combines policy and assurance in a single linear rating scale Mixes policy and mechanism Mixes policy and assurance ORANGE BOOK CRITICISMS
p o l i c y B3 A1 B2 B1 C2 C1 assurance POLICY VS ASSURANCE
EUROPEAN ITSEC USA ORANGE BOOK UK Germany France Canada European Community ITSEC Federal Criteria DRAFT Common Criteria PROPOSED
EVALUATION ASSURANCE POLICY or FUNCTIONALITY EFFECTIVENESS CORRECTNESS POLICY ASSURANCE UNBUNDLING
Open ended Orange Book classes are grand-fathered in Some new classes are identified POLICY IN ITSEC
ITSEC ORANGE BOOK F-C1 C1 F-C2 C2 F-B1 B1 F-B2 B2 F-B3 B3 ORANGE BOOK POLICYGRAND-FATHERING
ITSEC OBJECTIVE F-IN High Integrity Requirements F-AV High Availability Requirements F-DI High Data Integrity during Data Exchange F-DC High Data Confidentiality during Data Exchange F-DX Networks with High Confidentiality and Integrity ITSEC NEW POLICIES others can be defined as needed
CONSTRUCTION Suitability Analysis Binding Analysis Strength of Mechanism Analysis List of Known Vulnerabilities in Construction OPERATION Ease of Use Analysis List of Known Vulnerabilities in Operational Use ASSURANCE: EFFECTIVENESS
ITSEC ORANGE BOOK (very roughly) E0 D E1 C1 E2 C2 E3 B1 E4 B2 E5 B3 E6 A1 ASSURANCE: CORRECTNESS
US DRAFT FEDERAL CRITERIA USA ORANGE BOOK UK Germany France Canada European Community ITSEC Federal Criteria DRAFT Common Criteria PROPOSED
Canada TPEP Orange Book EC ITSEC NIST/NSA Joint Work Commercial & Independent Initiatives NIST’s IT Security Requirements Study Integrity Research NRC Report "GSSP" “Minimum Security Functionality Requirements” (MSFR) Federal Criteria for IT Security Advances inTechnology INFLUENCES ON FEDERAL CRITERIA
ITSEC EVALUATION SECURITY TARGET Policy Assurance PRODUCT Mechanism ??
FEDERAL CRITERIA EVALUATION Policy Assurance PROTECTION PROFILE SECURITY TARGET ?? Policy Assurance Customer Supplied PRODUCT Mechanism ?? Vendor Supplied
PROTECTION PROFILE STRUCTURE PROTECTION PROFILE Descriptive Elements Section Product Rationale Section Functional Requirements Section Development Assurance Requirements Section Evaluation Assurance Requirements Section
Protection Profile Evaluation 1 PPA Registry of ... Protection Profiles PP1 PP2 PPn (PP) Evaluation 2 Security Target (ST) ST ST pp1 ppn Evaluation 3 Product 1 Product n PPA = Protection Profile Analysis FROM PROFILE TO PRODUCT
TOWARDS A COMMON CRITERIA USA ORANGE BOOK UK Germany France Canada Federal Criteria DRAFT European Community ITSEC Common Criteria PROPOSED
COMMON CRITERIA PLAN ITSEC 1.2 Usage & Reviews 1994: initial target 1996: more likely EC-NA Alignment ----- “Common Criteria” Canada CTCPEC 3.0 CC Editorial Board Usage & Reviews “Orange Book” Usage FedCrit 1.0 Joint Technical Groups ISO SC27 WG3 Public Comment
Complexities of the open distributed computing and management environments (including use of crypto in conjunction with COMPUSEC) “Systems” and composability Problems Trusted applications development and evaluation methods, including high integrity and high availability systems Guidance on using IT security capabilities cost effectively in commercial environments Speedy but meaningful product and system evaluations, and evaluation rating maintenance CHALLENGES THAT REMAIN