1 / 13

Common Criteria V3 Overview

Common Criteria V3 Overview. Presented to P2600 October 25 2005 Brian Smithson. What have they done!?. Summary Conceptual model Structural changes. Summary of changes. Part 1 More consistent terminology introduced

yuki
Download Presentation

Common Criteria V3 Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Common Criteria V3 Overview Presented to P2600 October 25 2005 Brian Smithson

  2. What have they done!? • Summary • Conceptual model • Structural changes

  3. Summary of changes • Part 1 • More consistent terminology introduced • Changes in the ASE (Security Target Evaluation) and APE (Protection Profile Evaluation) assurance classes • Part 2 • Complicated terms simplified or removed • Concepts simplified and clarified • Underlying model developed • Reduced 11 classes to 6, 67 families to 45, 354 pages to 130

  4. Summary (2) • Part 3 • ASE and APE reorganized and rewritten to give a higher assurance-to-work ratio • ACM/ADO/AGD/ALC classes rearranged with clearer purpose into ALC and AGD • ADV also gives more assurance for less work • ATE updated to reflect the new ADV • ABA merged Strength of Function (SOF) with Vulnerability Analysis (VLA), and merged Misuse (MSU) into AGD • A new class, ACO, deals with composition

  5. Summary (3) • CEM • New CEM is presented according to class, not EAL, and methodology is provided for all components up to EAL5 • EAL1 is now easier • You can do a “low assurance level” PP and ST • Just do SFRs, SARs, no Security Problem Definition

  6. Conceptual model • Security in the operational environment • Security in the development environment • Evaluation

  7. Security in the operational environment • Assets in the operational environment are defined in terms of value to the owners • Key factors: • Risk • Countermeasures

  8. How are these countermeasures evaluated? • Countermeasures must be: • Sufficient (in conjunction with countermeasures in the operational environment) to counter the threats • Correct in that they don’t contain vulnerabilities which could prevent it from working

  9. Sufficiency of the TOE • Starts with a Security Problem Definition: • Assets and threats to those assets • Relevant Organizational Security Policies • Relevant Assumptions about the operational environment • Describe a partwise solution • Solution provided by the TOE • Solution provided by the operational environment • The parts provided by the TOE are Security Functional Requirements (SFRs) • The collection of SFRs is the TOE Security Policy (TSP) • A TOE which fulfills the TSP is sufficient, as long as the TOE has been correctly designed and implemented

  10. Security in the development environment • Correctness of implementation depends on the development environment • Assets in the development environment are defined in terms of value to the developers

  11. Correctness of the TOE implementation • Starts with a Security Problem Definition • Assets (in the development environment) and threats to those assets • Relevant Organizational Security Policies that apply to the development environment • Solutions to the problem are Security Assurance Requirements (SARs) • If all SARs are met, then there is assurance that the TOE is implemented correctly

  12. Evaluation model • Key concepts: • Risk • Countermeasures • Assurance

  13. Structural changes

More Related