Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Common Criteria Protection Profiles and the U.S.

advertisement 
Common Criteria Protection Profiles
and
the NSA Strategy for Their Use Within
the U.S. Department of Defense
Louis Giles, NSA
8 November 1999
lgiles@radium.ncsc.mil
CACR Information Security Workshop
Outline
• Common Criteria Protection Profiles (PP’s)
– Structure
– Development Tools
– Examples
• NSA Strategy to Use PP’s for the U.S. DoD
• The U.S. Common Criteria Evaluation Program
Common Criteria Protection Profile (PP)
• High-level expression of desired security
properties (i.e. security environment, security
objectives and security requirements)
• A mechanism to provide Consumers the ability to
specify their security requirements
• Generic so multiple implementations may meet
the stated requirements
• PP represents “I want”
Common Criteria Security Target (ST)
• High-level expression of claimed security
properties
• A mechanism to provide Vendors the ability to
make claims regarding their security products
• Specific to an implementation
• ST represents “I provide”
What’s In a PP
• Security Environment Defined
– The TOE will be used in environments in which no higher than
sensitive but unclassified information is processed, or the
sensitivity level of information in both the internal and external
networks is the same. Firewalls compliant provide access control
policies, extensive auditing and a low level of assurance.
• Secure Usage Assumptions
– Connectivity Assumptions
• Single entry point
– Physical Assumptions
• Control of physical access
– Personnel Assumptions
• Trustworthy Administrator
What’s In a PP (cont.)
• Organizational Security Policies
• Threats to Security
– Threats Addressed by the TOE
• An unauthorized person may gain logical access to TOE
• Lack of audit trail
• Undetected penetration attempts
– Threats to be Addressed by Operating Environment
• Hostile system administrator
• Sophisticated attacks on higher-level protocols
• Security Objectives
• Functional Security Requirements and Assurance
From The Old To the New
• FIPS 140-1, and Orange Book C2, B1, B2, B3, A1
would all be Protection Profiles in Common Criteria
terminology as they state customer requirements
• CC PP’s drafted for C2 (Controlled Access) and B1
(Labeled Security) Operating Systems, Firewalls and
VPN’s
• NSA drafting other PP’s as part of Information
Assurance Technical Framework (IATF)
• NIST project to draft PP for FIPS 140-2
The CC Toolbox
• Information Assurance “TurboTax” design tool for:
– Architects
– System Engineers
– Requirements Activities
• Focused on:
– Application of the CC
– Describing Security Features
– Specifying Security Requirements
– Drafting ST’s and PP’s
• http://cctoolbox.sparta.com
Information Assurance Technical
Framework
• What? A security guidance document developed
by NSA’s ISSO organization with support from
security advocates in government and industry
• Constraints?
– Unclassified
– Published on the Internet
• Primary Coordination forum? Information
Assurance Technical Framework Forum (IATFF)
Expected use of results
• Help government users become wiser
consumers of implementing security solutions
• Assist industry in understanding the
government’s needs and the nature of the desired
solutions to these needs
• Focus Government and Industry investment
resources on the security technology gaps
How does the Framework help
Government users?
• By describing their needs to the industry providers
• By “suggesting” the important characteristics of
security solutions to different classes of problems
• By providing an assessment of the security
technology available on the open market
Security Methodology
National/ Service/Agency
Policies, Regulations,
Standards
Mission Needs
Organizational
Security Policy
Security Countermeasures
Non-Technical
Technical
Risk Assessment
Certification and
Accreditation
Life-Cycle Security
Management
Adversaries, Motivations,
and Attacks
Flow from Policy to Specification
Intel Comm.
DCID 6/3
GIG Policy
GIG IA Policy &
Implementation Guidance
National Policy
NSTISSIC,
NSTISSAM
GIG Architecture
Services, Protocols, etc.
People
NIAP
-Testing
-Evaluation
-Certification
Technology
Operations
Information Assurance Technical Framework
Defend the
Network &
Infrastructure
Defend the
Enclave
Boundary
Defend the
Computing
Environment
Supporting
Infrastructures
KMI/ Detect &
PKI Respond
Executive Summaries, Protection Profiles
DITSCAP
Certification
and
Accreditation
process
How It’s Organized
• Central Change:
Alignment with Defense-In-Depth
NSF
Chapter 5
“Security
Solutions
Framework”
IATF:
Successful Mission Execution
Information Assurance
Defense In Depth Strategy
People
Defend the
Network &
Infrastructure
Technology
Defend the
Enclave
Boundary
Defend the
Computing
Environment
Chapter Chapter Chapter
5
6
7
Operations
Supporting
Infrastructures
KMI/PKI
Detect &
Respond
Chapter
8
Today’s Framework Elements
Information Assurance
Technical Framework (IATF)
IATF Release 2.0, Figure 1-2,
Composition of the IATF
Information
Assurance
Tutorial &
General Guidance
The “Document”
Concise,
Definitive Security
Requirements For
Specific Cases
Appendix F:
Case Specific Guidance
Main Body
Executive
Summaries
Protection
Profiles
Formal
Common Criteria
Documents for
Defining Testable
Requirements
(aka “executive summaries”)
Appendix G:
Protection Profiles
Case Specific Guidance
(aka “Executive Summaries”)
Descriptive Name for the Need
Purpose or Objective
Describe what the user wants the system to do
Describe the problem the system is intended to solve
Target Environment
What the user wants the system to do? What is the problem the system is
intending to solve?
Where does the system operate? How is it used? Diagram of system context
Potential Attacks
How could an adversary harm operations?
What are the information system attacks for which protection is needed?
Security Policies
What are the security objectives that the system must meet? Info domains?
Recommended Approach
What is the conceptual architecture for the system? Where will security
functions be allocated? Diagram of system
Security Functions
What are the security functional requirements for the system? What security
services must the system perform for each information domain?
Assurance Requirements
What is the target Evaluation Assurance Level?
What strength of mechanism is needed?
Interoperability Requirements
What other equipments, systems, or procedures must this system exchange
information with?
Supporting Infrastructure Requirements
What support does the system require from Detect and Respond ? What
support does the system require from the Key Management Infrastructure?
Version Control/Reference Information
When last up-dated?
By who?
Approved by who?
User Situation & Need for
Information Assurance
Solution
Three Kinds of Protection Profiles
• DoD (COTS) Acquisition Protection Profiles
–
–
–
–
Developed To Become Binding Procurement Guidance for DoD
Must Be Achievable with Today’s Technology
May Be Accompanied by Additional Specification Data
Will Be Coordinated DoD-Wide by OSD
– Ultimately “Owned” by OASD(C3I)
• Technology Goal Protection Profiles
– Developed To Influence Development of New Technology
– Focused on Future Needs or Implementations
– “Owned” by NSA
• Specific Need Protection Profiles
– Developed In Response to a Customer’s Specific Need
– Subject to Customer Approval
– “Owned” by the Customer
IATF Status
• Version 1.1 (NSF) - Dec 98
• Version 2.0 (align w/D-I-D)
published Sep 99
• Comment at:
www.iatf.net
(nsff.org)
• Appendices F & G
Information Assurance Technical
Framework Forum (IATFF)
• An NSA sponsored forum to foster dialog amongst
U.S. Government agencies and U.S. Citizens
representing U.S. Industry regarding solutions to
network security problems
• Session every 6 weeks
• Maritime Institute, Linthicum, MD
• Admission is free. Advance registration required
IATFF Information
• Internet WEB site
– Announcements, agenda, minutes, briefing charts
– IATF Document (HTML,PDF, MS WORD & ZIP)
– On-Line Registration (Forum and Sessions)
– SSL and Password protected
– www.nsff.org --> now: www.iatf.net
– Registrar:
John Niemczuk, Booz•Allen & Hamilton Inc.
niemczuk_john@bah.com, 410-684-6246
NIAP - A NIST/NSA
Partnership Focusing On:
• Common Criteria related activities
• Accreditation and support of private sector
CC-based evaluation laboratories
• Development of Protection Profiles
• Establishing mutual recognition of CC-based
evaluations
• Government-industry partnerships
Common Criteria Evaluation and
Validation Scheme (CCEVS)
• Major National Information Assurance Partnership
(NIAP) program initiative
• Targeted to begin in Fall 1999
• Testing based upon Common Criteria (CC) and
Common Evaluation Methodology
• Tests performed by accredited commercial labs
• Results posted on NIAP Validated Products List
(www.niap.nist.gov)
Related documents
VoIP Security in DoD
VoIP Security in DoD
Quality Review and Assurance Committee Terms of Reference
Quality Review and Assurance Committee Terms of Reference
UM Case Study - MOR Associates
UM Case Study - MOR Associates
975 Senior Director Quality – Global, MA
975 Senior Director Quality – Global, MA
Abstract
Abstract
Kursguide - Course Syllabus
Kursguide - Course Syllabus
quality management plan
quality management plan
Chapter 16 – Multiple Choice Type Questions
Chapter 16 – Multiple Choice Type Questions
November-Section 2012
November-Section 2012
QUALITY ASSURANCE FINAL PROJECT – CASE STUDY
QUALITY ASSURANCE FINAL PROJECT – CASE STUDY
a GAO INFORMATION ASSURANCE
a GAO INFORMATION ASSURANCE
Building the Guatemalan Interagency Task Force Tecún Umán
Building the Guatemalan Interagency Task Force Tecún Umán
Download
advertisement