CC overview

advertisement
Background
1985
TCSEC
USA
1991
ITSEC
Europe
(France, Germany,
Netherlands, UK)
1993
CTCPEC
Canada
1993
FC(draft)
USA
History
June 1993
January 1996
All collaborate on
Common Criteria
Version 1.0
October 1997
Version 2.0 Beta
June 1999
ISO 15408/version 2.1
TCSEC Issues
• non-standard
• inflexible
• not scalable
The Global Information Grid (GIG)
and the Common Criteria (CC)
Global Information Grid
•Clinger-Cohen Act of 1996 (reference (d)) and
Title 10, U.S.C., Section 2223 (reference (a))
•All DoD and Intelligence Community Computers
Information Assurance G&PM:
5.2.20. Consult the IA Technical Framework (IATF) and published
Common Criteria (CC) Protection Profiles for guidance regarding common
classes of network and system attacks, interoperability and compatibility with
the defense-in-depth strategy, and IA solutions that should be considered to
counter attacks.
5.2.21. Acquire IA solutions that have been evaluated using the Common
Criteria Evaluation and Validation Scheme based on the National Information
Assurance Program (NIAP) process.
NIAP - Collaboration between NIST and NSA for security evaluation
Common Criteria Sections
I.
Introduction and General Model
II.
Security Functional Requirements
III. Security Assurance Requirements
I.
Introduction and General Model
• Defines general concepts and principals of
IT security evaluation.
• Provides constructs for defining and
selecting security objectives
• Provides guidelines for writing high-level
specifications
II. Security Functional Requirements
• Provides functional components
III. Security Assurance Requirements
• Provides assurance requirements
• Evaluation Criteria of PP and ST
• Provides evaluation levels with a predefined
scale (EAL’s)
Common Criteria
I. Introduction and General Model
I. Introduction and General Model
DefinitionsTarget of Evaluation (TOE) — An IT product or
system and its associated administrator and user guidance
documentation that is the subject of an evaluation.
Protection Profile (PP) — An implementation-independent
set of security requirements for a category of TOEs that meet
specific consumer needs.
Security Target (ST) — A set of security requirements and
specifications to be used as the basis for evaluation of an
identified TOE.
I. Introduction and General Model
Protection Profiles
• Operating System
• Firewall
• Database
• Smart Card
• etc.
I. Introduction and General Model
Security Targets
• NT 4.0
• Oracle 8
• Checkpoint-1
• Visa SmartCard
• etc.
Requirements Structure
•Class
•Family
•leveling-specifies if components are hierarchic
•Component
•dependencies-other components that are relied
upon
Requirements Structure
CLASS_FAMILY.Component
Class FIA-Identification and authentication
Family FIA_UID-User Identification
Component FIA_UID.1-Timing of Identification
Common Criteria
II. Security Functional Requirements
II. Security Functional Requirements
Hierarchy of Security Functional Requirements
Level
Class
Example
Family
Cryptographic Key Management
Component
Cryptographic Key Generation
Cryptographic Support
II. Security Functional Requirements
Security Functional Component
•Dependencies
-Components rely on other components for satisfaction
•Operations
-Iteration
-Assignment:
FAU_ARP.1.1 The TSF shall take [assignment: list of the least disruptive actions]
upon detection of a potential security violation.
-Selection:
FAU_GEN.1.1 The TSF shall be able to generate an audit record of the following
auditable events:
a) Start-up and shutdown of the audit functions;
b) All auditable events for the [selection: minimum, basic, detailed, not
specified] level of audit;
-Refinement
II. Security Functional Requirements
Security Functional Classes
Class
Name
FAU
FCO
FCS
FDP
FIA
FMT
FPR
FPT
FRU
FTA
FTP
Audit
Communications
Cryptographic Support
User Data Protection
Identification & Authentication
Security Management
Privacy
Protection of TOE Security Functions
Resource Utilization
TOE Access
Trusted Path / Channels
Common Criteria
III. Security Assurance Requirements
III. Security Assurance Requirements
DefinitionsPackage — A reusable set of either functional or assurance
components (e.g. an EAL), combined together to satisfy a set
of identified security objectives.
Evaluation Assurance Level (EAL) — A package
consisting of assurance components from Part 3 that
represents a point on the CC predefined assurance
scale.
III. Security Assurance Requirements
Hierarchy of Security Assurance Requirements
Level
Class
Example
Family
Delivery
Component
Detection of modification
Delivery and Operation
III. Security Assurance Requirements
Security Assurance Classes
Class Name
ACM
ADO
ADV
AGD
ALC
ATE
AVA
APE
ASE
AMA
Configuration Management
Delivery & Operation
Development
Guidance Documents
Life Cycle Support
Tests
Vulnerability Assessment
Protection Profile Evaluation
Security Target Evaluation
Maintenance of Assurance
III. Security Assurance Requirements
Evaluation Assurance Levels
EAL Level
Rough TCSEC
equivalent
Features
EAL1
N/A
Functionally tested
EAL2
C1
Structurally tested
Good commercial practice
EAL3
C2
Methodically tested
Proactive security design
EAL4
B1
EAL5
B2
EAL6
B3
EAL7
A1
Methodically designed, tested, and checked
Maximum assurance without specialized knowledge
Likely maximum for security retrofit
Semiformally designed and tested
Includes covert channel analysis
Development environment controls
Semiformally verified design and tested
Structured development process
Modular and layered design
Formally verified design
Current Certified Protection Profiles
• C2 =Controlled Access Protection Profile (Version 1.d)
• B1=Labeled Security Protection Profile (Version 1.b)
• Traffic Filter Firewall Protection Profile for Low Risk
Environments (Version 1.d)
Controlled Access Protection Profile
(CAPP)
• Version 1.d
• Written by NSA
• Designed to replace C2
C2 vs CAPP
C2
Sections
CAPP Sections
2.2.1
2.2.2
2.2.2.1
Security Policy
Accountability
Identification and
Authorization
Audit
5.2
User Data Policy
5.3
5.1
Identification and
Authorization
Security Audit
Operational Assurance
5.5.1
5.5.3
Abstract Machine Testing
Domain Seperation
Life-Cycle Assurance
Documentation
Security Feature User's
Guide
Trusted Facility Manual
Test Documentation
Design Documentation
6.6.3
Functional Testing
6.4.2
User Guidance
6.4.1
6.6
6.3
Administrator Guidance
Security Testing
Development
2.2.2.2
2.2.3
2.2.3.1
2.2.3.2
2.2.4
2.2.4.1
2.2.4.2
2.2.4.3
2.2.4.4
Assurance
New Items in CAPP
5.1 Security Audit-lists 19 auditable events
•All modifications to the values of security attributes
•Actions taken due to audit storage failure
5.3.2 Strength of Authentication Data
•Single guess has less than 1/1,000,000 chance
•Multiple attempts in one minute have less than
1/100,000 chance
5.4 Security Management-specifies
requirements and roles.
6.2 Delivery and Operation
Labeled Security Protection Profile
(LSPP)
• Version 1.b
• Developed by NSA
• Designed to replace B1
B1 vs LSPP
B1
Section
LSPP
Section
5.2
User Data Policy
5.3
5.1
Identification and
Authorization
Security Audit
3.1.3.1 Operational Assurance
5.5.1
5.5.3
Abstract Machine Testing
Domain Seperation
3.1.3.2 Life-Cycle Assurance
3.1.4
Documentation
3.1.4.1 Security Feature User's
Guide
3.1.4.2 Trusted Facility Manual
3.1.4.3 Test Documentation
3.1.4.4 Design Documentation
6.6.3
Functional Testing
6.4.2
User Guidance
6.4.1
6.6
6.3
Administrator Guidance
Security Testing
Development
2.1.1
Security Policy
3.1.2
Accountability
3.1.2.1 Identification and
Authorization
3.1.2.2 Audit
3.1.3
Assurance
New Items in LSPP
5.1 Security Audit-lists 19 auditable events
•All attempts to import user data, including any
security attributes
•Actions taken due to audit storage failure
5.3.2 Strength of Authentication Data
•Single guess has less than 1/1,000,000 chance
•Multiple attempts in one minute have less than
1/100,000 chance
5.4 Security Management-specifies
requirements and roles.
6.2 Delivery and Operation
ISO/IEC PDTR 15446
•
•
•
•
Expands on PPs and STs
PPs and STs for composite TOEs
Functional and Assurance Packages
Generic and Worked Examples
Websites of Interest
Common Criteria
NIST- csrc.ncsl.nist.gov/cc
CC Toolbox- niap.nist.gov/tools/cctool.html
Others
GIG- cno-n6.hq.navy.mil/files.htm
NIAP- niap.nist.gov
Download