it security evaluation methods lecture notes (2/7)

고려대학교정보보호대학원

마스터제목스타일편집


History of CC- International -



3

Realized that ( ) system posed security issues that went beyond the traditional concerns for secure communications. ( ) (@ NSA) talked 3 important issues :

In



4

( ) : The ( ) practical attempt to apply a mathematical model of multilevel security with support from ARPA.

In



5

( ) and ( ) defined ( ) multilevel security model.

But infeasible to remove completely all possible ( ).

SRI’s ( ) development project began.

The difficulties of ( ) highlighted the importance of ( ).

In



6

The difficulties of ( ), the need for ( ), and the practical infeasibility of entirely eliminating ( ) launched the establishment of ( ).

Separate and unique entity within NSA

The natural candidate for the evaluation role was, of course, NSA, but its COMSEC culture did not fit the vision ( ) (@ NSA -> ARPA -> Office of the Secretary of Defense) was developing. :

“We wanted to get industry to do this as part of their normal product, which they’d make available to anyone.”

In



7

( ) : One group of users, using a certain set of commands, is non-interfering with another group of users if what the first group does with those commands has no effect on what the second group of users can see.

SRI’s ( ) and ( ) developed.

( ) than the Bell-LaPadula model.

( ) analysis was subsumed under ( ).

In



8

In

( ) was made.

Evaluates ( )

Specifies evaluation classes ( )

C level : Basically commercial class machines

A1 : ( )

It had been expected that a higher, A2, incorporating ( ), would eventually be added, but the addition was never made.



9

( ) was elevated to ( ) because :

The growing interconnection of computers into networks ( ) between COMSEC and COMPUSEC.

High-level computer security market was never really as large as people expected. They need to ( ) by including in it sectors that were nonmilitary but had computer security concerns : Other departments of government and the commercial sector, especially banking.

In



10

In

The Red Book (Trusted Network Interpretation (TNI) of the Orange Book)

Series that expanded on Orange Book in specific areas was called “( )”.

Canada, UK, European Community develop standards similar to and beyond the Orange Book.



11

[Note] *Orange DoD Trusted Computer System Evaluation Guide DoD 5200.28.STD 008-000-00461-7Green DoD Password Management Guide SCS-STD-002-85 008-000-00443-9*Lt Yellow ComSwc Requirements-Guidance for Applying DoD TSEC in

Specific EnvironmentsCSC-STD-003-85 008-000-00442-1

*Yellow Technical Rationale Behind ComSec Requirements Guilelines... CSC-STD-004-8 008-000-00441-2*Tan Guide to Understanding Audit in Trusted Systems NCSC-TG-001 008-000-00508-7*Aqua Trused Product Evaluations: Guide for Vendors NCSC-TG-002 -*NeonOrange

Guide to Understanding Discretionary Access Control in TrustedSystems

NCSC-TG-003 008-000-00539-7

*Teal Green Glossary of COMSEC Terms NCSC-TG-004 008-000-00522-2Red Trusted Network Interpretations of TCSEC NCSC-TG-005 008-000-00486.2*Ornage 2 A Guide to Understanding Configuration Management in Trusted

SystemsNCSC-TG-006 008-000-00507-9

*Burgandy Guide to Understanding Design Documentation in TrustedSystems

NCSC-TG-007 008-000-00518-4

*DarkLavender

Guide to Understanding Trust Distribution in Trusted Systems NCSC-TG-008 008-000-00536-2

*Venice Blue Computer Security Subsysem Interpretation of TCSEC NCSC-TG-009 008-000-00510-9*Dark Red Trusted Network Interpretations Environments Guideline NCSC-TG-011 -*Pink Rating Maintenance Phase Program Document NCSC-TG-013 -Purple Guidelines for Formal Verification Systems NCSC-TG-014 008-000-00546-1*Brown Guide to Understanding Trusted Systems Management NCSC-TG-015 -Light Blue Guide to Understanding Identification and Authentication in

Trusted SystemsNCSC-TG-017 -

*MediumBlue

Trusted Product Evaluation Questionaire NCSC-TG-019 -

Grey Trusted UNIX Working Group... NCSC-TG-020-A -*Lavender Trusted Database Management System Interpretation of the

TCSECNCSC-TG-021 -

*NeonYellow

A Guide to Understanding Trusted Recovery in Trusted Systems NCSC-TG-022 -



12

( ) : to test and validate cryptographic modules to

FIPS 140-1 (1994, developed by a government and industry working group)

FIPS 140-2 (2001, supersedes FIPS 140-1)

Draft FIPS 140-3 (Revised Draft 09/11/09, will supersede FIPS 140-2)

11 Security Sections 4 Security Assurance Levels

Joint effort between NIST and the Communications Security Establishment (CSE) of the Government of Canada.

All cryptographic modules used by US Federal Government to protect ( ) information go through ( ) validation program.

In



13

Works jointly with the NIST ( ). ( ) algorithmic validation is a ( ) for

( ) module validation.

International Standards Organization

ISO/IEC 19790 Security Requirements for Cryptographic Modules

Published March 2006

ISO/IEC 24759 Test requirements for cryptographic modules

Published July 2008

( ) was the editor for both international standards.

In



14

In



15

In Country CST Lab

USA

•ÆGISOLVE, INC. (USA - CA)• Aspect Labs, a division of BKP Security, Inc. (USA - CA)• atsec Information Security Corporation (USA - TX)• CEAL: a CygnaCom Solutions Laboratory (USA - VA)• COACT Inc. CAFE Laboratory (USA - MD)• Computer Sciences Corporation (USA - MD)• ICSA Labs, An Independent Division of Verizon Business (USA - PA)• InfoGard Laboratories, Inc. (USA - CA)• SAIC Accredited Testing & Evaluation (AT&E) Labs (USA - MD)• SAIC Accredited Testing & Evaluation (AT&E) Labs (USA - VA)•Underwriters Laboratories, Inc. (USA - IL)

Canada•DOMUS IT Security Laboratory (Canada)• EWA - Canada IT Security Evaluation & Test Facility (Canada)

Germany • TÜV Informationstechnik GmbH (Germany)

Japan• ECSEC Laboratory Inc. (Japan)• Information Technology Security Center (Japan)

Spain • Epoche & Espri (Spain)

Taiwan • TTC IT Security Evaluation Laboratory (Taiwan, R.O.C.)

※ http://csrc.nist.gov/groups/STM/testing_labs/index.html

※ CST Lab : Cryptographic and Security Testing Lab accredited by NVLAP(National VoluntaryLaboratory Accreditation Program)



16

The international ( ) emerged because :

Extending the computer security market by internationalizing the market.

The orange book had serious flaw : The problem with bundling functionality and assurance.

It ruled out systems that had simple functions but high assurance of the correctness of those functions.

Thus CC reflects the ( ) unbundled approach rather than ( ) bundled one, although there is a provision for bundled PPs.

In



17

Sample Products Evaluated by CC

VMware® ESXi Server 3.5 and VirtualCenter 2.5 EAL4+ 24-FEB-10

Microsoft Windows Mobile 6.5 EAL4+ 09-FEB-10

Apple Mac OS X 10.6 EAL3+ 08-JAN-10

Red Hat Enterprise Linux Ver. 5.3 on Dell 11G Family

Servers

EAL4+23-DEC-09

Windows Vista Enterprise; Windows Server 2008

Standard Edition; Windows Server 2008 Enterprise

Edition; Windows Server 2008 Datacenter Edition

EAL4+

ALC_FLR.3

31-AUG-09

Oracle Enterprise Linux Version 5 Update 1 EAL4+

ALC_FLR.3

15-OCT-08

Green Hills Software INTEGRITY-178B Separation

Kernel, comprising: INTEGRITY-178B Real Time

Operating System (RTOS),

EAL6+ 01-SEP-08



18

Crypto algorithms implemented in security products

“Algorithm”

H/W Security, EMI/EMC, etc.

Various security functions of IT security product

“Product”

Identification & Authentication function, etc.

“Module”

“System”

“Environment”

After CC,



19

CC v.s CMVP

기타 보안기능 암호기능



20

CC v.s CMVP

기타보안기능 암호기능



21

Title III of the E-Government Act (Public Law 107-347), entitled ( ), requires that all federal agencies develop and implement an agency-wide information security program designed to safeguard IT assets and data of the respective agency.

C&A



22

There are generally 3 methodologies used by government organizations in order to satisfy the requirements set forth by ( ) :

C&A



23

C&A



24

Processes used to evaluate and approve a system for government or military use

Or a highly regulated industry like pharmaceuticals or aeronautics

Not normally used in businesses

C&A



25

It is a process for ( ) that a given system is safe to operate (security-wise) in its ( ).

A process that ensures systems maintain their ( ) throughout their ( ).

C&A



26

C&A



27

An international standard covering everyaspect of information security :

Equipment

Management policies

Human resources

Legal aspects

After CC,



28

After CC,

1995

1998

BS 7799 Part 1

BS 7799 Part 2

Swedish standards SS 62 77 99 Parts 1 and 21999

Updated version of BS 7799 Parts 1 and 2

December 2000 ISO/IEC 17799:2000

2001Review of BS 7799-2

September 2002 Updated version of BS 7799-2 (revised and corrected)



29

Complementarity with Other ISO Standards

After CC,

Code of practice for information

security management

ISO 17799

Guidelines for the management

of IT security

ISO13335 (GMITS)

Products and systems certified

by ISO 15408(CC)



30

ISMS =

After CC, BS7799/ISO 17799




History of CC- International -

it security evaluation methods lecture notes (2/7)

Engineering