1 / 79

CACR CC Briefing

CACR CC Briefing. Stephen Booth Computer and System Security Section Communications Security Establishment Stephen .Booth@cse-cst.gc.ca. Presentation Objectives. I intend to provide: an overview of the CC Project the Current Status of the CC and CEM a description of the CC MRA

elie
Download Presentation

CACR CC Briefing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CACR CC Briefing Stephen Booth Computer and System Security Section Communications Security Establishment Stephen .Booth@cse-cst.gc.ca

  2. Presentation Objectives • I intend to provide: • an overview of the CC Project • the Current Status of the CC and CEM • a description of the CC MRA • a high level description of the CC - how it is structured • a description of the Canadian CC Scheme CACR Briefing

  3. Terms Used • CC - Common Criteria • CCEF - (CCE Approved) CC Evaluation Facility • CCS - Canadian CC Evaluation and Certification Scheme • CEM - Common Evaluation Methodology • EAL - Evaluation Assurance Level • MRA Mutual Recognition Arrangement • PP - Protection Profile ( what the buyer needs) • ST - Security Target ( what the vendor has) • TOE - Target of Evaluation (the product) • TSF - TOE Security Functions CACR Briefing

  4. CC PPs and STs/TOEs Protection Profile(What I Need) Customer Vendor Security Target(What I Have) Target of Evaluation(the Product) CACR Briefing

  5. History of Evaluation Criteria • ‘83/85: Trusted Computer System Evaluation Criteria (TCSEC) • ‘91: Information Technology Security Evaluation Criteria (ITSEC) • ‘93: Canadian Trusted Computer Evaluation Criteria (CTCPEC) • ‘96: Common Criteria (CC) CACR Briefing

  6. TCSEC • Trusted Computer System Evaluation Criteria (orange book) DoD 5200.28-STD, December 1983 • Four trust rating divisions (classes): • D, C (C1, C2), B (B1, B2, B3), A (A1) • Three basic requirements: • specific security functionality requirement • assurance requirement • documentation requirement CACR Briefing

  7. ITSEC • Information Technology Security Evaluation Criteria (France, Germany, Netherlands and UK) v1.2, 1991 • focus is on assurance regardless of functionality • product evaluated to perform as indicated in documentation CACR Briefing

  8. CTCPEC • Canadian Trusted Computer Product Evaluation Criteria, Version 3.0, Jan. 1993 • two types of requirements are delineated: • functionality requirements • assurance requirements (T-0 to T-7) • functionality: four policy-oriented criteria - Confidentiality, Integrity, Availability and Accountability CACR Briefing

  9. Common Criteria (CC) • Common Criteria Version 1.0 (CC) 31 Jan 1996 • aligned the evaluation criteria of nations (ie. TCSEC, FC (USA), CTCPEC (Canada), ITSEC (Europe), ISO) • compatible with existing evaluation criteria • one product evaluated against it (Milkyway Black Hole firewall) • CC version 2.0 (May 1998) now superceded by • CC Version 2.1 which is identical to ISO 17408 CACR Briefing

  10. CEM • What is the CEM? • Common Methodology for information technology security evaluation • An common understanding of what the CC assurance requirements mean and the minimum work necessary to satisfy them • Supports mutual recognition of evaluation results CACR Briefing

  11. Purpose of the CEM • Defines specific evaluator work units • Common approach to satisfying assurance requirements defined in CC Part 3 • Primary audience is evaluators and certifiers overseeing evaluator work • Counter balances commercial pressures to reduce evaluation effort CACR Briefing

  12. Progress to date on the CEM • Part 1, Introduction and general model, release January 97 • Part 2, Evaluation methodology, first released January 99 (ver 0.6) (1003 comments received) • Part 2, re-released, August 99 (ver 1.0) • Incorporated large majority of comments • Working document for next 12 to 18 months • MRA requirement to use for evaluations commencing Jan 2000 CACR Briefing

  13. Future work on the CEM • Methodology for augmentations beyond predefined assurance packages • Evaluations need not be performed using pre-define assurance packages • Methodology for maintenance of certificates • How to extend evaluation results to future releases • Methodology for high assurance requirements • Current CEM covers assurance requirements in low to medium assurance category CACR Briefing

  14. Mutual Recognition Arrangement • attempted to document a “gentleman’s agreement” to accept each others evaluation results • started as an agreement but that meant it was staffed and signed as an international treaty • fundamental concept of the CC project • if there is no effective MRA then the CC project has failed! CACR Briefing

  15. What do we need for MRA? • Common and agreed upon standard • Common and agreed upon evaluation methodology • Trust / comfort that the other signatories are doing things if not the same way then at least in a consistent way • Willingness of all the partners to take some risks CACR Briefing

  16. What do we have that let us sign MRA? • CC • CEM • require evaluation facilities to be accredited to ISO 25 • require CBs to meet the requirements of ISO 65 • Technical discussion group that meets to talk about how each of our schemes work • a commitment to undergo voluntary periodic assessments • Are we all totally comfortable? CACR Briefing

  17. What do we have that let us sign MRA? • Risk takers and mitigation steps • accepted each other “on faith” and before CEM was completed • we accept EAL 1 to 4 for now • a commitment to make MRA and the CC project work CACR Briefing

  18. MRA Signing • Arrangement on the Mutual Recognition of Common Criteria Certificates in the Field of Information Technology Security • signed October 8,1998 • Germany, UK, Canada, US and France • expanded this year (September )to include the Australasian Scheme CACR Briefing

  19. What does it mean? • Extracts from the MRA document CACR Briefing

  20. MRA Future • expand both signatories and scope ( >EAL 4) • initiatives underway to expand to Europe • work on CEM for higher assurance levels • stepping up the schedule of “voluntary assessments” CACR Briefing

  21. CC Document Structure • Part 1 Introduction and general model • Part 2 Security functional requirements • Part 3 Security assurance requirements CACR Briefing

  22. CC Part 1 • Introduction to the rest of the documents • A general model of evaluation • Common Criteria evaluation results • Structure for expressing requirements and specifications CACR Briefing

  23. CC Part 2 • Class, family, and component structure • Operations • Catalogue of functional requirements • Application notes (housed in a separate volume) CACR Briefing

  24. CC Part 3 • Assurance requirements of the criteria: • CC Assurance Paradigm • Evaluation criteria for PPs (Class APE) • Evaluation criteria for STs (Class ASE) • Catalogue of assurance requirements • Evaluation assurance levels (EALs) CACR Briefing

  25. CC Functionality

  26. Functional Requirements • Describe the desired security behavior of the TOE • Intended to protect confidentiality, integrity and availability of assets, as required • May be customized for inclusion in a PP/ST CACR Briefing

  27. Requirements Structure Class Family Family Component Component Element Element CACR Briefing

  28. Interpreting Functional Requirement Names FIA_UID.1.2 Element Number F=Functional A=Assurance Component Number Family Name Specific Class CACR Briefing

  29. CC Functional Classes (1) • Security audit (FAU) • Communication (FCO) • Cryptographic support (FCS) • User data protection (FDP) • Identification and authentication (FIA) • Security management (FMT) CACR Briefing

  30. CC Functional Classes (2) • Privacy (FPR) • Protection of the TOE Security Functions (FPT) • Resource utilisation (FRU) • TOE access (FTA) • Trusted path/channels (FTP) CACR Briefing

  31. Functional Components • It is the collection of functional components in a PP/ST that defines the functionality • Each component contains a list of evaluatable statements, called “elements” • All elements must be successfully evaluated within a component CACR Briefing

  32. FIA: Identification and authentication • Addresses requirements for functions to establish and verify a claimed user identity • FIA deals with: • user identification and authentication • authentication failures • user attributes (e.g., clearances, roles) • constraints on quality of authentication data (e.g. minimum password size) CACR Briefing

  33. Selected FIA families • FIA_UID: User identification • FIA_UAU: User authentication • FIA_SOS: Specification of secrets CACR Briefing

  34. FAU: Security Audit • Security auditing involves recognising, recording, storing, and analysing information related to security relevant events. • Post event examination of which security events took place, and which user (if applicable) is responsible. CACR Briefing

  35. Selected FAU families • FAU_GEN: Security Audit Data Generation • FAU_SEL: Security Audit Event Selection • FAU_STG: Security Audit Event Storage • FAU_SAR: Security Audit Review • FAU_SAA: Security Audit Analysis CACR Briefing

  36. FMT: Security Management • management of TSF data (e.g. banners) • management of security attributes (ACL’s) • management of functions of the TSF (e.g. selection of functions, setting rules, etc.) • definition of security roles CACR Briefing

  37. Selected FMT families • FMT_MSA: Management of Security Attributes • attribute: used for enforcement of TSP • FMT_MTD: Management of TSF Data • data: created by and for the TOE • FMT_SMR: Security Management Roles CACR Briefing

  38. FCO:Communications • Address the functions that are concerned with assuring the identity of a party participating in a data exchange • proof of origin • proof of receipt CACR Briefing

  39. FCO Families • FCO_NRO: Non-repudaition of origin • FCO_NRR: Non-repudiation of receipt CACR Briefing

  40. FDP: User data protection • Specifies requirements for policies and functions related to user data protection • FDP deals with: • security function policies for user data protection (access control, information flow) • forms of user data protection • off-line storage, import and export • inter-TSF communication CACR Briefing

  41. Selected FDP families • FDP_ACC: Access control policy • FDP_ACF: Access control functions • FDP_RIP: Residual information protection • FDP_ROL: Rollback • FDP_SDI: Stored data integrity CACR Briefing

  42. FPR: Privacy • Addresses those functions that protect against discovery and misuse of identity by others CACR Briefing

  43. FPR Families • FPR_ANO: Anonymity • FPR_PSE: Pseudonymity • FRP_UNL: Unlinkability • FPR: Unobservability CACR Briefing

  44. FRU: Resource utilization • Supports the availability of required resources (processing capability, storage capacity) • FRU deals with: • fault tolerance • prioritization of services • resource allocation CACR Briefing

  45. Selected FRU family • FRU_RSA: Resource allocation CACR Briefing

  46. FPT: Protection of the TOE Security Functions • 3 significant portions of the TSF: • abstract machine • what does the TOE “sit upon” • implementation • the mechanisms that enforce the TSP • TSF data • the transient rules and data of the TOE CACR Briefing

  47. Selected FPT families • FPT_FLS: Fail Secure • FPT_RCV: Trusted Recovery • FPT_RVM: Reference Mediation • FPT_SEP: Domain Separation CACR Briefing

  48. FTA: TOE Access • Addresses functional requirements for controlling the establishment of a user’s session CACR Briefing

  49. FTA Families • FTA_LSA: Limitation on scope of slectable attributes • FTA_MCS: Limitation on multiple concurrent sessions • FTA_SSL: Session locking • FTA_TAB: TOE Access banners • FTA_TAH: TOE Access history • FTA_TSE: TOE Session establishment CACR Briefing

More Related