High assurance products in it security
This presentation is the property of its rightful owner.
Sponsored Links
1 / 15

High Assurance Products in IT Security PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

High Assurance Products in IT Security. Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran. Outline. Computer Security Offset reason for security Security Objective Recommendation of product selection Modern approach to measuring assurance

Download Presentation

High Assurance Products in IT Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

High assurance products in it security

High Assurance Products in IT Security

Rayford B. Vaughn, Mississippi State University

Presented by:

Nithin Premachandran



  • Computer Security

  • Offset reason for security

  • Security Objective

  • Recommendation of product selection

  • Modern approach to measuring assurance

  • Trusted Computer Security Evaluation Criteria

  • ISO standard 15408

  • Summary

Computer security

Computer Security

  • Establishing defensive perimeter

  • Protection of data

  • Disaster Recovery and Response

  • Authorization of users accessing the system

Offset reasons

Offset reasons

  • Concern of return on investment

  • Cost of data recovery

  • Liability issues associated with misuse of system resources

  • Business impact of security controls imposed on users of system

  • Monitor activities of authorized users – to ensure proper insider behavior, compliance with mandated procedure, guard against accidental destructive events.

Defensive objective

Defensive Objective

  • Create enough penetration difficulty for the attacker so that level of effort to penetrate exceeds the value gained on successful penetration.

  • Management must guard against vulnerability by : purchase of additional hardware or software.

  • What to purchase based on: what product can be delivered fastest or what sales claim appropriate for situation.

  • No guarantee total security and risk present- tend to use high assurance product in attempt to gain confidence in strength of protection we have.

  • High assurance means a very strong level of confidence in terms of the correct implementation of security protection mechanisms in a product

  • Low Assurance means we have no proof of a correct implementation.



  • Assurance: Confidence that product operates as intended.

  • Considerations for product and security will address:

    • Completeness and strength of the security design architecture

      • Addressed by security Engineers with training in Information security or Information Assurance

    • Assurance/confidence of the product’s operation

  • Standard for trusted systems: How products are rated today and Critical Evaluation Assurance Level (EAL) is determined by:

    • ISO standard 15408 or Common Criteria

    • Trusted Computer Systems Evaluation Criteria (TCSEC).

  • Documents - qualitative measurement of assurance in security software/hardware products

Product selection

Product Selection

  • Recommendation from:

    • technical staff , budget , sales presentation, assertions

  • Confidence in correct operation of product comes from-

    • experience,

    • examination of code,

    • Independent reviews,

    • Testing and

    • certification by experts and others.

  • Security engineer should be concerned with information assurance (ISO standard) than computer security

Product selection1

Product Selection

  • Based on past experience of security engineers

  • Selection based on experience of others

  • Third Party testing and evaluation- greatest indicator of assurance in a product.

    • Third party conduct a standard suite of test to verify that product does indeed work as vendor claimed.

    • Third party reviews software code, product documentation to verify correctness of code, absence of hidden functionality and compliance with design specifications. – greater level of assurance that product worked properly as claimed.

Trusted computer security evaluation criteria tcsec

Trusted Computer Security Evaluation Criteria (TCSEC)

  • Approach to measuring assurance

  • Evaluations have been conducted since 80’s.

  • DOD initiative to improve trustworthiness of systems used to process sensitive and classified information.

  • Directed towards ranking O.S as having specific level of assurance

  • Computing products are evaluated at each of classes (A, B, C, D)

  • If a C or B product was purchased, the buyer was assured that specific functions were included in the product along with a specific level of trust.

Classes of assurance

Classes of Assurance

  • Trusted Computing base (TCB) hardware and software components present in the system that provide for security functionality.

  • D: Minimal Protection

    • Reserved for evaluated systems but failed to meet the requirements for higher evaluation class

  • C1: Discretionary security protection

    • Separation of users and data. Users are able to protect private information and keep other users form accidental reading or deletion of data

  • C2: Controlled access protection

    • Finer controls than C1 systems. Individual accounted for action thru login procedure, auditing of security and resource isolation.

  • B1:Labled security protection

    • Requires all features of class C2. In addition informal statement of security policy model, data labeling and mandatory access control over named subjects must be present.

Classes of assurance1

Classes of Assurance

  • B2: Structured Protection

    • Strengthened authentication mechanism

    • Stringent configuration management controls

    • Resistant to penetration

  • B3: Security Domains

    • Security admin is supported

    • System recovery procedures are required.

    • System is highly resistant to penetration

  • A1: Verified Design

    • Functionally equivalent to class B3. No additional policy requirements are added.

    • High degree of assurance that trusted computing is correctly implemented.

Common criteria cc iso 15408

Common Criteria(CC):ISO 15408

  • Widely used assurance measure of security products

  • International standard replaced TCSEC

  • Evaluation done by private lab certified by appropriate government

  • CC allows third party labs to review the product for :

    • Compliance with product specification: Protection Profile (PP)

    • Report concerning compliance to specification: Security Target

  • Hierarchical system of evaluation

    • Evaluation Assurance Level (EAL) 1 – low, 7- High

    • 1 to 4 : Adequate for sensitive industrial use

    • 5 to 7: Assurance for sensitive government applications.

High assurance products in it security


  • Product at EAL 1- “functionally tested”

    • Refers as blackbox testing- code not examined but test cases designed

    • Product performs in accordance with documentation.

  • Evaluation conducted at any lab certified by CC are acceptable.

  • Evaluations are quite expensive — an EAL 2 product evaluation will often cost at least $250,000. Quite prohibitive for small companies.

  • list of certified products can be found at http://www.niap.nist.gov



  • Evaluation comparisons between CC, TCSEC and ITSEC(Interim European evaluation criteria)

  • Prevention, detection and Mitigation Strategies

Source: Idea Group Publishing



  • Areas of concerns for security engineer- Prevention, detection and response recovery.

  • CC gains acceptance and strength in government and commercial market

  • 170 IT products evaluated till 2004

  • EAL ratings 1 through 5 – products can be selected with little assurance.

  • Login