High assurance products in it security
Sponsored Links
This presentation is the property of its rightful owner.
1 / 15

High Assurance Products in IT Security PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

High Assurance Products in IT Security. Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran. Outline. Computer Security Offset reason for security Security Objective Recommendation of product selection Modern approach to measuring assurance

Download Presentation

High Assurance Products in IT Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

High Assurance Products in IT Security

Rayford B. Vaughn, Mississippi State University

Presented by:

Nithin Premachandran


  • Computer Security

  • Offset reason for security

  • Security Objective

  • Recommendation of product selection

  • Modern approach to measuring assurance

  • Trusted Computer Security Evaluation Criteria

  • ISO standard 15408

  • Summary

Computer Security

  • Establishing defensive perimeter

  • Protection of data

  • Disaster Recovery and Response

  • Authorization of users accessing the system

Offset reasons

  • Concern of return on investment

  • Cost of data recovery

  • Liability issues associated with misuse of system resources

  • Business impact of security controls imposed on users of system

  • Monitor activities of authorized users – to ensure proper insider behavior, compliance with mandated procedure, guard against accidental destructive events.

Defensive Objective

  • Create enough penetration difficulty for the attacker so that level of effort to penetrate exceeds the value gained on successful penetration.

  • Management must guard against vulnerability by : purchase of additional hardware or software.

  • What to purchase based on: what product can be delivered fastest or what sales claim appropriate for situation.

  • No guarantee total security and risk present- tend to use high assurance product in attempt to gain confidence in strength of protection we have.

  • High assurance means a very strong level of confidence in terms of the correct implementation of security protection mechanisms in a product

  • Low Assurance means we have no proof of a correct implementation.


  • Assurance: Confidence that product operates as intended.

  • Considerations for product and security will address:

    • Completeness and strength of the security design architecture

      • Addressed by security Engineers with training in Information security or Information Assurance

    • Assurance/confidence of the product’s operation

  • Standard for trusted systems: How products are rated today and Critical Evaluation Assurance Level (EAL) is determined by:

    • ISO standard 15408 or Common Criteria

    • Trusted Computer Systems Evaluation Criteria (TCSEC).

  • Documents - qualitative measurement of assurance in security software/hardware products

Product Selection

  • Recommendation from:

    • technical staff , budget , sales presentation, assertions

  • Confidence in correct operation of product comes from-

    • experience,

    • examination of code,

    • Independent reviews,

    • Testing and

    • certification by experts and others.

  • Security engineer should be concerned with information assurance (ISO standard) than computer security

Product Selection

  • Based on past experience of security engineers

  • Selection based on experience of others

  • Third Party testing and evaluation- greatest indicator of assurance in a product.

    • Third party conduct a standard suite of test to verify that product does indeed work as vendor claimed.

    • Third party reviews software code, product documentation to verify correctness of code, absence of hidden functionality and compliance with design specifications. – greater level of assurance that product worked properly as claimed.

Trusted Computer Security Evaluation Criteria (TCSEC)

  • Approach to measuring assurance

  • Evaluations have been conducted since 80’s.

  • DOD initiative to improve trustworthiness of systems used to process sensitive and classified information.

  • Directed towards ranking O.S as having specific level of assurance

  • Computing products are evaluated at each of classes (A, B, C, D)

  • If a C or B product was purchased, the buyer was assured that specific functions were included in the product along with a specific level of trust.

Classes of Assurance

  • Trusted Computing base (TCB) hardware and software components present in the system that provide for security functionality.

  • D: Minimal Protection

    • Reserved for evaluated systems but failed to meet the requirements for higher evaluation class

  • C1: Discretionary security protection

    • Separation of users and data. Users are able to protect private information and keep other users form accidental reading or deletion of data

  • C2: Controlled access protection

    • Finer controls than C1 systems. Individual accounted for action thru login procedure, auditing of security and resource isolation.

  • B1:Labled security protection

    • Requires all features of class C2. In addition informal statement of security policy model, data labeling and mandatory access control over named subjects must be present.

Classes of Assurance

  • B2: Structured Protection

    • Strengthened authentication mechanism

    • Stringent configuration management controls

    • Resistant to penetration

  • B3: Security Domains

    • Security admin is supported

    • System recovery procedures are required.

    • System is highly resistant to penetration

  • A1: Verified Design

    • Functionally equivalent to class B3. No additional policy requirements are added.

    • High degree of assurance that trusted computing is correctly implemented.

Common Criteria(CC):ISO 15408

  • Widely used assurance measure of security products

  • International standard replaced TCSEC

  • Evaluation done by private lab certified by appropriate government

  • CC allows third party labs to review the product for :

    • Compliance with product specification: Protection Profile (PP)

    • Report concerning compliance to specification: Security Target

  • Hierarchical system of evaluation

    • Evaluation Assurance Level (EAL) 1 – low, 7- High

    • 1 to 4 : Adequate for sensitive industrial use

    • 5 to 7: Assurance for sensitive government applications.


  • Product at EAL 1- “functionally tested”

    • Refers as blackbox testing- code not examined but test cases designed

    • Product performs in accordance with documentation.

  • Evaluation conducted at any lab certified by CC are acceptable.

  • Evaluations are quite expensive — an EAL 2 product evaluation will often cost at least $250,000. Quite prohibitive for small companies.

  • list of certified products can be found at http://www.niap.nist.gov


  • Evaluation comparisons between CC, TCSEC and ITSEC(Interim European evaluation criteria)

  • Prevention, detection and Mitigation Strategies

Source: Idea Group Publishing


  • Areas of concerns for security engineer- Prevention, detection and response recovery.

  • CC gains acceptance and strength in government and commercial market

  • 170 IT products evaluated till 2004

  • EAL ratings 1 through 5 – products can be selected with little assurance.

  • Login