Common Criteria Course Module CC v3.0 The New …

1 TNO-ITSEF BV IT Security Evaluation FacilityCC New Conceptual Framework Common Criteria Course TNO 2005 Dirk-Jan Out+ 31 70 374 IT Security Evaluation FacilityThis work (and the following) has been financed by: BSIG ermany CSEC anada NLNCSAN etherlands NSAU nited StatesIT Security Evaluation FacilityProduct of a long discussionThe CCIMB found out the we used the same words to mean different thingsAnd of Course we also used different words for the same something was wrong with the Security Evaluation FacilityIf you want to clean a set of stairsyou must start at the topbottomIT Security Evaluation FacilityToo many words Security functions TOE Security Functions Security functional requirements Security functional components Security functional policies Security attributes Organisational security policy Security environment Security objectives IT security requirements

2 Security requirements for the(non)-IT environment TOE Security Policy Security Policy Model TSF Scope of Control TSF InterfaceIT Security Evaluation FacilityToo many undefined threat is:An attacker gains access to confidential data?(it threatens something the consumer holds dear)IT Security Evaluation FacilityToo many undefined threat is:An attacker gains access to confidential data?(it threatens something the consumer holds dear)OrAn attacker causes a buffer overflow (it threatens the TOE)IT Security Evaluation FacilityA vulnerability is something that breaks the TSP, butIT Security Evaluation FacilityIn short: it was too complexIT Security Evaluation FacilityStart from scratchStart from a few simple conceptsAdd one conceptat a timeUntil you can model everythingIT Security Evaluation FacilityToo many undefined threat is.

3 An attacker gains access to confidential data(it threatens something the consumer holds dear)OrAn attacker causes a buffer overflow (it threatens the TOE)IT Security Evaluation FacilityAssetsAttackersthreatenAttackers may damage assetsIT Security Evaluation FacilityAssetsAttackersThreatsAssetsRisk Attackers give rise to threatsThreats increase risks to assetsgive risetothat increasetoIT Security Evaluation FacilityAssetsAttackersThreatsAssetsRisk Owners value assetsOwners wish to minimize risksOwnersvaluewish to minimizeIT Security Evaluation FacilityAssetsAttackersThreatsAssetsRisk Owners introduce countermeasuresCountermeasures reduce risksOwnersintroduceCountermeasuresthat reduceIT Security Evaluation FacilityOwners want confidence in countermeasuresOwnersCountermeasuresConf idencewantinIT Security Evaluation

4 FacilityCountermeasures must be sufficientOwnersCountermeasuresConfidenc ewantthatRiskSufficientareand thereforeminimizeIT Security Evaluation FacilityCountermeasures must have no vulnerabilitiesOwnersCountermeasuresConf idencewantthatRiskSufficienthave noVulnerabilitiesand thereforeminimizeIT Security Evaluation FacilityCountermeasures consists of the TOE and other countermeasuresOther CountermeasuresTOES ubject of theevaluationNot subject of theevaluationIT Security Evaluation FacilityEvaluators need precise descriptionsEvaluatorsConfidencewant precise definitions ofVerdictsto produceOther CountermeasuresTOEIT Security Evaluation FacilityThe precise decriptions:The confidence in the TOE is precisely described by the Security Assurance RequirementsThe functionality of the TOE is precisely described by the Security Functional RequirementsThe Security Functional Requirements are collectively referred to as The TOE Security Policy IT Security Evaluation FacilityA big OSKernelAbout 500 tools, applications, editors, applets, Data files, user areas Security Evaluation FacilityTSF = TOE Security FunctionalityA part of the TOE that.

5 -implements the TSP (all SFRs)-cannot be influenced by the rest of the TOEH aving a small TSF saves the developer workIT Security Evaluation FacilityStart from scratchStart from a few simple conceptsAdd one conceptat a timeUntil you can model everythingThen throw away the restIT Security Evaluation FacilityLess concepts Security functions TOE Security Functionality Security functional requirements Security functional components Security functional policies Security attributes Organisational security policy Security environment Security objectives IT security requirements Security requirements for the(non)-IT environment TOE Security Policy Security Policy Model TSF Scope of Control TSF InterfaceIT Security Evaluation FacilityConclusionsIt will never be easy, but now it is easierIt will never happen that everybody understands everything, but now at least a small group understands itHopefully, we will all understand it somedayIT Security Evaluation Facility