Foundations of Computer SecurityLecture 79: Security Target ExampleDr. Bill YoungDepartment of Computer SciencesUniversity of Texas at AustinLecture 79: 1 Security Target ExampleExample ST: Sun Identity ManagerSun Java System Identity Manager is a product for managing useraccess privileges stored in directory services. Evaluation to EAL2performed by Cygnacom in summer 2005.AssumptionsOE.NoUntrusted: no untrusted users on the systemOE.Time: the OS has reliable time stampsThreatsT.BadPasswords: users may have selected guessable passwordsT.Abuse: authorized users perform bad actionsT.Mismanage: administrators don’t manage security wellT.Privil: unauthorized user gains accessT.Undetect: attack attempts go undetectedT.Walkaway: a user leaves workstation without logging outLecture 79: 2 Security Target ExampleExample ST: Sun Identity ManagerSecurity Objectives for the TOEO.ManagedData: store properties of usersO.PasswordGen: support automatic generation of passwordsO.PasswordQual: specify password quality parametersSecurity Objectives for the EnvironmentOE.Time: the underlying OS provides reliable timeON.NoUntrusted: the administrator assures no untrustedusers or software on the hostLecture 79: 3 Security Target ExampleExample ST: Sun Identity ManagerSecurity Requirements(21 requirements from CC relevant to this type of product)TOE SummaryMapping of security requirements to subfunctionsAssurance measures provided by the vendor (CVS listings,product documentation, vulnerability assessment)Rationale: how threats are counterede.g., T.BadPassword is countered by O.PasswordGen andO.PasswordQualLecture 79: 4 Security Target ExampleLessonsA Security Target is a specific system or class of systemssubmitted for evaluation.The policy may be specified “fresh” or as previously evaluatedprotection profiles.The idea is to specify what security means for this productand how the product enforces that notion of security.Next lecture: Common Criteria EvaluationLecture 79: 5 Security Target
View Full Document