Unformatted text preview:

Foundations of Computer SecurityLecture 77: The Common CriteriaDr. Bill YoungDepartment of Computer SciencesUniversity of Texas at AustinLecture 77: 1 The Common CriteriaThe Common CriteriaThe need for secure systems evaluation criteria led numerouscountries to develop their own. This has largely been replaced byThe Common Criteria, adopted by some 26 countries, includingthe U.S. It comprises:the CC documents,the CC Evaluation Methodology (CEM),country-specific evaluation methodologies called an EvaluationScheme or National Scheme.Evaluations (to a certain level) by one signing country arerespected by all of the others.Lecture 77: 2 The Common CriteriaSome AcronymsAny discussion of the Common Criteria tends to be veryacronym-heavy. Here are a few:TOE (Target of Evaluation) the system submitted forevaluation.ST (Security Target) set of security requirements to beused as the basis of evaluation.EAL (Evaluation Assurance Level) the level of certificationsought.TSF (TOE Security Functions) the set of all hardware,software, and firmware needed for the enforcement ofthe policy.Lecture 77: 3 The Common CriteriaTypes of EvaluationThere are two types of evaluations under the CC.1evaluations of protection profiles (PP), a set ofimplementation-independent security requirements for acategory of products or systems;2evaluations of products or systems against a security target(ST).Lecture 77: 4 The Common CriteriaProtection ProfileA PP is a description of a family of products in terms of threats,environmental issues and assumptions, security objectives, andrequirements of the Common Criteria. It includes:1Introduction, containing a system identification and overview;2Product or System Family Description;3Product or System Family Security Environment;4Security Objectives;5IT Security Requirements;6Rationale.Some examples: antivirus on workstations, biometrics, firewalls,intrusion detection, operating systems, PKI, trusted database.Approximately 50 protection profiles currently exist with moreunder development.Lecture 77: 5 The Common CriteriaSecurity TargetThe Security Target is a document that contains the securityrequirements of a product to be evaluated (TOE), and specifiesthe measures offered by the product to meet those requirements. Itmay match a protection profile.1Introduction2TOE description3TOE security environment: assumptions, threats,organizational security policies4Security objectives5IT Security requirements6TOE summary specification7Protection Profile claims8Rationale: evident that the ST is a complete set ofrequirements and that the TOE provides measures to addressthe requirements.Lecture 77: 6 The Common CriteriaLessonsThe need for secure systems evaluation criteria led toincompatible national standards.These have largely been replaced by the Common Criteria, aset of standards recognized by 26 countries, including the U.S.and most E.U. nations.Two types of entities are evaluated under the CommonCriteria:a “protection profile” is a formal descriptions of security for aclass of systems;a “security target” is a specific system or family of systems.Next lecture: Protection Profile ExampleLecture 77: 7 The Common


View Full Document

UT CS 361 - Lecture Notes

Documents in this Course
Load more
Download Lecture Notes
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture Notes and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture Notes 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?