DOC PREVIEW
UT CS 361 - Lecture 76: Certification

This preview shows page 1 out of 2 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 2 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 2 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Foundations of Computer SecurityLecture 76: CertificationDr. Bill YoungDepartment of Computer SciencesUniversity of Texas at AustinLecture 76: 1 CertificationBuying Security ProductsIdeally, buying security products should involve:1assessing needs to determine requirements;2identifying the product that will meet those requirements;3purchasing the product and deploying it.The problem: most customers don’t have the expertise toperform these steps effectively.A solution: provide a standardized process of independentevaluation by expert teams to provide a certified level of confidencefor security products.Lecture 76: 2 CertificationEvaluation MethodologyAn evaluation standard provides the following:A set of requirements defining security functionality.A set of assurance requirements needed for establishing thefunctional requirements.A methodology for determining that the functionalrequirements are met.A measure of the evaluation result indicating thetrustworthiness of the evaluated system.Lecture 76: 3 CertificationCryptographic FunctionsFor cryptographic functions, federal agencies are required to useproducts that either have been approved by the NSA, or have beenvalidated to FIPS 140-1 or 140-2, Security Requirements forCryptographic Modules.Approximately 150 vendors of cryptographic modules havehad independent labs perform compliance/conformancetesting of their modules.FIPS 140-2 defines four levels for certification for cryptodevices designed for protection of sensitive but unclassifiedinformation,Lecture 76: 4 CertificationFIPS 140-2 LevelsThese are levels of certification for cryptographic devices:Level 1: basic security; at least one approved algorithm orfunction.Level 2: improved physical security, tamper-evident packaging.Level 3: strong tamper-resistance and countermeasures.Level 4: complete envelope of protection including immediatezeroing of keys upon tampering.Lecture 76: 5 CertificationLessonsCertification standards for security products would help theconsumer understand what they need and what they’rebuying.For cryptographic products, the government provides guidancein the form of standards FIPS 140-1 and 140-2.Next lecture: The Common CriteriaLecture 76: 6


View Full Document

UT CS 361 - Lecture 76: Certification

Documents in this Course
Load more
Download Lecture 76: Certification
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture 76: Certification and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture 76: Certification 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?