![Page 1: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/1.jpg)
Title SlideEVOLVING CRITERIA FORINFORMATION SECURITY
PRODUCTS
Ravi SandhuGeorge Mason University
Fairfax, VirginiaUSA
![Page 2: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/2.jpg)
2
SECURITY OBJECTIVES
SECRECY(CONFIDENTIALITY)
INTEGRITY AVAILABILITY(DENIAL OF SERVICE)
![Page 3: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/3.jpg)
3
SECURITY TECHNIQUES
• Prevention access control
• Detection auditing
• Tolerance practicality
good prevention and detection both require good authentication as a foundation
good prevention and detection both require good authentication as a foundation
![Page 4: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/4.jpg)
4
SECURITY TRADEOFFS
SECURITY
FUNCTIONALITY EASE OF USE
COST
![Page 5: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/5.jpg)
5
ACHIEVING SECURITY
• Policy what?
• Mechanism how?
• Assurance how well?
![Page 6: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/6.jpg)
6
EVALUATION CRITERIA
Policy
Assurance
SECURITY TARGET
Mechanism
PRODUCT
??
![Page 7: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/7.jpg)
7
CRITERIA DATES
| | | | | | | | | | | |1985 1990 1995
USAORANGE BOOK
Canadian CTCPEC
1.0|
2.0|
3.0|
UK, Germany | | France
|
1.2|European Community ITSEC
1.0|
US Federal Criteria 1.0|
Common Criteria
![Page 8: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/8.jpg)
8
CRITERIA RELATIONSHIPS
USA ORANGE BOOK
UK Germany France Canada
European Community
ITSEC
Federal CriteriaDRAFT
Common CriteriaPROPOSED
![Page 9: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/9.jpg)
9
COMMONCRITERIA
&PRODUCT
EVALUATION
INTERNATIONAL COMPUTER
MARKET TRENDS
MUTUAL RECOGNITION
OF EVALUATIONS
COMPATIBILITYWITH EXISTING
CRITERIA
SYSTEMSECURITY
CHALLENGESOF THE
90'S
DRIVING FACTORS
![Page 10: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/10.jpg)
10
ORANGE BOOK
USA ORANGE BOOK
UK Germany France Canada
European Community
ITSEC
Federal CriteriaDRAFT
Common CriteriaPROPOSED
![Page 11: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/11.jpg)
11
ORANGE BOOK CLASSES
A1 Verified Design
B3 Security Domains
B2 Structured Protection
B1 Labeled Security Protection
C2 Controlled Access Protection
C1 Discretionary Security Protection
D Minimal ProtectionNO SECURITY
HIGH SECURITY
![Page 12: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/12.jpg)
12
ORANGE BOOK CLASSESUNOFFICIAL VIEW
C1, C2 Simple enhancement of existing systems. No breakage of applications
B1 Relatively simple enhancement of existing systems. Will break some applications.
B2 Relatively major enhancement of existing systems. Will break many applications.
B3 Failed A1
A1 Top down design and implementation of a new system from scratch
![Page 13: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/13.jpg)
13
ORANGE BOOK CRITERIA
SECURITY POLICY
ACCOUNTABILITY
ASSURANCE
DOCUMENTATION
![Page 14: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/14.jpg)
14
SECURITY POLICY
C1 C2 B1 B2 B3A1
Discretionary Access Control + + +
Object Reuse +
Labels + +
Label Integrity +
Exportation of Labeled Information +
Labeling Human-Readable Output +
Mandatory Access Control + +
Subject Sensitivity Labels +
Device Labels +
+ added requirement
![Page 15: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/15.jpg)
15
ACCOUNTABILITY
C1 C2 B1 B2 B3A1
Identification and Authentication + + + Audit + + + + Trusted Path + +
+ added requirement
![Page 16: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/16.jpg)
16
ASSURANCE
C1 C2 B1 B2 B3A1
System Architecture + + + + +
System Integrity +
Security Testing + + + + ++
Design Specification and Verification + + ++
Covert Channel Analysis + ++
Trusted Facility Management + +
Configuration Management + +
Trusted Recovery +
Trusted Distribution +
+ added requirement
![Page 17: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/17.jpg)
17
DOCUMENTATION
C1 C2 B1 B2 B3A1
Security Features User's Guide + Trusted Facility Manual + + + + + Test Documentation + +
+DesignDocumentation + + + +
+ added requirement
![Page 18: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/18.jpg)
18
ORANGE BOOK CRITICISMS
• Does not address integrity or availability
• Combines policy and assurance in a single linear rating scale
• Mixes policy and mechanism
• Mixes policy and assurance
![Page 19: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/19.jpg)
19
POLICY VS ASSURANCE
assurance
C1C2
B1B2
B3 A1policy
![Page 20: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/20.jpg)
20
EUROPEAN ITSEC
USA ORANGE BOOK
UK Germany France Canada
European Community
ITSEC
Federal CriteriaDRAFT
Common CriteriaPROPOSED
![Page 21: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/21.jpg)
21
POLICY ASSURANCE UNBUNDLING
EVALUATION
POLICYor
FUNCTIONALITY
ASSURANCE
EFFECTIVENESS CORRECTNESS
![Page 22: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/22.jpg)
22
POLICY IN ITSEC
• Open ended
• Orange Book classes are grand-fathered in
• Some new classes are identified
![Page 23: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/23.jpg)
23
ORANGE BOOK POLICYGRAND-FATHERING
ITSEC ORANGE BOOK
F-C1 C1
F-C2 C2
F-B1 B1
F-B2 B2
F-B3 B3
![Page 24: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/24.jpg)
24
ITSEC NEW POLICIES
ITSEC OBJECTIVE
F-IN High Integrity Requirements
F-AV High Availability Requirements
F-DI High Data Integrity during Data Exchange
F-DC High Data Confidentiality during Data Exchange
F-DX Networks with High Confidentiality and Integrity
others can be defined as needed
![Page 25: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/25.jpg)
25
ASSURANCE: EFFECTIVENESS
CONSTRUCTION
• Suitability Analysis
• Binding Analysis
• Strength of Mechanism Analysis
• List of Known Vulnerabilities in Construction
OPERATION
• Ease of Use Analysis
• List of Known Vulnerabilities in Operational Use
![Page 26: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/26.jpg)
26
ASSURANCE: CORRECTNESS
ITSEC ORANGE BOOK (very roughly)
E0 D
E1 C1
E2 C2
E3 B1
E4 B2
E5 B3
E6 A1
![Page 27: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/27.jpg)
27
US DRAFT FEDERAL CRITERIA
USA ORANGE BOOK
UK Germany France Canada
European Community
ITSEC
Common CriteriaPROPOSED
Federal CriteriaDRAFT
![Page 28: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/28.jpg)
28
NIST/NSAJoint Work
Commercial & IndependentInitiatives
NIST’s IT SecurityRequirements Study
Integrity Research
NRC Report"GSSP"
“Minimum SecurityFunctionality Requirements”(MSFR)
FederalCriteria
for IT Security
ECITSEC
CanadaTPEP Orange
Book
Advances inTechnology
INFLUENCES ON FEDERAL CRITERIA
![Page 29: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/29.jpg)
29
ITSEC EVALUATION
Policy
Assurance
SECURITY TARGET
Mechanism
PRODUCT
??
![Page 30: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/30.jpg)
30
FEDERAL CRITERIA EVALUATION
Policy
Assurance
SECURITYTARGET
Mechanism
PRODUCT
??
Policy
Assurance
PROTECTIONPROFILE
??
VendorSupplied
CustomerSupplied
![Page 31: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/31.jpg)
31
PROTECTION PROFILE STRUCTURE
DescriptiveElementsSection
ProductRationaleSection Development
AssuranceRequirements
Section
FunctionalRequirements
Section EvaluationAssurance
RequirementsSection
PROTECTION PROFILE
![Page 32: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/32.jpg)
32
FROM PROFILE TO PRODUCT
Protection Profile
PPA = Protection Profile Analysis
Protection Profiles Registry of
PP1 PP2 ... PPnEvaluation 2
Evaluation 3
Evaluation 1PPA
Security Target (ST)
ST ST
(PP)
pp1 ppn
Product 1 Product n
![Page 33: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/33.jpg)
33
TOWARDS A COMMON CRITERIA
USA ORANGE BOOK
UK Germany France Canada
Common CriteriaPROPOSED
Federal CriteriaDRAFT
European Community
ITSEC
![Page 34: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/34.jpg)
34
EC-NAAlignment
-----“Common
Criteria”
EC-NAAlignment
-----“Common
Criteria”
CCEditorial
Board
CanadaCTCPEC
3.0
ITSEC1.2
FedCrit1.0
“OrangeBook”Usage Joint
TechnicalGroups
Usage &Reviews
PublicComment
Usage &Reviews 1994: initial target
1996: more likely
ISOSC27WG3
COMMON CRITERIA PLAN
![Page 35: Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA](https://reader033.vdocuments.mx/reader033/viewer/2022061306/55146375550346414e8b5a40/html5/thumbnails/35.jpg)
35
CHALLENGES THAT REMAIN
Complexities of the open distributed computing and management environments (including use of crypto in conjunction with COMPUSEC)
“Systems” and composability Problems
Trusted applications development and evaluation methods, including high integrity and high availability systems
Guidance on using IT security capabilities cost effectively in commercial environments
Speedy but meaningful product and system evaluations, and evaluation rating maintenance