Embed Size (px)
DESCRIPTION
Computer Security Establishing defensive perimeter Establishing defensive perimeter Protection of data Protection of data Disaster Recovery and Response Disaster Recovery and Response Authorization of users accessing the system Authorization of users accessing the system
Citation preview
High Assurance Products High Assurance Products in IT Securityin IT Security
Rayford B. Vaughn, Mississippi State UniversityRayford B. Vaughn, Mississippi State University
Presented by:Presented by:
Nithin PremachandranNithin Premachandran
OutlineOutline
Computer SecurityComputer Security
Offset reason for securityOffset reason for security
Security ObjectiveSecurity Objective
Recommendation of product selectionRecommendation of product selection
Modern approach to measuring assuranceModern approach to measuring assurance
Trusted Computer Security Evaluation CriteriaTrusted Computer Security Evaluation Criteria
ISO standard 15408ISO standard 15408
SummarySummary
Computer SecurityComputer Security
Establishing defensive perimeterEstablishing defensive perimeter
Protection of dataProtection of data
Disaster Recovery and ResponseDisaster Recovery and Response
Authorization of users accessing the systemAuthorization of users accessing the system
Offset reasonsOffset reasons
Concern of return on investmentConcern of return on investment
Cost of data recoveryCost of data recovery
Liability issues associated with misuse of system resourcesLiability issues associated with misuse of system resources
Business impact of security controls imposed on users of systemBusiness impact of security controls imposed on users of system
Monitor activities of authorized users – to ensure proper insider Monitor activities of authorized users – to ensure proper insider behavior, compliance with mandated procedure, guard against behavior, compliance with mandated procedure, guard against accidental destructive events. accidental destructive events.
Defensive ObjectiveDefensive Objective
Create enough penetration difficulty for the attacker so that level of effort Create enough penetration difficulty for the attacker so that level of effort to penetrate exceeds the value gained on successful penetration.to penetrate exceeds the value gained on successful penetration.
Management must guard against vulnerability by : purchase of additional Management must guard against vulnerability by : purchase of additional hardware or software.hardware or software.
What to purchase based on: what product can be delivered fastest or What to purchase based on: what product can be delivered fastest or what sales claim appropriate for situation.what sales claim appropriate for situation.
No guarantee total security and risk present- tend to use high assurance No guarantee total security and risk present- tend to use high assurance product in attempt to gain confidence in strength of protection we have. product in attempt to gain confidence in strength of protection we have.
High assurance means a very strong level of confidence in terms of the High assurance means a very strong level of confidence in terms of the correct implementation of security protection mechanisms in a product correct implementation of security protection mechanisms in a product
Low Assurance means we have no proof of a correct implementation. Low Assurance means we have no proof of a correct implementation.
OverviewOverview Assurance: Confidence that product operates as intended. Assurance: Confidence that product operates as intended.
Considerations for product and security will address: Considerations for product and security will address: Completeness and strength of the security design architectureCompleteness and strength of the security design architecture
Addressed by security Engineers with training in Information security or Addressed by security Engineers with training in Information security or Information AssuranceInformation Assurance
Assurance/confidence of the product’s operationAssurance/confidence of the product’s operation
Standard for trusted systems: How products are rated today and Critical Standard for trusted systems: How products are rated today and Critical Evaluation Assurance Level (EAL) is determined by:Evaluation Assurance Level (EAL) is determined by: ISO standard 15408 or Common CriteriaISO standard 15408 or Common Criteria Trusted Computer Systems Evaluation Criteria (TCSEC). Trusted Computer Systems Evaluation Criteria (TCSEC).
Documents - qualitative measurement of assurance in security Documents - qualitative measurement of assurance in security software/hardware productssoftware/hardware products
Product SelectionProduct Selection
Recommendation from: Recommendation from: technical staff , budget , sales presentation, assertionstechnical staff , budget , sales presentation, assertions
Confidence in correct operation of product comes from- Confidence in correct operation of product comes from- experience,experience, examination of code, examination of code, Independent reviews, Independent reviews, Testing and Testing and certification by experts and others. certification by experts and others.
Security engineer should be concerned with information Security engineer should be concerned with information assurance (ISO standard) than computer securityassurance (ISO standard) than computer security
Product SelectionProduct Selection
Based on past experience of security engineersBased on past experience of security engineers
Selection based on experience of othersSelection based on experience of others
Third Party testing and evaluation- greatest indicator of Third Party testing and evaluation- greatest indicator of assurance in a product. assurance in a product. Third party conduct a standard suite of test to verify that Third party conduct a standard suite of test to verify that
product does indeed work as vendor claimed. product does indeed work as vendor claimed.
Third party reviews software code, product documentation to Third party reviews software code, product documentation to verify correctness of code, absence of hidden functionality verify correctness of code, absence of hidden functionality and compliance with design specifications. – greater level of and compliance with design specifications. – greater level of assurance that product worked properly as claimed. assurance that product worked properly as claimed.
Trusted Computer Security Evaluation Trusted Computer Security Evaluation Criteria (TCSEC)Criteria (TCSEC)
Approach to measuring assuranceApproach to measuring assurance
Evaluations have been conducted since 80’s.Evaluations have been conducted since 80’s.
DOD initiative to improve trustworthiness of systems used to DOD initiative to improve trustworthiness of systems used to process sensitive and classified information. process sensitive and classified information.
Directed towards ranking O.S as having specific level of assuranceDirected towards ranking O.S as having specific level of assurance
Computing products are evaluated at each of classes (A, B, C, D)Computing products are evaluated at each of classes (A, B, C, D)
If a C or B product was purchased, the buyer was assured that If a C or B product was purchased, the buyer was assured that specific functions were included in the product along with a specific functions were included in the product along with a specific level of trust.specific level of trust.
Classes of AssuranceClasses of Assurance Trusted Computing base (TCB) hardware and software components present in Trusted Computing base (TCB) hardware and software components present in
the system that provide for security functionality. the system that provide for security functionality. D: Minimal ProtectionD: Minimal Protection
Reserved for evaluated systems but failed to meet the requirements for Reserved for evaluated systems but failed to meet the requirements for higher evaluation classhigher evaluation class
C1: Discretionary security protectionC1: Discretionary security protection Separation of users and data. Users are able to protect private information Separation of users and data. Users are able to protect private information
and keep other users form accidental reading or deletion of dataand keep other users form accidental reading or deletion of data
C2: Controlled access protectionC2: Controlled access protection Finer controls than C1 systems. Individual accounted for action thru login Finer controls than C1 systems. Individual accounted for action thru login
procedure, auditing of security and resource isolation. procedure, auditing of security and resource isolation.
B1:Labled security protectionB1:Labled security protection Requires all features of class C2. In addition informal statement of security Requires all features of class C2. In addition informal statement of security
policy model, data labeling and mandatory access control over named policy model, data labeling and mandatory access control over named subjects must be present. subjects must be present.
Classes of AssuranceClasses of Assurance B2: Structured ProtectionB2: Structured Protection
Strengthened authentication mechanismStrengthened authentication mechanism Stringent configuration management controlsStringent configuration management controls Resistant to penetrationResistant to penetration
B3: Security DomainsB3: Security Domains Security admin is supportedSecurity admin is supported System recovery procedures are required. System recovery procedures are required. System is highly resistant to penetrationSystem is highly resistant to penetration
A1: Verified DesignA1: Verified Design Functionally equivalent to class B3. No additional policy Functionally equivalent to class B3. No additional policy
requirements are added. requirements are added. High degree of assurance that trusted computing is correctly High degree of assurance that trusted computing is correctly
implemented. implemented.
Common Criteria(CC):ISO 15408Common Criteria(CC):ISO 15408 Widely used assurance measure of security productsWidely used assurance measure of security products
International standard replaced TCSEC International standard replaced TCSEC
Evaluation done by private lab certified by appropriate government Evaluation done by private lab certified by appropriate government
CC allows third party labs to review the product for :CC allows third party labs to review the product for : Compliance with product specification: Protection Profile (PP)Compliance with product specification: Protection Profile (PP) Report concerning compliance to specification: Security Target Report concerning compliance to specification: Security Target
Hierarchical system of evaluation Hierarchical system of evaluation Evaluation Assurance Level (EAL) 1 – low, 7- HighEvaluation Assurance Level (EAL) 1 – low, 7- High 1 to 4 : Adequate for sensitive industrial use1 to 4 : Adequate for sensitive industrial use 5 to 7: Assurance for sensitive government applications.5 to 7: Assurance for sensitive government applications.
CCCC Product at EAL 1- “functionally tested”Product at EAL 1- “functionally tested”
Refers as blackbox testing- code not examined but test cases Refers as blackbox testing- code not examined but test cases designeddesigned
Product performs in accordance with documentation.Product performs in accordance with documentation.
Evaluation conducted at any lab certified by CC are acceptable. Evaluation conducted at any lab certified by CC are acceptable.
Evaluations are quite expensive — an EAL 2 product evaluation will Evaluations are quite expensive — an EAL 2 product evaluation will often cost at least $250,000. Quite prohibitive for small companies.often cost at least $250,000. Quite prohibitive for small companies.
list of certified products can be found at http://www.niap.nist.govlist of certified products can be found at http://www.niap.nist.gov
SummarySummary
Evaluation comparisons between CC, TCSEC and ITSEC(Interim Evaluation comparisons between CC, TCSEC and ITSEC(Interim European evaluation criteria)European evaluation criteria)
•Prevention, detection and Mitigation Strategies
Source: Idea Group Publishing
SummarySummary
Areas of concerns for security engineer- Prevention, Areas of concerns for security engineer- Prevention, detection and response recovery.detection and response recovery.
CC gains acceptance and strength in government and CC gains acceptance and strength in government and commercial marketcommercial market
170 IT products evaluated till 2004170 IT products evaluated till 2004
EAL ratings 1 through 5 – products can be selected with EAL ratings 1 through 5 – products can be selected with little assurance.little assurance.
