CIS 4615 meeting -*- Outline -*-

* Overview of the Common Criteria
------------------------------------------
          COMMON CRITERIA
       for IT Security Evaluation

From www.commoncriteriaportal.org

Purpose:
  - to allow comparison between
    security evaluations of IT products
    by consumers

Evaluation in the context of
    security properties

Key terms:

def: *Target of Evaluation* (TOE) is



Examples:






------------------------------------------
        The consumer focus is important: the main goal
           but the "consumer" might be a company (e.g., LMCO)

    ... a set of software, firmware and/or hardware possibly
        accompanied by guidance.

    ... a software application
        an OS
        an app on a particular OS
        a smartcard IC
        a LAN with all the hardware and software in it

** TOE
------------------------------------------
        TOE REPRESENTATION AND GUIDANCE

Represented as:
  - as source code,
  - as a boxed product, to be installed
  - an installed and operational version

Guidance:
    may restrict the configurations
     allowed




------------------------------------------

    Q: What kind of thing could be an example of configuration
    guidance?
       e.g., change the account passwords, close all ports except...

** Evaluation of the TOE
------------------------------------------
               EVALUATION

Based on Security Targets
       = Security Requirements

Security Target contains:
   - a threat model
       (assets, threats) 
   - countermeasures for each threat

Countermeasure types:
   - for the TOE
   - for the operational environment





Countermeasures for the TOE are summarized
  in 

------------------------------------------

   Q: For the airline reservation system,
       what is an example of a countermeasure for the TOE?
       ...access control on the database
   Q: What is an example of a countermeasure for 
       the operational environment?
       ...physical security of the building housing the database

   ... security functional requirements

------------------------------------------
 HOW IS CORRECTNESS OF THE TOE DETERMINED?

- Testing
- Examining the design
- Examining the physical security of
  the development environment


------------------------------------------

   examining the design is static analysis!

   Q: Why would we care about the physical security of 
      the DEVELOPMENT environment? 
      Note: this is not the operational environment of the TOE!
      It's an integrity issue.

   The operational environment is ignored! (Assumed correct)