Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

RE: Common Criteria

To: "Stanley A. Klein" <sklein@cpcug.org>, "tg1" <stds-1583-tg1@ieee.org>
Subject: RE: Common Criteria
From: "Peter Krupka" <pkrupka@metrowerks.com>
Date: Wed, 1 May 2002 10:45:24 -0500
Sender: owner-stds-1583-tg1@majordomo.ieee.org
Thread-Index: AcHwsWDFY3z39O2cRkOANVXc12VFPwAdeXbA
Thread-Topic: Common Criteria

Following on Stans info and link here is a link to the common criteria documentation http://www.commoncriteria.org/cc/cc.html

Peter Krupka

-----Original Message-----
From: Stanley A. Klein [mailto:sklein@cpcug.org]
Sent: Tuesday, April 30, 2002 1:22 PM
To: tg1
Subject: Common Criteria

This is a brief introduction to the Common Criteria, and completes an
action item I took during the phone conference.  I advocate using the
Common Criteria as the basis for voting system security standards work and
so commented to FEC.

The "Common Criteria and Methodology for Information Security Technology
Evaluation" is aligned with IS 15408.  (The differences are evidently
related to ISO document formatting.)  Both can be obtained at
http://csrc.nist.gov/cc together with a lot of supporting information.

The Common Criteria provide a means for defining the security requirements
of a product (Product Profile) and for describing the security capabilities
of a product (Security Target).  

The Common Criteria are an extension and generalization of the Orange Book,
which addresses confidentiality for defense systems.  The Orange Book is
easier to describe.

Orange Book Class C provides access control based on owner-determined
permissions.  Subclass C1 provides basic features, including passwords,
access control, formal quality assurance, and basic documentation.
Subclass C2 adds requirements such as audit capability.  Class B adds
requirements for security sensitivity labels attached to files and security
clearance levels attached to user accounts.  A user can access a file only
if the file's owner has provided access permission and the file's
sensitivity label is at or below the user's security clearance level.
Class B has three subclasses with increasing requirements for features and
quality assurance, such as having a team of experts take several months
full time to attack the system.  Class A1 is similar to Class B3, except
arcane mathematical methods must be used to prove that the system meets its
specifications.  

The Common Criteria provides a dictionary (some say an encyclopedia) of
security requirements that can be selected.  There are several Evaluation
Assurance Levels (EAL) with gradations of quality assurance requirements.  

There is an international program of accrediting laboratories for testing
security up to EAL-4, which is about the highest level relevant for
non-defense work.  (Rebecca Mercuri, a nationally known expert on voting
systems, told me about a year ago at a meeting that she thinks the EAL for
voting systems should be a modified version of EAL-4.)

PP's and ST's have prescribed outlines that include identification of the
security environment, security goals, threats, and detailed security and
evaluation assurance requirements.  If I understand it correctly (which I
might not), in many (if not most) cases, the detailed requirements can be
cited directly from the dictionary.

The NIST folks we met with last year (at the IEEE/NIST meeting on joint
standards efforts) are in charge of the US activities under the Common
Criteria and would probably be willing to advise us on using them.

Stan Klein

Prev by Date: A couple newspaper articles on touch-screen DRE
Next by Date: Common Criteria
Prev by thread: Common Criteria
Next by thread: P1583 TG1 Conf Call
Index(es):
- Date
- Thread