IT-Security Evaluation Criteria
IT-Security Evaluation Criteria
IT-Security Evaluation Criteria
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Organisation and Construction of <strong>Security</strong> Requirements:<br />
Classb Family k Component Packages<br />
Component<br />
…. Protection Profile<br />
Component Possible<br />
Input sources<br />
for PP<br />
Classa Familiy j Component<br />
Package:<br />
Reusable set of either functional or assurance components (e.g, EALs )<br />
<strong>Security</strong> Target (ST):<br />
Set of security requirements used as a basis for evaluation of an identified<br />
TOE<br />
Family i Component<br />
Component<br />
…,<br />
Component <strong>Security</strong> Target<br />
Possible<br />
Component Optional extended input sources<br />
…… (non-CC) <strong>Security</strong> for ST<br />
Component Requirements<br />
Tillämpad datasäkerhet (DAVC17) – <strong>Security</strong> <strong>Evaluation</strong> <strong>Criteria</strong> Simone Fischer-Hübner 21<br />
Tillämpad datasäkerhet (DAVC17) – <strong>Security</strong> <strong>Evaluation</strong> <strong>Criteria</strong> Simone Fischer-Hübner 22<br />
Protection Profile (PP):<br />
Implementation-independent, reusable set of security-requirements for a<br />
category of TOEs that meet specific consumer needs<br />
Example PPs:<br />
- Commercial security profile<br />
- Profiles to replicated TCSEC C2 and B1 requirements<br />
- A role based access control (RBAC) profile<br />
- Smart card profiles<br />
- Firewall profiles<br />
CC registry system for approved PPs<br />
Functional <strong>Security</strong> Requirements (Part 2):<br />
Classes of <strong>Security</strong> Functional Requirements:<br />
• FAU (<strong>Security</strong> Audit)<br />
• FCO (Communication/Non-Repudiation)<br />
• FCS (Cryptographic Support)<br />
• FDP (User Data Protection)<br />
• FIA (Identification and Authentication)<br />
• FMT (<strong>Security</strong> Management)<br />
• FPR (Privacy)<br />
• FPT (Protection of the TOE <strong>Security</strong> Functions)<br />
• FRU (Resource Utilisation)<br />
• FTA (TOE Access)<br />
• FTP (Trusted path/channels).<br />
Tillämpad datasäkerhet (DAVC17) – <strong>Security</strong> <strong>Evaluation</strong> <strong>Criteria</strong> Simone Fischer-Hübner 23<br />
Tillämpad datasäkerhet (DAVC17) – <strong>Security</strong> <strong>Evaluation</strong> <strong>Criteria</strong> Simone Fischer-Hübner 24