IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Hardware & Software Remarks
____________________________________________________________________ .........................................
S 4.88 Operating system security requirements when
using crypto modules
Initiation responsibility: IT Security Management
Implementation responsibility: IT Security Management
Whenever crypto modules are used, the way in which they are integrated into
or dependent on the operating system running on the host system is
particularly significant. The interaction between the operating system and the
crypto module must ensure that:
- the crypto module cannot be deactivated or circumvented (for example by
manipulation or by the exchange of drivers);
- the keys used or stored by the module cannot be compromised (for
example by the reading out of RAM areas);
- the data being protected can be stored on data media (including being
stored without encryption) or may leave the information-processing system
(for example if there is a network connection) only with the knowledge of
and under the control of the user;
- attempts at manipulation of the crypto module will be detected.
The level of the operating system security requirements is liable to vary
according to the type of crypto module (implementation in hardware or
software, strategy for integration into the IT component etc.), the conditions in
which it is used and the degree of protection required for the data. Where
crypto modules are implemented in software, the use of a secure operating
system is particularly important. Commercial PC operating systems are
generally so complex and subject to such short innovation cycles that it is
barely possible to verify or prove the security of data or a system. One
exception may be proprietary operating systems or operating systems
optimised for special applications (such as special-purpose operating systems
in cryptographic devices). It is therefore important when using cryptographic
products with standard operating systems for such purposes as file encryption
or the safeguarding of e-mails that all standard security measures for the
operating system are put in place. The security-related requirements for these
IT systems are described in the respective system-specific sections, for
example for clients in Chapter 5 and for servers in Chapter 6.
Crypto modules implemented in hardware can be designed so as to
compensate for deficiencies in operating system security, or to eliminate them
altogether. The responsibility for satisfying the requirements specified above
lies solely with the crypto module. It must be able to recognise, for example,
whether or not authorisation is required to write unencrypted data to data
media or other device interfaces, bypassing the module. The user must decide
what combination of operating system and crypto module is required, in
compliance with the security policy drawn up for his particular working
environment.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000