Domain 3 - Security Engineering Flashcards
Common Criteria ISO 15408
Structured methodology for documenting security requirements,
documenting and validating
Evaluation Assurance Level 0
EAL0 – Inadequate assurance
Evaluation Assurance Level 1
EAL1 – Functionally tested
Evaluation Assurance Level 2
EAL2 – Structurally tested
Evaluation Assurance Level 3
EAL3 – Methodically tested and checked
Evaluation Assurance Level 4
EAL4 – Methodically designed, tested and reviewed
Evaluation Assurance Level 5
EAL5 – Semi formally designed and tested
Evaluation Assurance Level 6
EAL6 – Semi formally verified design and tested
Evaluation Assurance Level 7
EAL7 – Formally verified design and tested
Target of Evaluation (TOE):
The product
Protection Profile
Set of security requirements for a category of products that meet specific
consumer security needs
Security Target (ST):
dentifies the security properties of TOE
Security Functional Requirements (SFRs)
Specific individual security function
NIST SP 800-27
- Initiation; need expressed, purpose documented, impact assessment
- Development/Acquisition; system designed, purchased, programmed, developed or constructed.
- Implementation; system tested and installed, certification and accreditation
- Operation/Maintenance; performs function, security operations, audits
Primary Storage
Is a temporary storage area for data entering and leaving the CPU
Process states:• Stopped;
Process finishes or must be terminated
Process states:• Waiting
The process is ready for continued execution but is waiting for a device or access
Process states: Running;
Executes on the CPU and keeps going until it finishes, its time slice expires, or it is
blocked
Process states:• Ready;
Ready; process prepared to execute when CPU read
Multitasking
execute more than one task at the same time
Multiprocessing
more than one CPU is involved.
Multi-Threading:
Execute different parts of a program simultaneously
Single state machine
Operates in the security environment at the highest level of classification of the
information within the computer. In other words, all users on that system must have clearance to access
the info on that system.
Multi-state machine
Can offer several security levels without risk of compromising the system’s
integrity