Security Managment - Common Criteria Flashcards
What are typical products which would need certification ?
Network connectors for e-health Smart metering gateways Digital tachographs E-passports Smart cards Card readers
What are the Common Criteria (CC) ?
de-facto standard for product evaluations
What is a Target of Evaluation (TOE) ?
The product or system that is the
subject of the evaluation, e.g. „MinuteGap Firewall“
What is a Protection Profile (PP) ?
Document that identifies security
requirements relevant to a user community for a particular purpose, e.g. „Firewall Protection Profile“
What is the Security Target (ST) ?
Product specification explaining how
security functionality is delivered by the product, e.g.
„MinuteGap Firewall ST“ Can be standalone, can conform to one or more PPs
What is an Evaluation assurance level (EAL)?
a numerical rating (1-7)
reflecting assurance requirements fulfilled during evaluation
Which EAL levels are often used ?
Often used: EAL2, EAL4;
for smartcards also >EAL4 often used
Which augments for the EAL are often used ?
AVA_VAN.5 – vulnerability analysis with high
attack potential
ALC_FLR – flaw remediation process for
security issues detected after certification
What does EAL1 include ?
EAL1 – functionally tested („low assurance“)
- Review of functional and interface specifications
- Some independent testing
What does EAL2 include ?
EAL2 – structurally tested („minimal serious level“)
- Analysis of security functions including high-level design
- Independent testing, review of developer testing
- Penetration testing with „basic“ attack potential
What does EAL3 include ?
EAL3 – methodically tested and checked
- More testing, some development environment controls
- Site visit of development/manufacturing sites
What does EAL4 include ?
EAL4 – methodically designed, tested, and reviewed
- Source code inspections
- Pentesting „Extended-basic“ attack potential
What does EAL5 include ?
EAL5 – semiformally designed and tested
- Formal model, modular design
- Systematic vulnerability search, covert channel analysis
What does EAL6 include ?
EAL6 – semiformally verified design and tested
- Structured development process
- Pentesting with „high“ attack potential
What does EAL7 include ?
EAL7 – formally verified design and tested
- Formal presentation of functional specification
- Product or system design must be simple
- Independent confirmation of developer tests
What does High attack potential mean in relation to augmentation AVA_VAN.5 ?
High attack potential e.g.
- Multiple experts
- Only public knowledge of TOE
- Easy access to TOE (e.g. connected to internet)
- Only standard equipment
- Up to six months effort to identify and exploit
What does a Vulnerability analysis for developer´s code include ?
Vulnerability analysis for developer‘s code
- Flaw hypotheses, interfaces to security functionality,
circumvention of mechanisms, correctness of data
parsing and control flow, cryptographic mechanisms
- Detailed notes/recommendations for some
mechanisms
What does a Vulnerability analysis for third party libraries include ?
Vulnerability analysis for third-party libraries
- CVE search: Are there known vulnerabilities for the
specific versions of integrated libraries?
- Long term support and availability of security
patches?
What does a high EAL mean ?
High EAL = high assurance (confidence)
- How reliable are the evaluation results?
- How thorough was the testing?
Does a high EAL automatically mean high security ?
EAL has nothing to do with security functional
requirements
- Need to look at SFR
- Possible to have very few requirements (i.e. little
functionality) evaluated at high EAL, i.e. very likely that
(albeit few) requirements are correctly implemented
- Often adversaries excluded from PP/ST that are hard to protect
against
- Need to look for assumptions, objectives for environment
