Unit 7: Designing Trusted Operating System




          The Common Criteria for Information Technology Security Evaluation                    Notes

          Also abbreviated as Common Criteria or CC is an international standard (ISO/IEC 15408) for
          computer security certification. It is currently in version 3.1.
          Common Criteria is a framework in which computer system users can specify their security
          functional and assurance requirements, vendors can then implement and/or make claims about
          the security attributes of their products, and testing laboratories can evaluate the products to
          determine if they actually meet the claims. In other words, Common Criteria provides assurance
          that the process of specification, implementation and evaluation of a computer security product
          has been conducted in a rigorous and standard manner.
          Recognition Agreement with 5 signers namely US, UK, Canada, France and Germany. But as of
          May 2002, 10 more signers i.e. Australia, Finland, Greece, Israel, Italy, Netherlands, New Zealand,
          Norway, Spain, Sweden; India, Japan, Russia, South Korea developing appropriate schemes.
          The TCSEC defined a number of levels of assurance:

          D – basically, no protection. Any system can get this level.
          C1– discretionary access control
          C2– controlled access protection (a finer grained discretionary access control)
          B1 – labeled security protection

          Each object is assigned a security level and mandatory access controls are used.
          B2 – structured protection. This is level B1 with formal testing of a verified design.
          B3 – security domains. The security kernel must be small and testable.
          A1– verified design. A formal design exists and has been thoroughly examined.

          The TCSEC was a good document for its day, but it was overtaken by the arrival of the Internet
          and connectivity to the Internet. Several operating systems were rated as C1 or better, provided
          that the system was running without connection to the Internet.
          More recently, the U.S. Government has published the Combined Federal Criteria, followed in
          1998 by the Common Criteria. This document proposed a number of levels of assurance (seven,
          I think) with higher levels being more secure and the top level being characterized as
          “ridiculously secure”.

          Self Assessment


          Fill in the blanks:
          5.   There are ……………….. requirements under the accountability objective.
          6.   …………………………………………. is a United States Government Department of Defense
               (DoD) standard that sets basic requirements for assessing the effectiveness of computer
               security controls.
          7.   The …………………….. or DoDD 5200.28-STD was canceled by DoDD 8500.1 on October
               24, 2002.
          8.   ……………………………. represents one of the larger vulnerabilities in operating systems.
          9.   Assurance criteria are specified to enable …………………….







                                           LOVELY PROFESSIONAL UNIVERSITY                                   85