Скачать презентацию Experiences With the Evaluation of Complex Software Products Скачать презентацию Experiences With the Evaluation of Complex Software Products

7e5341e43412cc6e161a5120daff7966.ppt

  • Количество слайдов: 16

Experiences With the Evaluation of Complex Software Products Under the Common Criteria Gerald Krummeck Experiences With the Evaluation of Complex Software Products Under the Common Criteria Gerald Krummeck (atsec), Bill Penny (IBM) Copyright atsec information security, IBM, 2007 How To Eat A Mammoth

§ § § Our Experience Challenges from complex systems Evaluations under the Common Criteria § § § Our Experience Challenges from complex systems Evaluations under the Common Criteria The influence of complexity Strategies in mastering complexity Summary Copyright atsec information security, IBM, 2007 Agenda

§ Evaluation Labs in Germany, USA, Sweden § More than half of all OS § Evaluation Labs in Germany, USA, Sweden § More than half of all OS evaluations performed world-wide • z/OS (IBM Mainframes) • z/VM (IBM Mainframes) • Linux (Su. SE, Red Hat, Oracle) • AIX • Cray • PR/SM, AIX LPAR § Databases • IBM DB 2 • Oracle DB § Tivoli System Management Products Copyright atsec information security, IBM, 2007 atsec‘s Experience

§ ISO 9001 Certified since 1993 § WW development organization • US, Canada, Germany, § ISO 9001 Certified since 1993 § WW development organization • US, Canada, Germany, Australia, US • Mexico, Russia, China § Historically Independent § Long History of IT Management • Project Management • System Management • Process Control § Large Complex Systems • HW, SW • New Function and Service Models § Support Largest WW Business Requirements • High availability, security, integrity Copyright atsec information security, IBM, 2007 IBM‘s experience

Challenges from complex systems Dimensions of complexity in evaluations § Size of the product Challenges from complex systems Dimensions of complexity in evaluations § Size of the product § Size of the TOE (what part will be evaluated) § Amount of security functions Protection Profiles § Depth of evaluation (EAL) § Global distribution of development • • Multi-national Large number of organisational units Copyright atsec information security, IBM, 2007 •

Evaluation under Common Criteria Security Target Design Functional High-Level Low-Level Implemen. Specification Design tation Evaluation under Common Criteria Security Target Design Functional High-Level Low-Level Implemen. Specification Design tation Correspondence Security Policy Model Product Tests Vulnerability Analysis Development Process (Life Cycle) Delivery and Operation Configuration Management Processes Copyright atsec information security, IBM, 2007 Guidance documentation

Example: IBM z/OS Version 1 Release 8 § Size Several Millions LOC (Assembler, PL/X, Example: IBM z/OS Version 1 Release 8 § Size Several Millions LOC (Assembler, PL/X, C, Java) Over 30 years development history Over 300 Manuals (120. 000 pages) Over 630 Claims on security functions in the ST 10 development sites distributed globally § 10 CM systems § Common Corporate Standards and Processes • Toute la Gaule est occupée… Toute? Copyright atsec information security, IBM, 2007 • • •

Interim Result § You cannot look at everything § But you don‘t need to Interim Result § You cannot look at everything § But you don‘t need to • Security functions can be located quite accurately and can be tested thoroughly Requires sufficient experience and product know-how of the evaluators § Development processes become very important § Build trust in the developer to comply with his duties for every piece that has not been scrutinized by the evaluators § Again: Evaluators need experience and product know-how: • • It is an illusion to assume that everybody can perform a good evaluation just by applying the CC methodology (not everybody can eat the mammoth without choking on it) Customers need to identify the right laboratory for them with evaluators skilled in their type of product Copyright atsec information security, IBM, 2007 •

Strategies to master complexity Not everything at once How to eat the mammoth Assistance Strategies to master complexity Not everything at once How to eat the mammoth Assistance Site Certification Copyright atsec information security, IBM, 2007 § §

Not everything at once § Start modest • • Focus on core functionality Start Not everything at once § Start modest • • Focus on core functionality Start with lower assurance level (EAL 2 or EAL 3) Pro: Get your first certificate in due time Con: lower assurance level than competition • • • Start with EAL 2, restrictive configuration Now EAL 4, CAPP/LSPP, almost all packages included In between: write low-level design, add audit functions Copyright atsec information security, IBM, 2007 § Example Linux:

Example z/OS § MVS: Orange Book B 1 (in the mist of times…) § Example z/OS § MVS: Orange Book B 1 (in the mist of times…) § V 1 R 6 – 2005 • • EAL 3, CAPP+LSPP (multilevel security) Core functions: RACF, BCP, JES 2, CS 390, … • • EAL 4 Additional security functions § V 1 R 8 – 2007 • Major expansion of security functionality § V 1 R 9 • … Copyright atsec information security, IBM, 2007 § V 1 R 7 – 2006

How to eat a Mammoth? Bite by bite, of course! Don‘t become intimidated by How to eat a Mammoth? Bite by bite, of course! Don‘t become intimidated by the size Don‘t try to swallow it in one piece, either Important factors: • • • Experience Confidence Perseverance Copyright atsec information security, IBM, 2007 § §

Assistance § 2 Teams from evaluation lab § Evaluators • • Working on-site with Assistance § 2 Teams from evaluation lab § Evaluators • • Working on-site with developers is beneficial Additional testers with product know-how • • Help developer to gather evidence, prepare required documents Do not influence product itself or developer‘s decisions § Experienced certifiers help, too Copyright atsec information security, IBM, 2007 § Consultants

Developer committment • • • Strong leaders at distributed locations Educate, track, report Focus Developer committment • • • Strong leaders at distributed locations Educate, track, report Focus by area (ST, CM, HLD, Test) § Communicate with Evaluation Team • Open, early and frequent discussions Copyright atsec information security, IBM, 2007 § Multi-year committment § Strong project management to coordinate all participating organizations § Strong technical leadership § „Divide and Conquer“

Conclusion § Evaluation of complex products fits well in CC scheme § Medium to Conclusion § Evaluation of complex products fits well in CC scheme § Medium to long term strategy (and committment!) Start modest Increase assurance level and functionality § Processes must fit § Find the right partner with experience and product know-how • ITSEF and certification body Copyright atsec information security, IBM, 2007 • •

Copyright atsec information security, IBM, 2007 Questions, Comments Copyright atsec information security, IBM, 2007 Questions, Comments