Evaluation & Certification

Similar documents
Agenda. Bibliography

Guidance for Requirements for qualified trust service providers: trustworthy systems and products

Seagate Supply Chain Standards and Operational Systems

Compliance and Security in a Cloud-First Era

Security Management Models And Practices Feb 5, 2008

Introduce the major evaluation criteria. TCSEC (Orange book) ITSEC Common Criteria

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

Introduce the major evaluation criteria. TCSEC (Orange book) ITSEC Common Criteria

Applied IT Security. Device Security. Dr. Stephan Spitz 10 Development Security. Applied IT Security, Dr.

Synergies of the Common Criteria with Other Standards

TEL2813/IS2820 Security Management

Certification Efforts at Nestor Working Group and cooperation with Certification Efforts at RLG/OCLC to become an international ISO standard

BCS Foundation Certificate in Software Asset Management Essentials Syllabus

Google Cloud & the General Data Protection Regulation (GDPR)

COMMON CRITERIA CERTIFICATION REPORT

How do you decide what s best for you?

What is BS 7799? BS 7799 is the most influential, globally recognised standard for information security management.

FeliCa Approval for Security and Trust (FAST) Overview. Copyright 2018 FeliCa Networks, Inc.

Short Public Report. 2. Manufacturer or vendor of the IT product / Provider of the IT-based service:

Workshop Item 1 - ISO 9001: 2008 migration

ISO/IEC overview

Laboratory Accreditation Building Confidence on Testing Quality

Certification Report

Frequently Asked Questions

CLOUD QUALITY AND CLOUD CERTIFICATION

COMMON CRITERIA CERTIFICATION REPORT

Legal Regulations and Vulnerability Analysis

CC withinthe Context of the EU Privacy Seal - EuroPriSe

With the successful completion of this course the participant will be able to:

WELCOME ISO/IEC 27001:2017 Information Briefing

Overview of conformity assessment programs and ASTM International s related activities

Session objectives. Security Evaluation. Evaluation Standards. Can we trust a secure product/system? CSM27 Computer Security

Information Technology Branch Organization of Cyber Security Technical Standard

Security Architecture

CCM 4350 Week 22. Security Architecture and Engineering. Dr A. Lasebae School of Science and Technology CCM4350 1

TURKISH ACCREDITATION AGENCY. Training, Promotion and Information Directorate

COMMON CRITERIA CERTIFICATION REPORT

Estonian Security System Overview

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

falanx Cyber ISO 27001: How and why your organisation should get certified

Global Wind Organisation CRITERIA FOR THE CERTIFICATION BODY

Privacy Seals: A way forward for building trust. The EuroPriSe project. 1

Module 6: Network and Information Security and Privacy. Session 3: Information Security Methodology. Presenter: Freddy Tan

End-to-end Safety, Security and Reliability Keys for a successful I4.0 Migration

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme

zsah Cloud Offering Security FAQ In partnership with Clearswift

Regulation for the accreditation of product Certification Bodies

COMMON CRITERIA CERTIFICATION REPORT

IMPLEMENTATION COURSE (MODULE 1) (ISO 9001:2008 AVAILABLE ON REQUEST)

Data Protection in the AWS Cloud: Implementing GDPR and Overview of C5

Certification Report

Trust Services for Electronic Transactions

DEMO OF ISO/IEC 17025:2017 AWARENESS AND AUDITOR TRAINING PPT PRESENTATION KIT

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Threat and Vulnerability Assessment Tool

The Value of ANSI Accreditation. Top 10 Advantages. of accredited third-party conformity assessment

Balancing energy and environmental demands

National Information Assurance Partnership

simply secure IncaMail Information security Version: V01.10 Date: 16. March 2018 Post CH Ltd 1 / 12

Certification Report

Information Security In Pakistan. & Software Security As A Quality Aspect. Nahil Mahmood, Chairman, Pakistan Cyber Security Association (PCSA)

Data Protection and GDPR

German Industrial Security Standard and Application Status. RAMI - ICS - SQ Markus Bartsch

National Information Assurance Partnership

eidas Workshop Return on Experience from Conformity Assessment Bodies - EY June 13, 2016 Contacts: Arvid Vermote

ISO/IEC TR Information technology Security techniques Guidelines for the use and management of Trusted Third Party services

SPECIFIC PROVISIONS FOR THE ACCREDITATION OF CERTIFICATION BODIES IN THE FIELD OF INFOR- MATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001)

The International Laboratory Accreditation Cooperation (ILAC) & The International Accreditation Forum (IAF)

COMMON CRITERIA CERTIFICATION REPORT

ISO/IEC INTERNATIONAL STANDARD. Conformity assessment Requirements for bodies certifying products, processes and services

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

COMMON CRITERIA CERTIFICATION REPORT

Sources of Test Reports for TUV SUD BABT Product Certification BABT766. TUV SUD BABT is a certification body of. TUV SUD BABT 2015 Issue 7

Certification Report

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report

Challenges and Solutions of Distributed Systems Composition. Tsui, Tsun-Te / Dr. Jeng, Albert B. Telecom Technology Center

ACCREDITATION: A BRIEFING FOR GOVERNMENTS AND REGULATORS

Description of the certification procedure MS - ISO 9001, MS - ISO 14001, MS - ISO/TS and MS BS OHSAS 18001, MS - ISO 45001, MS - ISO 50001

APLAC Application to Enter the APLAC MRA or to Extend Scope - APLAC MR 003

Building an Assurance Foundation for 21 st Century Information Systems and Networks

Chapter 18: Evaluating Systems

Certification Report

Building Trust in Digital Identities

FiXs - Federated and Secure Identity Management in Operation

HIPAA by the Numbers. Presented by: Mark L. Schuweiler Director of Global Information Assurance Services EDS Corporation

Certification Report

Balancing energy and environmental demands

to confirm that the usability engineering process consisting of the sub-processes

VOLUNTARY CERTIFICATION SCHEME FOR MEDICINAL PLANT PRODUCE

Build confidence in the cloud Best practice frameworks for cloud security

Accreditation programme for management systems certification bodies NAR IRT Edition 2

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

PRODUCT CERTIFICATION SCHEME FOR ENERGY DRINKS

Information Security Management System

Certification Report

Introduction to AWS GoldBase

Certification Report. EAL 4+ (ALC_DVS.2) Evaluation of TÜBİTAK BİLGEM UEKAE. AKİS v1.4i PASAPORT

Security analysis and assessment of threats in European signalling systems?

Certified Information Security Manager (CISM) Course Overview

Transcription:

Evaluation & Certification Dr. Melanie Volkamer (TU Darmstadt) 26.11.2009 Dr. Melanie Volkamer CoE

Overview Evaluation and Certification of Security Requirements Internet Voting Voting Devices Evaluation and Certification other Types of Requirements 2

Security Requirements - Internet Voting 3

Evaluation and Certification Approach k-resilience Value ISO 27001 / IT- Grundschutz Common Criteria for voting software ISO 27001 / IT Grundschutz for operational environment Outside threats k-resilience value insider threats Existing international standards Resarch 4

Common Criteria - Overview The Common Criteria for Information Technology Security Evaluation (CC) is an international standard (ISO15408) for the evaluation and certification of security critical software. users specify security functional and assurance requirements plus the trust model vendors implement and/or make claims about the security of their products, and testing laboratories evaluate products to determine if they actually meet the claims. certification authorities observe the evaluation process & certify products after successful evaluation 5

Common Criteria Protection Profile... is a document, typically created by users/community, which identifies security functional requirements and evaluation assurance requirements plus the trust model for a class of security critical product Common Criteria Protection Profile for Basis Set of Security Requirements for Online Voting Products https://www.bsi.bund.de/cae/servlet/contentblob/480286/publicationfile/29 305/pp0037b_engl_pdf.pdf 6

Common Criteria List of Security Funcational Requirements Evaluation Assurance Requirements EAL 2+ (EAL1-7) Formal methods for EAL6/7 e.g. PI-Calculus for voting protocols ( Mark Ryan) Trust Model / Intruder s Capability Basic (basic, enhanced-basic, moderate, high) Set of Assumptions to the Organisation Environment A.ElectionServer, A.Availability, A.ServerRoom, 7

ISO 27001 / IT-Grundschutz Standard safeguards to evaluate typical organizational environment (incl. IT infrastructure) ISO 27001 / IT- Grundschutz ISO 27001 + IT-Grundschutz 8

IT-Grundschutz - Safeguards Protection of the software (A. Election Server) S 2.17: Entry regulations and controls S 1.58: Technical and organisational requirements for server rooms Availability (A.Availability) S 2.314: Use of high-availability architectures for servers Secure storage S 4.168: Selection of a suitable archive system S 1.60: Appropriate storage of archival media Assistance and training S 3.5: Training on IT security safeguards S 2.198: Making staff aware of IT security issues Personnel S 3.2: Commitment of staff members to compliance with relevant laws,. 9

k-resilience Value The k-resilience value helps to understand the power of possible insider threats; that is which people/ component needs to be trusted. k-resilience Value IT-Grundschutz (k out of N)-resilient (k 1 k m ) out of (N 1,,N m )- resilient (k 1 k m ) out of (N 1,,N m )- resilient Propositional logic term Conjunctive normal form 10

Additional Evaluations? Data protection evaluation FIPS 140-1/2 ; ISO/IEC 19790 (Security requirements for cryptographic modules) ISO/IEC 27002 (Code of practice for information security management) ISO/IEC 27005 (IT Security management) Formal protocol verification 11

Evaluation Election Pen DotVote? CC - EAL 3+ DFKI, TÜV-IT, Datenschutz Nord, BSI PTB, Baumuster -prüfung Uni Cambridge: Emission Test ULD Data Protection Test Datenschutz Nord Accreditation by Ministry of the Interior functional requirements

Security Requirements Voting Devices Common Criteria Standards Related to Physical Security (including seals) Evaluation regarding Side Channel Attacks (time, power, emission) Evaluation of the Logistic Concept If a voting protocol is in place formal proofs 13

Other Types of Requirements Usability (HCI, ISO 13407) Efficiency / Functionality More? 14

Open Questions Evaluation / Certification / Accreditation Parties Do we want to require that two independent parties must be involved one of the evaluation and one for the certification? Maybe different evaluation parties for different criteria/areas and one (?) certification authority should be required? How to accredit evaluation and/or certification authorities? How to ensure that certificates from one country are accepted in another country? Maybe involve central organization like CoE or OSCE for the certification? 15

Open Questions Transparency Do we want to require that the evaluation process and criteria must be transparent? What about the evaluation report, who should have access to this? What about the assumptions for the operational environment? Do we require making this explicit? What about the addressed threat model / attacker capability? Do we require making this explicit? What about the evaluation depth? Do we require making this explicit? 16

Open Questions CC / ISO27001 How to combine different evaluation methods? E.g. the assumptions made to the operational environment in the CC context should be addressed in the evaluation according to ISO27001? Do we want to have a common CC Protection Profile or corresponding templates for other approaches? Advantage of ISO XXX to own security audit? How to use CC in countries which have not signed the CC contract? 17

Open Questions Which of the evaluation techniques/approaches are required? What about formal proofs for the voting protocol or even more? What is part of the evaluation? E.g., what about the delivery procedure, logistic concepts,? What about re-evaluation / re-certification before each election? 18

Thank you for your attention! Questions? www.cased.de Center for Advanced Security Research Darmstadt melanie.volkamer@cased.de http://www.springer.com/computer/information+systems/ book/978-3-642-01661-5 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback