GPG-403

Common Criteria Common Criteria –– Better, Faster Better, Faster d Ch ?d Ch ?and Cheaper?and Cheaper? Audrey Dale & David Martin Common Criteria Development Board 04/24/09 | Session ID: GPG-40304/24/09 | Session ID: GPG 403 Session Classification: UNCLASSIFIED Get ready for a high speed tour…Get ready for a high speed tour… ...toward Common Criteria Version 4.0...toward Common Criteria Version 4.0 Warnings, caveats and more…Warnings, caveats and more… AgendaAgenda What is it? Where are we today? Where are we going? How are we going to get there? What do we want to end up with? 4 What is it? What is it? Question #1Question #1 Which of the following are true about the Common Criteria?Common Criteria? a. It is an international standard used for evaluating IT productsproducts b. The Common Criteria Recognition Arrangement (CCRA) was signed in 1776 c. 10 products have been evaluated and certified to date d. Evaluations are mutually recognized up through EAL 4 by CCRA member nations 6 Question #1Question #1-- AnswerAnswer Which of the following are true about the Common Criteria? a. It is an international standard used for evaluating IT products b. The Common Criteria Recognition Arrangement (CCRA) was signed in 1776 - 1998 c. 10 products have been evaluated and certified to date – over 1,000 d Evaluations are mutually recognized up throughd. Evaluations are mutually recognized up through EAL 4 by CCRA member nations 7 Question #2Question #2 Which of the following is NOT a key component of the CC Recognition Arrangement? a. CC Evaluation Laboratories b. Security Targetsy g c. Protection Profiles d. The Orange Bookd e O a ge oo e. Certification Bodies f Supporting Documentsf. Supporting Documents 8 Question #2 Question #2 -- AnswerAnswer Which of the following is NOT a key component of the CC Recognition Arrangement? a. CC Evaluation Laboratories b. Security Targetsy g c. Protection Profiles d. The Orange Bookd e O a ge oo e. Certification Bodies f Supporting Documentsf. Supporting Documents 9 Bonus QuestionBonus Question Which country is NOT a member of the CCRA? a. b. c. e. d. g f. e. 10 g. Bonus Question Bonus Question -- AnswerAnswer Which country is NOT a member of the CCRA? a. b. c. e. d. g f. e. 11 g. Where are we today?today? The CC TodayThe CC Today „ CC Version 3.1 „ Over 1000 products evaluated „ 26 countries & more knocking on the door Introduction Part 1 door „ Many lessons learned over the past 10 years Functional Requirement Part 2 y „ Some countries researching alternative evaluation methodologies Part 2 „ The CC can accommodate the lessons learned and needs of the community Assurance Requirement Part 3 13 Where are we going?going? Inputs for CC V 4.0Inputs for CC V 4.0 ƒ UK and US research & trials ƒ CC Development Board interactions with users and vendors ƒ CC Development Board has also been considering general assurance developments C bi i bj ti it / t bilit ith tƒ Combining objectivity/repeatability with expert knowledge 15 Lessons Learned Lessons Learned ƒ Technical experts critical ƒ Use “real” development artifacts ƒ Consider vendor’s development and updateConsider vendor s development and update process ƒ Create more meaningful reportsƒ Create more meaningful reports ƒ Must have evaluator support tools ƒ Need analysis tools ƒ Smartcard community got it right What have IT vendors said they want?What have IT vendors said they want? z “Credit for their assurance efforts A ffi i tz An efficient process z A process that helps them improve QuickTime™ and a TIFF (Uncompressed) decompressor are needed to see this picture. p p p z Results valued by customers z Results that are widely applicable and widely recognized What have users told us they want?What have users told us they want? The most current evaluated Meaningful outputs The ability to products The ability to compare products How are we going to get there?to get there? CC V 4.0 Working GroupsCC V 4.0 Working Groups • Evidence Based Approach • Evaluator Skills and Interaction • Predictive Assurance• Predictive Assurance • Meaningful Reports • Tools • Implementation AssuranceImplementation Assurance Evidence Based Approach Evidence Based Approach „ Consider alternative techniques d th dand methods „ Consider all vendor evidence C id d f l„ Consider vendor use of tools Predictive AssurancePredictive Assurance „ Consider vendor development processdevelopment process „ Increased understanding of the product roadmap „ Consider vendor flaw remediation process „ Goal = longer certificate validity Meaningful ReportsMeaningful Reports „ Improve all evaluation outputs „ Provide more information on residual risks, strengths/weaknessesstrengths/weaknesses „ Provide configuration guidance for effective use ofguidance for effective use of security mechanisms „ Provide customers with the information required for their assurance decisions Evaluator Skills and Interaction Evaluator Skills and Interaction „ Underpins the other work ititems „ Considering how to provide increased commonality in y evaluator „ Training A t„ Assessment „ Interaction (within and between schemes) ToolsTools „ Original aim - to define tools th t ill t ll f ththat will support all of the working methods described in the other work areas „ Redirected to define workflows (allowing development of tools) „ Encourage use of tools by vendors Implementation AssuranceImplementation Assurance • New approach aimed at large software products • Examining aspects of implementation that can be measured objectively and reportedreported • Examples are defensive compiler features • Based on extensive use of Protection Profiles • To be developed in conjunction with vendors • Complementary to the other workgroups General CC V 4.0 Development ProcessGeneral CC V 4.0 Development Process z Minimize resource loading on schemes with g much of work pursued electronically Wikis used during the start up meetings & willz Wikis used during the start up meetings & will be used for further development z Similar approach likely for external interaction z Each workgroup will set up appropriate timingz Each workgroup will set up appropriate timing and collaboration methods Sample WikiSample Wiki What do we wantWhat do we want to end up with? End GoalEnd Goal The Common Criteria The Common Criteria –– butbut Better, Better, FasterFasterFaster Faster and Cheaper!!!and Cheaper!!!and Cheaper!!!and Cheaper!!! Specific AimsSpecific Aims „ Evaluations performed by the optimum combination of subject matter experts and assurance experts „ Supporting national and international interactions with other evaluators (with suitable protection for developer's IP) „ Common assessment levels for evaluator skills „ Evaluators examine evidence produced as a normal part of the product developmentpart of the product development „ Evaluators examine vendor development process i l di th i f t lincluding their use of tools Specific AimsSpecific Aims „ Supporting the provision of 'predictive assurance' R t ill l d t b t it d t„ Reports will use language and concepts best suited to user’s needs „ Clear focus on the flaw remediation process and the strategic development plans for the product „ Greater focus upon implementation aspects Better broad comparability in assurance levels between„ Better broad comparability in assurance levels between technologies ApplyApply ƒ Vendors – volunteer for a CC V4.0 trial evaluationevaluation ƒ Vendors – tell us what new technologies you’re buildingbuilding ƒ Customers – tell us what new technologies you need and are planning to useneed and are planning to use ƒ Customers – tell us what information would be helpful in our reportshelpful in our reports ƒ All – help us with the development of the new version via your national scheme 33 y End of the high speed tour…End of the high speed tour… Questions ???