- Goals
- Provide way to assess security products
- Provide general guidance/philosophy on how to build more secure products
- Four divisions labeled D thru A
- Divisions split into numbered classes
D and C Divisions - D minimal protection
- Losers that can’t get into higher division
- C discretionary protection, i.e., don’t enforce security, just have means to detect breaches (audit)
- C1 discretionary security protection
- C2 controlled access protection
- C2 slightly stronger than C1 (both vague)
B Division - B mandatory protection
- B is a huge step up from C
- C: break security, you might get caught
- B: “mandatory”, so you can’t break it
- B1 labeled security protection
- All data labeled, which restricts what can be done with it
- This access control cannot be violated
B and A Divisions - B2 structured protection
- Adds covert channel protection onto B1
- B3 security domains
- On top of B2 protection, adds that code must be tamperproof and “small”
- A verified protection
Orange Book: Last Word - Also a 2nd part, discusses rationale
- Not very practical or sensible, IMHO
- But some people insist we’d be better off if we’d followed it
- Others think it was a dead end
- And resulted in lots of wasted effort
- Aside… people who made the orange book, now set security education standards
Common Criteria - Successor to the orange book (ca. 1998)
- Due to inflation, more than 1000 pages
- An international government standard
- And it reads like it…
- Won’t ever stir same passions as orange book
- CC is relevant in practice, but usually only if you want to sell to the government
- Evaluation Assurance Levels (EALs)
- 1 thru 7, from lowest to highest security
Chia sẻ với bạn bè của bạn: |