信息安全導(dǎo)論安全評(píng)估

信息安全導(dǎo)論安全評(píng)估ToC安全評(píng)估準(zhǔn)則DOD/TCSEC

橘皮書(shū)DOD/TNI

ITSEC

CSSCNIST/FIPSCCBS7799密碼設(shè)備的評(píng)估安全方案的規(guī)劃需求分析具體方案基礎(chǔ)設(shè)施產(chǎn)品規(guī)劃關(guān)于安全評(píng)估需要什么樣的安全使用什么技術(shù)買(mǎi)什么產(chǎn)品對(duì)產(chǎn)品的評(píng)估如何部署和實(shí)施對(duì)運(yùn)行系統(tǒng)的現(xiàn)狀的評(píng)估標(biāo)準(zhǔn)：關(guān)于建立、評(píng)估、審計(jì)沿革關(guān)系TCSEC/85/AM

┣ITSEC/90/EU ┓ ┣CTCPEC/90/CA ┃ ┗FC/91/AM ┫ ┗CC/95(99IS)BS7799/95/EN ┗ISO17799/2000/ISODOD/TCSECC級(jí)自主保護(hù)級(jí)C級(jí)具有一定的保護(hù)能力，采用自主訪問(wèn)控制和審計(jì)跟蹤一般只適用于具有一定等級(jí)的多用戶(hù)環(huán)境具有對(duì)主體責(zé)任及其動(dòng)作審計(jì)的能力C1級(jí)自主安全保護(hù)級(jí)隔離用戶(hù)與數(shù)據(jù)，使用戶(hù)具備自主安全保護(hù)的能力為用戶(hù)提供可行的手段，保護(hù)用戶(hù)和用戶(hù)組信息，避免其他用戶(hù)對(duì)數(shù)據(jù)的非法讀寫(xiě)與破壞適用于處理同一敏感級(jí)別數(shù)據(jù)的多用戶(hù)環(huán)境C2級(jí)控制訪問(wèn)保護(hù)級(jí)比C1級(jí)具有更細(xì)粒度的自主訪問(wèn)控制通過(guò)注冊(cè)過(guò)程控制、審計(jì)安全相關(guān)事件以及資源隔離，使單個(gè)用戶(hù)為其行為負(fù)責(zé)B級(jí)強(qiáng)制保護(hù)級(jí)B級(jí)維護(hù)完整的安全標(biāo)記，并在此基礎(chǔ)上執(zhí)行一系列強(qiáng)制訪問(wèn)控制規(guī)則主要數(shù)據(jù)結(jié)構(gòu)必須攜帶敏感標(biāo)記提供安全策略模型以及規(guī)約應(yīng)提供證據(jù)證明訪問(wèn)監(jiān)控器得到了正確的實(shí)施B1級(jí)標(biāo)記安全保護(hù)級(jí)要求具有C2級(jí)系統(tǒng)的所有特性應(yīng)提供安全策略模型的非形式化描述、數(shù)據(jù)標(biāo)記以及命名主體和客體的強(qiáng)制訪問(wèn)控制消除測(cè)試中發(fā)現(xiàn)的所有缺陷-B2級(jí)結(jié)構(gòu)化保護(hù)級(jí)要求將B1級(jí)系統(tǒng)中建立的自主和強(qiáng)制訪問(wèn)控制擴(kuò)展到所有的主體與客體鑒別機(jī)制應(yīng)得到加強(qiáng)，提供可信設(shè)施管理以支持系統(tǒng)管理員和操作員的職能提供嚴(yán)格的配置管理控制B2級(jí)系統(tǒng)應(yīng)具備相當(dāng)?shù)目節(jié)B透能力-B3安全區(qū)域保護(hù)級(jí)安全管理員職能擴(kuò)充審計(jì)機(jī)制當(dāng)發(fā)生與安全相關(guān)的事件時(shí)，發(fā)出信號(hào)提供系統(tǒng)恢復(fù)機(jī)制系統(tǒng)具有很高的抗?jié)B透能力A級(jí)驗(yàn)證保護(hù)級(jí)A級(jí)使用形式化的安全驗(yàn)證方法，保證系統(tǒng)的自主和強(qiáng)制安全控制措施能夠有效地保護(hù)系統(tǒng)中存儲(chǔ)和處理的秘密信息或其他敏感信息為證明滿(mǎn)足設(shè)計(jì)、開(kāi)發(fā)及實(shí)現(xiàn)等各個(gè)方面的安全要求，系統(tǒng)應(yīng)提供豐富的文檔信息A1級(jí)驗(yàn)證設(shè)計(jì)級(jí)在功能上和B3級(jí)系統(tǒng)是相同的要求用形式化設(shè)計(jì)規(guī)范和驗(yàn)證方法來(lái)對(duì)系統(tǒng)進(jìn)行分析，確保按設(shè)計(jì)要求實(shí)現(xiàn)-超A1級(jí)系統(tǒng)體系結(jié)構(gòu)安全測(cè)試形式化規(guī)約與驗(yàn)證可信設(shè)計(jì)環(huán)境等TNITNITrustedNetworkInterpretationoftheTCSECGoto “TNI.htm” “TNIEG.htm”ContentPartIPartIIAPPENDIXA,B,CTNI/IPartIofthisdocumentprovidesinterpretationsoftheDepartmentofDefenseTrustedComputerSystemEvaluationCriteria(TCSEC)(DOD-5200.28-STD),fortrustedcomputer/communicationsnetworksystems.Thespecificsecurityfeature,theassurancerequirements,andtheratingstructureoftheTCSECareextendedtonetworksofcomputersrangingfromisolatedlocalareanetworkstowide-areainternetworksystems.TNI/IIPartIIofthisdocumentdescribesanumberofadditionalsecurityservices(e.g.,communicationsintegrity,denialofservice,transmissionsecurity)thatariseinconjunctionwithnetworks.Thoseservicesavailableinspecificnetworkofferings,whileinappropriatefortherigorousevaluationappliedtoTCSECrelatedfeatureandassurancerequirements,mayreceivequalitativeratings.ITSECITSECbyEuropeanUnionInformationTechnologySecurityEvaluationCriteriaGoto“itsec-en.pdf”Ex遞增E0無(wú)安全保證E1有安全目標(biāo)和關(guān)于體系結(jié)構(gòu)設(shè)計(jì)的非形式化描述E2對(duì)詳細(xì)設(shè)計(jì)有非形式化的描述-E3評(píng)估源代碼或硬件設(shè)計(jì)圖E4有對(duì)安全目標(biāo)/策略的基本形式模型E5設(shè)計(jì)和源代碼/硬件有緊密的對(duì)應(yīng)關(guān)系E6安全功能/體系結(jié)構(gòu)設(shè)計(jì)與安全目標(biāo)/策略模型一致CSSC’CTCPECCSSC:CTCPECGoto“ctcpec1.pdf”CanadianSystemSecurityCentre:CanadianTrustedComputerProductEvaluationCriteriaItisacomputersecuritystandardcomparabletotheAmericanTCSEC("OrangeBook")butsomewhatmoreadvanced.IthasbeensupersededbytheinternationalCommonCriteriastandard.可和TCSEC相比，但更進(jìn)步已被國(guó)際標(biāo)準(zhǔn)CC替代NIST/FIPSCCCC3PartsPart1 IntroductionandGeneralModelPart2 SecurityFunctionalRequirements AnnexesPart3 SecurityAssuranceRequirementsrefto:////addon_11/CC_Overview.pptCC/EALEvaluationAssuranceLevelsEAL1：功能測(cè)試EAL2：結(jié)構(gòu)測(cè)試EAL3：系統(tǒng)測(cè)試和檢查EAL4：系統(tǒng)設(shè)計(jì)、測(cè)試和復(fù)查EAL5：半形式化設(shè)計(jì)和測(cè)試EAL6：半形式化驗(yàn)證的設(shè)計(jì)和測(cè)試EAL7：形式化驗(yàn)證的設(shè)計(jì)和測(cè)試EAL1:FunctionalTestConfidenceincurrentoperationisrequiredNoassistancefromTOEdeveloperApplicablewherethreattosecurityisnotseriousIndependenttestingagainstspecificationandguidancedocumentationEAL2:StructuralTestRequiressomecooperationofthedeveloperAddsrequirementsforconfigurationlist,delivery,high-leveldesigndocumentation,developerfunctionaltesting,vulnerabilityanalysis,andmoreextensiveindependenttestingEAL3:MethodicalTestandCheckRequiressomepositivesecurityengineeringatthedesignstage,withminimalchangestoexistingpracticesAddedassurancethroughinvestigationofproductanddevelopmentenvironmentcontrols,andhigh-leveldesigndocumentationPlacesadditionalrequirementsontesting,developmentenvironmentcontrolsandTOEconfigurationmanagementEAL4:MethodicalDesign,Test,andReviewHighestlevellikelyforretrofitofanexistingproductAdditionalrequirementsondesign,implementation,vulnerabilityanalysis,lowleveldesigndocumentation,developmentandsystemautomatedconfigurationmanagement,andaninformalsecuritypolicymodelEAL5:SemiformalDesignandTestHigherassurance,risksituations–wheresomepenetrationresistanceisneededRequiresrigorouscommercialdevelopmentpracticesandmoderateuseofspecialistengineeringtechniquesAdditionalrequirementsonsemi-formalfunctionalspecification,high-leveldesign,andtheircorrespondence,vulnerability,andcovertchannelanalysisEAL6:SemiformallyVerifiedDesignandTestedHighAssurance-wherepenetrationresistanceisnecessaryAdditionalrequirementsonanalysis,layeredTOEdesign,semi-formallow-leveldesigndocumentation,completeCMsystemautomationandastructureddevelopmentenvironment,andvulnerability/covertchannelanalysisEAL7:FormallyVerifiedDesignandTestedHighestassurance–wherehighresistancetopenetrationisnecessaryAssuranceisgainedthroughapplicationofformalmethodsinthedocumentationofthefunctionalspecificationandhigh-leveldesignAdditionalrequirementsforcompletedevelopertestingandcompleteindependentconfirmationofthetestresultsCOMP

CCTCSECITSEC-DE0EAL1--EAL2C1E1EAL3C2E2EAL4B1E3EAL5B2E4EAL6B3E5EAL7A1E6BS7799BS7799byBSI–theBritishStandardsInstitution2000,ISO/17799Goto:“BS7799-1_1999(ISO).doc”TwopartsISO17799BS7799-2BS7799s介紹有關(guān)敏感資料管理的國(guó)際認(rèn)可標(biāo)準(zhǔn)，強(qiáng)調(diào)資料的保密性及完整性。此標(biāo)準(zhǔn)可分為兩部份：首部份為準(zhǔn)則部份，旨在協(xié)助機(jī)構(gòu)確認(rèn)其運(yùn)作對(duì)資料保密方面的影響，這項(xiàng)準(zhǔn)則已納入ISO品質(zhì)認(rèn)證的范疇之內(nèi)（ISO17799認(rèn)證），涵蓋10大范疇，127控制點(diǎn)；次部份為施行細(xì)則，是有關(guān)資料保密管理系統(tǒng)InformationSecurityManagementSystem的架構(gòu)、目標(biāo)以及監(jiān)控。BS7799認(rèn)證標(biāo)準(zhǔn)早于一九九五年確立，旨在協(xié)助各行各業(yè)及政府機(jī)構(gòu)加強(qiáng)資料保安，一直獲各地機(jī)構(gòu)廣泛采用，某些國(guó)家政府更將BS7799認(rèn)證列為全國(guó)通用的標(biāo)準(zhǔn)。Parts1,2Part1:ISO/IEC17799:2000thestandardcodeofpracticeandcanberegardedasacomprehensivecatalogueofgoodsecuritythingstodo.Part2:BS7799-2:2002SpecifyforsecuritymanagementastandardspecificationforanInformationSecurityManagementSystems(ISMS).AnISMSisthemeansbywhichSeniorManagementmonitorandcontroltheirsecurity,minimisingtheresidualbusinessriskandensuringthatsecuritycontinuestofulfilcorporate,customerandlegalrequirements.ToCofP1InformationsecuritypolicySecurityorganizationAssetsclassificationandcontrolPersonalsecurityPhysicalandenvironmentalsecurityComputerandnetworkmanagementSystemaccesscontrolSystemdevelopmentandmaintenanceBusinesscontinuityplanningComplianceBS7799認(rèn)證links對(duì)密碼設(shè)備的評(píng)估國(guó)內(nèi)相關(guān)的法規(guī)《商用密碼管理?xiàng)l例》…國(guó)外NISTFIPS140-2Goto “fips140-2.pdf” “fips140-2_SL.1-4.txt” “fips140faq.htm”SecurityLevel1//該級(jí)提供安全的最低水平。不要求物理安全機(jī)制。一個(gè)例子就是PC機(jī)加密板。//該級(jí)允許在未經(jīng)評(píng)估的一般商用機(jī)器系統(tǒng)上運(yùn)行你的密碼模塊。這主要是為了方便一些低安全需求的場(chǎng)合?！癴ips140-2_SL.1-4.txt”SecurityLevel2//該級(jí)增加了防干擾或竄改的物理安全機(jī)制要求，包括封裝、封條、防撬等。//該級(jí)要求最小的基于角色的認(rèn)證。//該級(jí)允許相關(guān)部件運(yùn)行在具有EAL2/CC安全級(jí)別的