EAL measures how the needs are met
Protection Profiles – describe objectives, and the environmental, functional, and assurance level expectations
Target of Evaluation (TOE) – Product proposed to provide the needed security solution
Security Target – Written by vendor explaining mechanisms that meet security and assurance requirements
Evaluated Products List EPL- list of evaluated products
EAL 1 Functionally tested
EAL 2 Structurally tested
EAL 3 Methodically tested and checked
EAL 4 Methodically designed, tested, and reviewed
EAL 5 Semiformally designed and tested
EAL 6 Semiformally verified design and tested
EAL 7 Formally verified design and tested
(FSMSF - T/TC/TD/TDV :Test/Test-Check/Test-Design/Test-Design-Verified)
EAL measures how the needs are met
Protection Profiles – describe objectives, and the environmental, functional, and assurance level expectations
Target of Evaluation (TOE) – Product proposed to provide the needed security solution
Security Target – Written by vendor explaining mechanisms that meet security and assurance requirements
Evaluated Products List (EPL)- list of evaluated products
Risk Analysis
ALE = ARO x SLEEAL measures how the needs are met
Protection Profiles – describe objectives, and the environmental, functional, and assurance level expectations
Target of Evaluation (TOE) – Product proposed to provide the needed security solution
Security Target – Written by vendor explaining mechanisms that meet security and assurance requirements
Evaluated Products List (EPL)- list of evaluated products
Risk Analysis
SLE = AV x EF
Bell-LaPadula (MAC)
NO WRITE DOWN
NO READ UP
USER<=File to write
NO WRITE DOWN
NO READ UP
USER<=File to write
Biba (Integrity)
NO WRITE UP
NO READ DOWN
USER =>File to Write
Symmetric Encryption
Notation: w/r/b (data/round/key size)
DES: 64(56+8) / 16 / 64(56+8)
3DES : 64(56+8) / 48 / 64(56+8)
AES : 128,192,256 / 10,12,14 / 128,192,256
IDEA : 64 / 8 / 128
Blowfish : 64 /16 / 32-448
RC5 : 32,64,128 / 255 / 0-2048
Asymmetric Encryption
Diffie-Hellman
- vulnerable to man-in-the-middle attack
- discreet algorithm in finite field
- no auth
RSA
- factoring product of 2 prime number
- encryption + digital signature
- one way function
El-Gamal
- digital signature + encryption + key exchange
- discreet algorithm in finite field
- performance : the slowest
Elliptic Curve Crypto (ECC)
- digital signature + encryption + secure key distribution
- more effective than RSA
- discreet algorithm on elliptic curve
Knapsack
-based on knapsack problem,insecure,not in use
NO WRITE UP
NO READ DOWN
USER =>File to Write
Symmetric Encryption
Notation: w/r/b (data/round/key size)
DES: 64(56+8) / 16 / 64(56+8)
3DES : 64(56+8) / 48 / 64(56+8)
AES : 128,192,256 / 10,12,14 / 128,192,256
IDEA : 64 / 8 / 128
Blowfish : 64 /16 / 32-448
RC5 : 32,64,128 / 255 / 0-2048
Asymmetric Encryption
Diffie-Hellman
- vulnerable to man-in-the-middle attack
- discreet algorithm in finite field
- no auth
RSA
- factoring product of 2 prime number
- encryption + digital signature
- one way function
El-Gamal
- digital signature + encryption + key exchange
- discreet algorithm in finite field
- performance : the slowest
Elliptic Curve Crypto (ECC)
- digital signature + encryption + secure key distribution
- more effective than RSA
- discreet algorithm on elliptic curve
Knapsack
-based on knapsack problem,insecure,not in use
TCSEC
D - Minimal Protection
C1 - Discretionary Security Protection (DAC)
C2 - Controlled Access Protection (login process)
B1 - Labeled Protection (Labels and MAC)
B2 - Structured Protection (Covert channel storage analysis, Security model defined & documented)
B3 - Security Domains (Reference monitor, Automated intrution detection & response, covert timing channels)
A1 - Verified Design
