Security classes of computer systems. International Standard ISO / IEC 15408

Modern computer systems are equipped with certain methods of protecting information from strangers and intruders. Without it, it is impossible to imagine a single program or a whole range of information technologies. Security classes are necessary for computer systems, as more and more personal user data and intellectual property are found on the network, and their degree of protection directly affects people's lives. In this regard, existing types of information protection should be considered.

General information

Thanks to the standardization and systematization of the requirements and characteristics of information systems with protection, a system of national and international standards in the field of protection and security of information has appeared, which includes more than a hundred documents. One of the main places in this system is occupied by the ISO IEC 15408 standard, otherwise called the Common Criteria.

History

The beginning of the creation of an international standard for assessing safety and safety classes began in 1990 by the International Organization for Standardization. The USA, Canada, Germany, England and France took part in the development. The development was carried out for a decade by the best specialists in the world, and was repeatedly edited. The approval of the standard version 2.1 occurred on June 8 in 1999. The common name is Common Criteria, or "General Information System Security Assessment Criteria."

The created “General Criteria” combined knowledge and experience in using the “Orange Book”, advanced European and Canadian system security criteria and created a real structure of protection profiles for US federal criteria.

Content

The general provisions classify a wide range of requirements for means of ensuring computer security, determine the structure of the group and methods of use. The main advantage of this system was a complete statement of security requirements and their ordering, flexibility in use and opportunities for further advancement. The world's leading technology manufacturers of the time immediately created and delivered to customers tools that meet the requirements of common criteria.

Their development was carried out to satisfy the following groups of specialists: manufacturers, consumers of IT products and experts in assessing the level of technology security. The introduced standard provided a support for the selection of information products that must fulfill the requirements for functioning in conditions of a security threat, and serve as a support for developers of security systems for these products. The technology for creating such systems and assessing the achieved level of security is also regulated.

With the introduction of criteria, information security is considered as a combination of the integrity and confidentiality of the data that the information product processes, and set the goal of protecting the product and countering threats that may be relevant when operating a particular product. From this it follows that the combined criteria include all parts of the design, creation and use of information products that work in conditions of certain threats to security.

Structure

The named standard ISO 15408 includes three parts:

• Introduction and overview.
• Functional safety requirements.
• Security Warranty Requirements.

From this list it becomes clear that the general criteria provide for two types of information protection requirements: functional and guaranteed. The former are related to security services, which include authentication, authentication, access control, auditing, and more. Warranty includes technology for development, testing, vulnerability analysis, operation, maintenance, and more.

All security classes and requirements for them have a common style and are organized in a hierarchy. There may be dependencies between them, provided that the component does not have the capabilities to fulfill the security goal and the need for another component.

Threat Models

To effectively use and develop a security profile, in the process of its creation, an analysis of all threats that may be feasible in relation to the technology of this group is performed. During this, threat models are compiled that include the following:

• threat life cycle;
• threat direction;
• a source;
• systems at risk;
• assets requiring protection;
• threat methods and algorithms;
• possible problems;
• risks and other aspects.

Threat Model Design

It is not enough to simply guess what dangers the system being created can expect. Moreover, at present their number is huge and providing protection from everyone will require a lot of time and money. In this connection, a general list of possible dangers that are relevant for systems in a given area is established, on the basis of which criteria for determining the security of computer systems of this type will be established in the future.

The procedure for creating a threat model is similar to performing a risk analysis. So, in the process of describing threats from deliberate human activities, the format of the source is evaluated according to how the threat is realized and the probability of its implementation.

Safety classes

The standard defines the security function as part of the system on which the implementation of a subset of the rules of their security policy lies. Strength is added to the security function - a characteristic that reports the minimum necessary impact on its security, in which the security policy of this function is violated. Its meanings are as follows:

• Basic. The function guarantees safety against accidental violations, provided that the intruder has a low attack potential.
• Medium. It provides protection against targeted security breaches by attackers with a moderate attack rate.
• High. It guarantees protection against planned and organized violations from attackers with a high level of skills.

There is also a separate scheme for determining the attack potential, which takes into account certain factors:

1. When determining the vulnerability:
   The time required to identify the problem. Level of training required. The presence of knowledge about the project and its functioning. Software and other hardware.
2. Using:
   The time spent using the problem. Level of training. Acquaintance with the project of functioning. Necessary software products.

Protection of computer systems is the main task of any software product that is responsible for computer security. Moreover, the quality of this function and information about the threats that the system can confront has its own classification, which was previously approved at the development stage. Due to this, computer security has high quality indicators.