Please enable JavaScript.
Coggle requires JavaScript to display documents.
Datasets and Certification (The orange book (Security devisions (B…
Datasets and Certification
open security data sets
Promotes the sharing of
Knowledge
Science
Experience
VERIS
what is it ?
a set of metrics to provide a common language
describing sec undidents
Data driven reseach approach
LANL
what is it
the dataset represents domain name sevice(DNS look up events
Each event has the form
source computer
Computer resolved
time
computer security certification
Problem
buying a comp should involve
purchasing product and deploying it
Problem
people dont have the expertise
Identifying product meets requirements
Solution
Have a standardized process
Assesing security needs
Security certification
Target of the process
Individual products
systems
Processes
The orange book
a qualitative measure
for users to asses the degree of trust
that can be placed on the security of comp system
provides guidance
for manufacture
when developing comp systems
basis of describing security requirements
Security devisions
B
Mandatory protection
A
Verified protection
C
Discretionary protection
D
Minimal protection
The Common criteria
an international standard for security evaluation
ISO/ISE 15408
its maintained by the
common criteria recognition arrangement(CCRA)
CC Classes
Class ASE
security target evaluation
Class ATE
tests
Class AGD
life-cycle support
Class AGD
guidance documents
Class ADV
development
Class AVA
vulnerability assessment
Class ACO
composition
CC evaluation levels
EAL 2
structurally tested
EAL 3
methodically tested and checked
EAL1
Functionally tested
EAL 4
methodically tested and checked
EAL 5
methodically designed,tested and reviewed
EAL 6
semi-formally designed and tested
EAL 7
formally verified designed and tested