ImageVerifierCode 换一换
格式:PDF , 页数:60 ,大小:373.64KB ,
资源ID:727635      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-727635.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ETSI EG 202 387-2005 Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN) Security Design Guide Method for application of Common Criter.pdf)为本站会员(吴艺期)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ETSI EG 202 387-2005 Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN) Security Design Guide Method for application of Common Criter.pdf

1、 ETSI EG 202 387 V1.1.1 (2005-04)ETSI Guide Telecommunications and Internet converged Services andProtocols for Advanced Networking (TISPAN);Security Design Guide;Method for application ofCommon Criteria to ETSI deliverablesETSI ETSI EG 202 387 V1.1.1 (2005-04) 2 Reference DEG/TISPAN-07005-Tech Keyw

2、ords application, IP, methodology, security, VoIP ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important noti

3、ce Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable

4、 Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on

5、 the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be

6、 reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2005. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its

7、 Members. TIPHONTMand the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI EG 202 387 V1.1.1 (2005-04) 3 Contents Intellectual Pro

8、perty Rights6 Foreword.6 Introduction 6 1 Scope 7 2 References 7 3 Definitions and abbreviations.8 3.1 Definitions8 3.2 Abbreviations .9 4 Security in standardization .9 4.1 Communications security model 9 4.2 Standards review and evaluation10 4.3 Overall development process .10 4.4 Protocol standar

9、ds containing security-related requirements .13 5 Overview of ISO/IEC 1540814 5.1 Introduction to the Common Criteria (CC) 14 5.1.1 Contents of a Protection Profile (PP)14 5.1.2 Contents of a Security Target (ST) .15 5.1.3 Common Criteria relationships.16 5.1.4 Evaluation Assurance Levels16 5.2 Over

10、view of CC documents .17 5.2.1 ISO/IEC 15408-1: Introduction and general model 17 5.2.2 ISO/IEC 15408-2: Security functional requirements17 5.2.3 ISO/IEC 15408-3: Security assurance requirements.17 5.3 ETSI standards in the evaluation of CC .17 6 Evaluation components in ISO/IEC-15408-3.17 6.1 Intro

11、duction 17 6.2 Configuration management 19 6.2.1 Class description.19 6.2.2 Implications for the standardization process.19 6.2.3 Families and components19 6.3 Delivery and operation .19 6.3.1 Class description.19 6.3.2 Implications for the standardization process.20 6.3.3 Families and components20

12、6.4 Development 20 6.4.1 Class description.20 6.4.2 Implications for the standardization process.21 6.4.3 Families and components22 6.4.3.1 Development class evaluation levels.22 6.4.3.2 Functional specification family (ADV_FSP) 23 6.4.3.2.1 Informal functional specification (ADV_FSP.1).23 6.4.3.2.2

13、 Fully defined external interfaces (ADV_FSP.2)24 6.4.3.2.3 Semiformal functional specification (ADV_FSP.3)24 6.4.3.2.4 Formal functional specification (ADV_FSP.4) .24 6.4.3.3 High-level design family (ADV_HLD) 24 6.4.3.3.1 Descriptive high-level design (ADV_HLD.1).24 6.4.3.3.2 Security enforcing hig

14、h-level design (ADV_HLD.2)25 6.4.3.3.3 Semiformal high-level design (ADV_HLD.3) 25 6.4.3.3.4 Semiformal high-level explanation (ADV_HLD.4) 26 6.4.3.3.5 Formal high-level design (ADV_HLD.5)27 6.4.3.4 Implementation representation family (ADV_IMP) .27 6.4.3.4.1 Subset of the implementation of the TSF

15、(ADV_IMP.1)27 ETSI ETSI EG 202 387 V1.1.1 (2005-04) 4 6.4.3.4.2 Implementation of the TSF (ADV_IMP.2) .27 6.4.3.4.3 Structured implementation of the TSF (ADV_IMP.3) 27 6.4.3.5 Standard internals family (ADV_INT)27 6.4.3.5.1 Modularity and layering (ADV_INT.1) 27 6.4.3.5.2 Reduction of complexity (AD

16、V_INT.2)28 6.4.3.5.3 Minimization of complexity (ADV_INT.3) 28 6.4.3.6 Low-level design family (ADV_LLD)28 6.4.3.6.1 Descriptive low-level design (ADV_LLD.1) 28 6.4.3.6.2 Semiformal low-level design (ADV_LLD.2)28 6.4.3.6.3 Formal low-level design (ADV_LLD.3) .28 6.4.3.7 Representation correspondence

17、 family (ADV_RCR) .28 6.4.3.7.1 Informal correspondence demonstration (ADV_RCR.1) 29 6.4.3.7.2 Semiformal correspondence demonstration (ADV_RCR.2) .29 6.4.3.7.3 Formal correspondence demonstration (ADV_RCR.3).29 6.4.3.8 Security policy modelling family (ADV_SPM)29 6.5 Guidance documents 29 6.5.1 Cla

18、ss description.29 6.5.2 Implications for the standardization process.29 6.5.3 Families and components30 6.5.3.1 Guidance documents class evaluation levels.30 6.5.3.2 Administrator guidance family (AGD_ADM) 30 6.5.3.3 User guidance family (AGD_USR) 30 6.6 Life cycle support.30 6.6.1 Class description

19、.30 6.6.2 Implications for the standardization process.31 6.6.3 Families and components31 6.6.3.1 Life cycle support class evaluation levels .31 6.6.3.2 Development security (ALC_DVS) 31 6.6.3.2.1 Family description.31 6.6.3.3 Flaw remediation (ALC_FLR)32 6.6.3.3.1 Family description.32 6.6.3.4 Life

20、 cycle definition (ALC_LCD).32 6.6.3.5 Tools and techniques (ALC_TAT) .32 6.6.3.5.1 Family description.32 6.7 Tests .33 6.7.1 Class description.33 6.7.2 Implications for the standardization process.33 6.7.3 Families and components33 6.7.3.1 Tests class evaluation levels33 6.7.3.2 Coverage family (AT

21、E_COV) 34 6.7.3.2.1 Evidence of coverage (ATE_COV.1)34 6.7.3.2.2 Analysis of coverage (ATE_COV.2).34 6.7.3.2.3 Rigorous analysis of coverage (ATE_COV.3) 35 6.7.3.3 Depth family (ATE_DPT).36 6.7.3.3.1 Testing: high-level design (ATE_DPT.1)36 6.7.3.3.2 Testing: low-level design (ATE_DPT.2).36 6.7.3.3.

22、3 Testing: implementation representation (APT_DPT.3).36 6.7.3.4 Functional tests family (ATE_FUN).37 6.7.3.4.1 Functional testing (ATE_FUN.1)37 6.7.3.4.2 Ordered functional testing (ATE_FUN.2).37 6.7.3.5 Independent testing (ATE_IND).38 6.7.3.5.1 Independent testing - conformance (ATE_IND.1) 38 6.7.

23、3.5.2 Independent testing - sample (ATE_IND.2)38 6.7.3.5.3 Independent testing - complete (ATE_IND.3) 38 6.8 Vulnerability assessment38 6.8.1 Class description.38 6.8.2 Implications for the standardization process.39 6.8.3 Families and components39 6.8.3.1 Vulnerability assessment class evaluation l

24、evels 39 6.8.3.2 Covert channel analysis family (AVA_CCA).39 6.8.3.2.1 Covert channel analysis.40 6.8.3.2.2 Systematic covert channel analysis .40 ETSI ETSI EG 202 387 V1.1.1 (2005-04) 5 6.8.3.2.3 Exhaustive covert channel analysis .40 6.8.3.3 Misuse family (AVA_MSU).40 6.8.3.3.1 Strength of TOE sec

25、urity functions family (AVA_SOF) 40 6.8.3.3.2 Strength of TOE security function evaluation .40 6.8.3.4 Vulnerability analysis family (AVA_VLA)41 6.8.3.4.1 Developer vulnerability analysis .42 6.8.3.4.2 Independent vulnerability analysis 42 6.8.3.4.3 Moderately resistant 42 6.8.3.4.4 Highly resistant

26、42 6.9 Maintenance of assurance.42 6.9.1 Class description.42 6.9.2 Implications for the standardization process.43 Annex A (normative): Functional components in ISO/IEC-15408-2 18 .44 A.1 Introduction 44 A.2 Security audit44 A.3 Communication 46 A.4 Cryptographic support46 A.5 User data protection4

27、6 A.6 Identification and authentication49 A.7 Security management .50 A.8 Privacy51 A.9 Protection of the TSF .52 A.10 Resource utilization54 A.11 TOE Access55 A.12 Trusted path/channels.56 Annex B (normative): Protocol Implementation Conformance Statement (PICS)57 Annex C (informative): Bibliograph

28、y.59 History 60 ETSI ETSI EG 202 387 V1.1.1 (2005-04) 6 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and

29、 can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pu

30、rsuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present d

31、ocument. Foreword This ETSI Guide (EG) has been produced by ETSI Technical Committee Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN). Introduction The present document has been prepared with the sponsorship of the eEurope programme as part of the ETS

32、I support to the eEurope action line for a secure information infrastructure (item 3: Society). A major part of any security specification, and of a security product, is the measure of assurance it provides with respect to the security it offers. Information security evaluation contributes to the us

33、ers trust and confidence in communications products and services. The use of common criteria for evaluation (as defined in ISO/IEC 15408 20) has facilitated mutual recognition of results in many European countries and these countries have also entered into an arrangement with the US and Canada for f

34、urther mutual recognition of IT security certificates. The present document is part of a set of standards and guidelines which show how the Common Criteria as identified in ISO/IEC 15408 20 can be used effectively within the ETSI standardization process. The documents in this set are: EG 202 387: Me

35、thod for application of Common Criteria to ETSI deliverables; ES 202 382 2: Method and proforma for defining Protection Profiles; ES 202 383 3: Method and proforma for defining Security Targets. Between them, these documents identify how standards fit to the Common Criteria and how developers of sta

36、ndards should prepare their standards with a view to support submission for evaluation of product conforming to the standards. Adoption of Common Criteria objectives in standardization of security countermeasures is also consistent with achieving the objectives and recommendations of the NIS report.

37、 ETSI ETSI EG 202 387 V1.1.1 (2005-04) 7 1 Scope The present document is a guide to the development of standards that allow compliant product to be considered for product evaluation under the Common Criteria scheme 20. NOTE: Within Europe there is mutual recognition of CC evaluation results for all

38、assurance levels. The present document gives guidance to standards authors (rapporteurs and contributors) on the scope and application of the Common Criteria for Information Technology Security Evaluation 20 and how ETSI standards may be developed to meet the goals and objectives of the Common Crite

39、ria. The purpose of the present document is to provide developers of security standards with a summary of the requirements of ISO/IEC-15408 20 in the context of standardization and to give guidance on how formal methods and other engineering techniques can be used to ensure that standards meet, as f

40、ar as is possible, the requirements of ISO/IEC 15408 20 and do not prevent an implementation from achieving an appropriate EAL. 2 References The following documents contain provisions which, through reference in this text, constitute provisions of the present document. References are either specific

41、 (identified by date of publication and/or edition number or version number) or non-specific. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. Referenced documents which are not found to be publicly available in the expected locat

42、ion might be found at http:/docbox.etsi.org/Reference. 1 ETSI EN 300 392-7: “Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 7: Security“. 2 ETSI ES 202 382: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Security Design Guide; Meth

43、od and proforma for defining Protection Profiles“. 3 ETSI ES 202 383: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Security Design Guide; Method and proforma for defining Security Targets“. 4 ETSI TS 102 237-1: “Telecommunications and Internet P

44、rotocol Harmonization Over Networks (TIPHON) Release 4; Interoperability test methods and approaches; Part 1: Generic approach to interoperability testing“. 5 ETSI ETS 300 406: “Methods for Testing and Specification (MTS); Protocol and profile conformance testing specifications; Standardization meth

45、odology“. 6 ETSI ETR 332: “Security Techniques Advisory Group (STAG); Security requirements capture“. 7 ETSI EG 201 383: “Methods for Testing and Specification (MTS); Use of SDL in ETSI deliverables; Guidelines for facilitating validation and the development of conformance tests“. 8 ETSI EG 201 872:

46、 “Methods for Testing and Specification (MTS); Methodological approach to the use of object-orientation in the standards making process“. 9 ETSI EG 202 106: “Methods for Testing and Specification (MTS); Guidelines for the use of formal SDL as a descriptive tool“. ETSI ETSI EG 202 387 V1.1.1 (2005-04

47、) 8 10 ITU-T Recommendation I.130: “Method for the characterization of telecommunication services supported by an ISDN and network capabilities of an ISDN“. 11 ETSI EG 201 015: “Methods for Testing and Specification (MTS); Specification of protocols and services; Validation methodology for standards

48、 using Specification and Description Language (SDL); Handbook“. 12 ETSI EG 201 058: “Methods for Testing and Specification (MTS); Implementation Conformance Statement (ICS) proforma style guide“. 13 ETSI EG 202 107: “Methods for Testing and Specification (MTS); Planning for validation and testing in

49、 the standards-making process“. 14 ETSI ETR 184: “Methods for Testing and Specification (MTS); Overview of validation techniques for European Telecommunication Standards (ETSs) containing SDL“. 15 ETSI SR 001 262: “ETSI Drafting rules“. 16 ISO/IEC 13335 (parts 1 to 5): “Information technology - Guidelines for the Management of IT Security (GMITS)“. 17 ISO/IEC 15408-1: “Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model“. 18 ISO/IEC 15408-2:

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1