ImageVerifierCode 换一换
格式:PDF , 页数:20 ,大小:110.43KB ,
资源ID:730929      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-730929.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ETSI ES 202 382-2005 Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN) Security Design Guide Method and proforma for defining Protec_1.pdf)为本站会员(tireattitude366)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ETSI ES 202 382-2005 Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN) Security Design Guide Method and proforma for defining Protec_1.pdf

1、 ETSI ES 202 382 V1.1.1 (2005-04)ETSI Standard Telecommunications and Internet converged Services andProtocols for Advanced Networking (TISPAN);Security Design Guide;Method and proforma for defining Protection ProfilesETSI ETSI ES 202 382 V1.1.1 (2005-04) 2 Reference DES/TISPAN-07009-Tech Keywords I

2、P, methodology, profile, protection, security, VoIP ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important no

3、tice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portab

4、le Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information

5、on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may

6、be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2005. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of i

7、ts Members. TIPHONTMand the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI ES 202 382 V1.1.1 (2005-04) 3 Contents Intellectual P

8、roperty Rights4 Foreword.4 Introduction 4 1 Scope 5 2 References 5 3 Definitions and abbreviations.6 3.1 Definitions6 3.2 Abbreviations .6 4 Overview 6 4.1 Common Criteria concepts.6 4.2 Relationship between a standard and a PP .6 5 PP development7 5.1 Elements of a Protection Profile.7 5.1.1 PP Int

9、roduction .8 5.1.1.1 PP identification8 5.1.1.2 PP overview 8 5.1.2 Target Of Evaluation description8 5.1.3 TOE security environment9 5.1.4 Security objectives10 5.1.5 IT security requirements .11 5.1.5.1 The relationship between security objectives and security requirements11 5.1.5.2 TOE Security r

10、equirements.11 5.1.6 Application notes (OPTIONAL).12 5.1.7 Rationale.12 Annex A (normative): Protection Profile definition proforma 13 Annex B (informative): Example Protection Profile .15 Annex C (informative): Bibliography.19 History 20 ETSI ETSI ES 202 382 V1.1.1 (2005-04) 4 Intellectual Property

11、 Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essen

12、tial, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has

13、been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This ETSI Standard (ES) has been produced by ETSI Technical

14、 Committee Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN). Introduction The present document has been prepared with the sponsorship of the eEurope programme as part of the ETSI support to the eEurope action line for a secure information infrastructu

15、re (item 3: Society). A major part of any security specification, and of a security product, is the measure of assurance it provides with respect to the security it offers. Information security evaluation contributes to the users trust and confidence in communications products and services. The use

16、of common criteria for evaluation (as defined in ISO/IEC 15408 7) has facilitated mutual recognition of results in many European countries and these countries have also entered into an arrangement with the US and Canada for further mutual recognition of IT security certificates. The present document

17、 is part of a set of standards and guidelines which show how the Common Criteria as identified in ISO/IEC 15408 7 can be used effectively within the ETSI standardization process. The documents in this set are: EG 202 387 1: Method for application of Common Criteria to ETSI deliverables; ES 202 382:

18、Method and proforma for defining Protection Profiles; ES 202 383 2: Method and proforma for defining Security Targets. Between them, these documents identify how standards fit to the Common Criteria and how developers of standards should prepare their standards with a view to support submission for

19、evaluation of product conforming to the standards. Adoption of Common Criteria objectives in standardization of security countermeasures is also consistent with achieving the objectives and recommendations of the NIS report. ETSI ETSI ES 202 382 V1.1.1 (2005-04) 5 1 Scope The present document provid

20、es guidance on the preparation of Protection Profiles (PP) based upon ETSI communication standards. A PP defines an implementation-independent set of security requirements for a category of communications equipment which is subject to evaluation under the Common Criteria (CC) scheme described in the

21、 multipart ISO/IEC 15408 7.The detailed contents of a PP are specified in ISO/IEC 15408-1 4. The use and applicability of the CC to the ETSI standardization process is described in EG 202 387 1 and further guidance on the implementation of security-related standards in telecommunications equipment i

22、s specified in ES 202 383 2. Throughout the present document, a worked example of a Protection Profile (PP) for TETRA Direct Mode Operation (DMO) security is used as an illustration. A partially complete PP for TETRA DMO security can be found in annex B. NOTE: TETRA DMO was chosen as the example in

23、the present document as, although the security analysis results, objectives and requirements are not necessarily collected together in one document, most of this information exists either explicitly or implicitly and it was, therefore, possible to construct a realistic and representative example PP.

24、 Conformance to the present document is established by successful evaluation to the requirements of ISO/IEC 15408-3 6. 2 References The following documents contain provisions which, through reference in this text, constitute provisions of the present document. References are either specific (identif

25、ied by date of publication and/or edition number or version number) or non-specific. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. Referenced documents which are not found to be publicly available in the expected location might

26、 be found at http:/docbox.etsi.org/Reference. 1 ETSI EG 202 387: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Security Design Guide; Method for application of Common Criteria to ETSI deliverables“. 2 ETSI ES 202 383: “Telecommunications and Inte

27、rnet converged Services and Protocols for Advanced Networking (TISPAN); Security Design Guide; Method and proforma for defining Security Targets“. 3 ETSI ETR 332 (1996): “Security Techniques Advisory Group (STAG); Security requirements capture“. 4 ISO/IEC 15408-1: “Information technology - Security

28、techniques - Evaluation criteria for IT security - Part 1: Introduction and general model“. 5 ISO/IEC 15408-2: “Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional requirements“. 6 ISO/IEC 15408-3: “Information technology - Security techni

29、ques - Evaluation criteria for IT security - Part 3: Security assurance requirements“. 7 ISO/IEC 15408: “Information technology - Security techniques - Evaluation criteria for IT security“. NOTE: When referring to all parts of ISO/IEC 15408 the reference above is used. ETSI ETSI ES 202 382 V1.1.1 (2

30、005-04) 6 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in EG 202 387 1 apply. 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: CC Common Criteria DMO Direct Mode Operation EAL E

31、valuation Assurance Level IT Information TechnologyMT Mobile Terminal PP Protection Profile TETRA TErrestrial Trunked RAdio TOE Target Of Evaluation 4 Overview 4.1 Common Criteria concepts The evaluation criteria for IT security, generally referred to as the “Common Criteria (CC)“, are defined in th

32、e multipart standard, ISO/IEC 15408 7 and are used as the basis for evaluation of security properties of IT products and systems. CC evaluation involves the preparation of a Protection Profile (PP) which is considered to be an implementation-independent set of IT security requirements for a category

33、 of equipment intended to meet common consumer needs for IT security. Communications standards are independent of any implementation and, thus, those specifying security requirements can be considered to be PPs. Once published, such a PP could be used without modification to specify the security req

34、uirements of a specific product or service. Alternatively, it could be extended to include additional requirements where necessary. ISO/IEC 15408-3 6 makes provision for a PP to be evaluated under the requirements of the common criteria and it is for this purpose that the PP proforma in the present

35、document has been specified. 4.2 Relationship between a standard and a PP The information and the requirements expressed in a security-related standard are very similar to those that are expected to be found in a PP. However, because a standard is intended to be the basis for implementation whereas

36、the intended purpose of a PP is to be the basis for evaluation, the presentation and emphasis of the contents is necessarily different in each. The PP proforma for communications standards (annex A), therefore, summarizes the content of the standard in a form that is acceptable as a PP and provides

37、references to clauses where more detailed information can be found. It is essential that the references to clauses in the base security standard and the Vulnerability Analysis are accurately maintained. To simplify this maintenance, both the PP proforma and the Vulnerability Analysis should be inclu

38、ded either as annexes to the base security standard or, where the present document is extensive, as distinct parts of a multi-part document set. ETSI ETSI ES 202 382 V1.1.1 (2005-04) 7 5 PP development 5.1 Elements of a Protection Profile Figure 1 shows in graphic form the content of a PP required b

39、y ISO/IEC 15408-1 4. PROTECTION PROFILEPP IdentificationPP OverviewTOE DescriptionAssumptionsThreatsOrganizational Security PoliciesSecurity Objectives for the TOESecurity Objectives for the EnvironmentTOE Security Functional RequirmentsTOE Security Assurance RequirementsPP Application NotesSecurity

40、 Objectives RationaleSecurity Requirements rationaleSecurity Requirements for the IT EnvironmentPP IntroductionTOE Security EnvironmentSecurity ObjectivesIT Security RequirementsTOE Security RequirementsRationaleFigure 1: Protection Profile content ETSI ETSI ES 202 382 V1.1.1 (2005-04) 8 5.1.1 PP In

41、troduction 5.1.1.1 PP identification A PP is required to provide enough labelling and descriptive information to enable it to be identified, catalogued, registered and cross referenced. The document number, version, date and full title of an ETSI standard are sufficient for this purpose and should b

42、e used. EXAMPLE: Introduction Doc No. EN 300 396-6 Version V1.2.1 Date 2004-05 Full Title Terrestrial Trunked Radio (TETRA); Direct Mode Operation (DMO); Part 6: Security 5.1.1.2 PP overview A PP should include a narrative summary as part of the Introduction 4. The purpose of this is to provide enou

43、gh information that a potential user can make an informed decision on whether the PP is likely to be of interest. A fully specified Scope clause from an ETSI standard meets this requirement and should be used. EXAMPLE: Introduction Doc No. EN 300 396-6 Version V1.2.1 Date 2004-05 Full Title Terrestr

44、ial Trunked Radio (TETRA); Direct Mode Operation (DMO); Part 6: Security Overview The present document defines the Terrestrial Trunked Radio system (TETRA) Direct Mode of operation. It specifies the basic Air Interface (AI), the interworking between Direct Mode Groups via Repeaters and interworking

45、with the TETRA Trunked system via Gateways. It also specifies the security aspects in TETRA Direct Mode and the intrinsic services that are supported in addition to the basic bearer and teleservices. The present document describes the security mechanisms in TETRA Direct Mode. It provides mechanisms

46、for confidentiality of control signalling and user speech and data at the AI. It also provided some implicit authentication as a member of a group by knowledge of a shared secret encryption key. The use of AI encryption gives both confidentiality protection against eavesdropping, and some implicit a

47、uthentication. 5.1.2 Target Of Evaluation description NOTE 1: Throughout the present document, the term “Target Of Evaluation (TOE)“ is used to identify any product which implements the technical requirements of the standard(s) associated with a particular PP. ISO/IEC 15408-1 4 requires that a brief

48、 but clear description of the Target Of Evaluation (TOE) should be included in a PP. While not expressing the security requirements in detail, this should make the security aspects of the standard clear. If the standard includes a short clause entitled “General Description“ (or something similar) ea

49、rly in the document, it is likely that this text will be adequate as the TOE description. In the event that such a clause does not exist it will need to be written for the PP and should include the following: identification of the type of product that is likely to implement the standard; NOTE 2: In the context of the present document, the term “product“ should be interpreted in its widest sense to include all types of communications equipment as well as services. general summary of the communications features specifie

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1