1、 ETSI EG 202 387 V1.1.1 (2005-04)ETSI Guide Telecommunications and Internet converged Services andProtocols for Advanced Networking (TISPAN);Security Design Guide;Method for application ofCommon Criteria to ETSI deliverablesETSI ETSI EG 202 387 V1.1.1 (2005-04) 2 Reference DEG/TISPAN-07005-Tech Keyw
2、ords application, IP, methodology, security, VoIP ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important noti
3、ce Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable
4、 Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on
5、 the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be
6、 reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2005. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its
7、 Members. TIPHONTMand the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI EG 202 387 V1.1.1 (2005-04) 3 Contents Intellectual Pro
8、perty Rights6 Foreword.6 Introduction 6 1 Scope 7 2 References 7 3 Definitions and abbreviations.8 3.1 Definitions8 3.2 Abbreviations .9 4 Security in standardization .9 4.1 Communications security model 9 4.2 Standards review and evaluation10 4.3 Overall development process .10 4.4 Protocol standar
9、ds containing security-related requirements .13 5 Overview of ISO/IEC 1540814 5.1 Introduction to the Common Criteria (CC) 14 5.1.1 Contents of a Protection Profile (PP)14 5.1.2 Contents of a Security Target (ST) .15 5.1.3 Common Criteria relationships.16 5.1.4 Evaluation Assurance Levels16 5.2 Over
10、view of CC documents .17 5.2.1 ISO/IEC 15408-1: Introduction and general model 17 5.2.2 ISO/IEC 15408-2: Security functional requirements17 5.2.3 ISO/IEC 15408-3: Security assurance requirements.17 5.3 ETSI standards in the evaluation of CC .17 6 Evaluation components in ISO/IEC-15408-3.17 6.1 Intro
11、duction 17 6.2 Configuration management 19 6.2.1 Class description.19 6.2.2 Implications for the standardization process.19 6.2.3 Families and components19 6.3 Delivery and operation .19 6.3.1 Class description.19 6.3.2 Implications for the standardization process.20 6.3.3 Families and components20
12、6.4 Development 20 6.4.1 Class description.20 6.4.2 Implications for the standardization process.21 6.4.3 Families and components22 6.4.3.1 Development class evaluation levels.22 6.4.3.2 Functional specification family (ADV_FSP) 23 6.4.3.2.1 Informal functional specification (ADV_FSP.1).23 6.4.3.2.2
13、 Fully defined external interfaces (ADV_FSP.2)24 6.4.3.2.3 Semiformal functional specification (ADV_FSP.3)24 6.4.3.2.4 Formal functional specification (ADV_FSP.4) .24 6.4.3.3 High-level design family (ADV_HLD) 24 6.4.3.3.1 Descriptive high-level design (ADV_HLD.1).24 6.4.3.3.2 Security enforcing hig
14、h-level design (ADV_HLD.2)25 6.4.3.3.3 Semiformal high-level design (ADV_HLD.3) 25 6.4.3.3.4 Semiformal high-level explanation (ADV_HLD.4) 26 6.4.3.3.5 Formal high-level design (ADV_HLD.5)27 6.4.3.4 Implementation representation family (ADV_IMP) .27 6.4.3.4.1 Subset of the implementation of the TSF
15、(ADV_IMP.1)27 ETSI ETSI EG 202 387 V1.1.1 (2005-04) 4 6.4.3.4.2 Implementation of the TSF (ADV_IMP.2) .27 6.4.3.4.3 Structured implementation of the TSF (ADV_IMP.3) 27 6.4.3.5 Standard internals family (ADV_INT)27 6.4.3.5.1 Modularity and layering (ADV_INT.1) 27 6.4.3.5.2 Reduction of complexity (AD
16、V_INT.2)28 6.4.3.5.3 Minimization of complexity (ADV_INT.3) 28 6.4.3.6 Low-level design family (ADV_LLD)28 6.4.3.6.1 Descriptive low-level design (ADV_LLD.1) 28 6.4.3.6.2 Semiformal low-level design (ADV_LLD.2)28 6.4.3.6.3 Formal low-level design (ADV_LLD.3) .28 6.4.3.7 Representation correspondence
17、 family (ADV_RCR) .28 6.4.3.7.1 Informal correspondence demonstration (ADV_RCR.1) 29 6.4.3.7.2 Semiformal correspondence demonstration (ADV_RCR.2) .29 6.4.3.7.3 Formal correspondence demonstration (ADV_RCR.3).29 6.4.3.8 Security policy modelling family (ADV_SPM)29 6.5 Guidance documents 29 6.5.1 Cla
18、ss description.29 6.5.2 Implications for the standardization process.29 6.5.3 Families and components30 6.5.3.1 Guidance documents class evaluation levels.30 6.5.3.2 Administrator guidance family (AGD_ADM) 30 6.5.3.3 User guidance family (AGD_USR) 30 6.6 Life cycle support.30 6.6.1 Class description
19、.30 6.6.2 Implications for the standardization process.31 6.6.3 Families and components31 6.6.3.1 Life cycle support class evaluation levels .31 6.6.3.2 Development security (ALC_DVS) 31 6.6.3.2.1 Family description.31 6.6.3.3 Flaw remediation (ALC_FLR)32 6.6.3.3.1 Family description.32 6.6.3.4 Life
20、 cycle definition (ALC_LCD).32 6.6.3.5 Tools and techniques (ALC_TAT) .32 6.6.3.5.1 Family description.32 6.7 Tests .33 6.7.1 Class description.33 6.7.2 Implications for the standardization process.33 6.7.3 Families and components33 6.7.3.1 Tests class evaluation levels33 6.7.3.2 Coverage family (AT
21、E_COV) 34 6.7.3.2.1 Evidence of coverage (ATE_COV.1)34 6.7.3.2.2 Analysis of coverage (ATE_COV.2).34 6.7.3.2.3 Rigorous analysis of coverage (ATE_COV.3) 35 6.7.3.3 Depth family (ATE_DPT).36 6.7.3.3.1 Testing: high-level design (ATE_DPT.1)36 6.7.3.3.2 Testing: low-level design (ATE_DPT.2).36 6.7.3.3.
22、3 Testing: implementation representation (APT_DPT.3).36 6.7.3.4 Functional tests family (ATE_FUN).37 6.7.3.4.1 Functional testing (ATE_FUN.1)37 6.7.3.4.2 Ordered functional testing (ATE_FUN.2).37 6.7.3.5 Independent testing (ATE_IND).38 6.7.3.5.1 Independent testing - conformance (ATE_IND.1) 38 6.7.
23、3.5.2 Independent testing - sample (ATE_IND.2)38 6.7.3.5.3 Independent testing - complete (ATE_IND.3) 38 6.8 Vulnerability assessment38 6.8.1 Class description.38 6.8.2 Implications for the standardization process.39 6.8.3 Families and components39 6.8.3.1 Vulnerability assessment class evaluation l
24、evels 39 6.8.3.2 Covert channel analysis family (AVA_CCA).39 6.8.3.2.1 Covert channel analysis.40 6.8.3.2.2 Systematic covert channel analysis .40 ETSI ETSI EG 202 387 V1.1.1 (2005-04) 5 6.8.3.2.3 Exhaustive covert channel analysis .40 6.8.3.3 Misuse family (AVA_MSU).40 6.8.3.3.1 Strength of TOE sec
25、urity functions family (AVA_SOF) 40 6.8.3.3.2 Strength of TOE security function evaluation .40 6.8.3.4 Vulnerability analysis family (AVA_VLA)41 6.8.3.4.1 Developer vulnerability analysis .42 6.8.3.4.2 Independent vulnerability analysis 42 6.8.3.4.3 Moderately resistant 42 6.8.3.4.4 Highly resistant
26、42 6.9 Maintenance of assurance.42 6.9.1 Class description.42 6.9.2 Implications for the standardization process.43 Annex A (normative): Functional components in ISO/IEC-15408-2 18 .44 A.1 Introduction 44 A.2 Security audit44 A.3 Communication 46 A.4 Cryptographic support46 A.5 User data protection4
27、6 A.6 Identification and authentication49 A.7 Security management .50 A.8 Privacy51 A.9 Protection of the TSF .52 A.10 Resource utilization54 A.11 TOE Access55 A.12 Trusted path/channels.56 Annex B (normative): Protocol Implementation Conformance Statement (PICS)57 Annex C (informative): Bibliograph
28、y.59 History 60 ETSI ETSI EG 202 387 V1.1.1 (2005-04) 6 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and
29、 can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pu
30、rsuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present d
31、ocument. Foreword This ETSI Guide (EG) has been produced by ETSI Technical Committee Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN). Introduction The present document has been prepared with the sponsorship of the eEurope programme as part of the ETS
32、I support to the eEurope action line for a secure information infrastructure (item 3: Society). A major part of any security specification, and of a security product, is the measure of assurance it provides with respect to the security it offers. Information security evaluation contributes to the us
33、ers trust and confidence in communications products and services. The use of common criteria for evaluation (as defined in ISO/IEC 15408 20) has facilitated mutual recognition of results in many European countries and these countries have also entered into an arrangement with the US and Canada for f
34、urther mutual recognition of IT security certificates. The present document is part of a set of standards and guidelines which show how the Common Criteria as identified in ISO/IEC 15408 20 can be used effectively within the ETSI standardization process. The documents in this set are: EG 202 387: Me
35、thod for application of Common Criteria to ETSI deliverables; ES 202 382 2: Method and proforma for defining Protection Profiles; ES 202 383 3: Method and proforma for defining Security Targets. Between them, these documents identify how standards fit to the Common Criteria and how developers of sta
36、ndards should prepare their standards with a view to support submission for evaluation of product conforming to the standards. Adoption of Common Criteria objectives in standardization of security countermeasures is also consistent with achieving the objectives and recommendations of the NIS report.
37、 ETSI ETSI EG 202 387 V1.1.1 (2005-04) 7 1 Scope The present document is a guide to the development of standards that allow compliant product to be considered for product evaluation under the Common Criteria scheme 20. NOTE: Within Europe there is mutual recognition of CC evaluation results for all
38、assurance levels. The present document gives guidance to standards authors (rapporteurs and contributors) on the scope and application of the Common Criteria for Information Technology Security Evaluation 20 and how ETSI standards may be developed to meet the goals and objectives of the Common Crite
39、ria. The purpose of the present document is to provide developers of security standards with a summary of the requirements of ISO/IEC-15408 20 in the context of standardization and to give guidance on how formal methods and other engineering techniques can be used to ensure that standards meet, as f
40、ar as is possible, the requirements of ISO/IEC 15408 20 and do not prevent an implementation from achieving an appropriate EAL. 2 References The following documents contain provisions which, through reference in this text, constitute provisions of the present document. References are either specific
41、 (identified by date of publication and/or edition number or version number) or non-specific. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. Referenced documents which are not found to be publicly available in the expected locat
42、ion might be found at http:/docbox.etsi.org/Reference. 1 ETSI EN 300 392-7: “Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 7: Security“. 2 ETSI ES 202 382: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Security Design Guide; Meth
43、od and proforma for defining Protection Profiles“. 3 ETSI ES 202 383: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Security Design Guide; Method and proforma for defining Security Targets“. 4 ETSI TS 102 237-1: “Telecommunications and Internet P
44、rotocol Harmonization Over Networks (TIPHON) Release 4; Interoperability test methods and approaches; Part 1: Generic approach to interoperability testing“. 5 ETSI ETS 300 406: “Methods for Testing and Specification (MTS); Protocol and profile conformance testing specifications; Standardization meth
45、odology“. 6 ETSI ETR 332: “Security Techniques Advisory Group (STAG); Security requirements capture“. 7 ETSI EG 201 383: “Methods for Testing and Specification (MTS); Use of SDL in ETSI deliverables; Guidelines for facilitating validation and the development of conformance tests“. 8 ETSI EG 201 872:
46、 “Methods for Testing and Specification (MTS); Methodological approach to the use of object-orientation in the standards making process“. 9 ETSI EG 202 106: “Methods for Testing and Specification (MTS); Guidelines for the use of formal SDL as a descriptive tool“. ETSI ETSI EG 202 387 V1.1.1 (2005-04
47、) 8 10 ITU-T Recommendation I.130: “Method for the characterization of telecommunication services supported by an ISDN and network capabilities of an ISDN“. 11 ETSI EG 201 015: “Methods for Testing and Specification (MTS); Specification of protocols and services; Validation methodology for standards
48、 using Specification and Description Language (SDL); Handbook“. 12 ETSI EG 201 058: “Methods for Testing and Specification (MTS); Implementation Conformance Statement (ICS) proforma style guide“. 13 ETSI EG 202 107: “Methods for Testing and Specification (MTS); Planning for validation and testing in
49、 the standards-making process“. 14 ETSI ETR 184: “Methods for Testing and Specification (MTS); Overview of validation techniques for European Telecommunication Standards (ETSs) containing SDL“. 15 ETSI SR 001 262: “ETSI Drafting rules“. 16 ISO/IEC 13335 (parts 1 to 5): “Information technology - Guidelines for the Management of IT Security (GMITS)“. 17 ISO/IEC 15408-1: “Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model“. 18 ISO/IEC 15408-2:
