1、 ETSI TR 102 420 V1.1.1 (2005-05)Technical Report Telecommunications and Internet converged Services andProtocols for Advanced Networking (TISPAN);Review of activity on securityETSI ETSI TR 102 420 V1.1.1 (2005-05) 2 Reference DTR/TISPAN-07011-Tech Keywords management, report, security ETSI 650 Rout
2、e des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded
3、from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall
4、 be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is availab
5、le at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The cop
6、yright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2005. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMand the TIPHON logo are Trade Marks currently
7、 being registered by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TR 102 420 V1.1.1 (2005-05) 3 Contents Intellectual Property Rights5 Foreword.5 1 Scope 6 2 References 6 3 Definitions
8、 and abbreviations.8 3.1 Definitions8 3.2 Abbreviations .8 4 Introduction 9 5 Review of other security domain specifications.9 5.1 ISO/IEC 17799.9 6 ENUM Case study9 6.1 Purpose.9 6.2 Overview of ENUM .9 6.3 Security and common criteria in ENUM11 6.3.1 Privacy concerns.11 6.3.2 Security concerns11 6
9、.3.2.1 DNS security mechanisms 12 6.3.3 Security critical ENUM operations.13 6.3.3.1 Registration of an E.164 number in the ENUM database .13 6.3.3.2 Processes for creation, modification and deletion of NAPTR Records in the Tier 2 database .14 6.3.3.3 Processes for removal of E.164 numbers from ENUM
10、 databases.15 6.3.3.4 Processes for changing Registrars.16 6.3.4 ENUM assets 16 6.3.4.1 NAPTR records.16 6.3.4.2 ENUM query.17 6.3.5 Composite security model 17 6.4 CORAS method application in ENUM analysis 18 6.4.1 Introduction.18 6.4.2 CORAS platform and UML profile 18 6.4.3 The risk management pr
11、ocess.21 6.4.4 The risk documentation framework 23 7 UML modelling24 7.1 Introduction 24 7.2 Core security model24 7.3 Development of stereotypes .26 7.4 Application of stereotypes29 Annex A: UML modelling of ISO/IEC 15408-2.30 A.1 Introduction 30 A.2 Structure of the UML model 33 A.3 UML model for
12、ISO/IEC 15408-2 .34 A.3.1 TSF Package Dependency34 A.3.2 Package TSF_FAU.35 A.3.3 Package TSF_FCO.45 A.3.4 Package TSF_FCS50 A.3.5 Package TSF_FIA 76 A.3.6 Package TSF_FMT.86 A.3.7 Package TSF_FPR96 A.3.8 Package TSF_FPT103 A.3.9 Package TSF_FRU.124 ETSI ETSI TR 102 420 V1.1.1 (2005-05) 4 A.3.10 Pac
13、kage TSF_FTA .130 A.3.11 Package TSF_FTP139 History 144 ETSI ETSI TR 102 420 V1.1.1 (2005-05) 5 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly availab
14、le for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server
15、(http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, o
16、r may become, essential to the present document. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN). ETSI ETSI TR 102 420 V1.1.1 (2005-05) 6 1 Scope The present document g
17、athers together and presents information regarding the progress of work in the development of guidelines on the use of the Common Criteria for the evaluation of IT security (ISO/IEC 15408 22). The purpose of the present document is to be a repository for information which is of interest but which ha
18、s no clear place in the core guidance documents, thus: notes on information studied in order to prepare the core guidance documents: - method for application of Common Criteria to ETSI deliverables, EG 202 387 1; - method and proforma for defining Protection Profiles, ES 202 382 2; - method and prof
19、orma for defining Security Targets, ES 202 383 3. notes on use of tools and tool development; and notes on the assistance given to TISPAN-WG4 on the ENUM privacy analysis. 2 References For the purposes of this Technical Report (TR), the following references apply: 1 ETSI EG 202 387: “Telecommunicati
20、ons and Internet converged Services and Protocols for Advanced Networking (TISPAN); Security Design Guide; Method for application of Common Criteria to ETSI deliverables“. 2 ETSI ES 202 382: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Security
21、Design Guide; Method and proforma for defining Protection Profiles“. 3 ETSI ES 202 383: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Security Design Guide; Method and proforma for defining Security Targets“. 4 IETF RFC 3761 (2004): “The E.164 to
22、 Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM)“. 5 ETSI TS 102 051: “ENUM administration in Europe“. 6 ETSI TS 102 172: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Minimum requirements for inte
23、roperability of ENUM implementations“. 7 IETF RFC 2915: “The Naming Authority Pointer (NAPTR) DNS Resource Record“. 8 IETF STD 013: “Domain Names - Concepts And Facilities“. 9 IETF RFC 2535: “Domain Name System Security Extensions“. 10 ETSI TS 102 165-1: “Telecommunications and Internet Protocol Har
24、monization over Networks (TIPHON) Release 4; Protocol Framework Definition; Methods and Protocols for Security; Part 1: Threat Analysis“. 11 IETF RFC 1034 (1987): “Domain names - concepts and facilities“. 12 IETF RFC 1035 (1987): “Domain names - implementation and specification“. 13 Draft-ietf-dnsex
25、t-dns-threats-07 (2004): “Threat Analysis of the Domain Name System“. ETSI ETSI TR 102 420 V1.1.1 (2005-05) 7 14 Draft-ietf-dnsext-dnssec-protocol-06 (2004): “Protocol Modifications for the DNS Security Extensions“. 15 Draft-ietf-dnsext-dnssec-records-08 (2004): “Resource Records for DNS Security Ex
26、tensions“. 16 ITU-T Recommendation E.164 (1997): “The international public telecommunication numbering plan“. 17 Draft-ietf-dnsext-dnssec-intro-11 (2004): “DNS Security Introduction and Requirements“. 18 “DNSSEC: The Protocol, Deployment, and a Bit of Development“ - The Internet Protocol Journal, Vo
27、lume 7, Issue 2, June 2004. 19 ISO/IEC 15408-1: “Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model“. 20 ISO/IEC 15408-2: “Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security fu
28、nctional requirements“. 21 ISO/IEC 15408-3: “Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance requirements“. 22 ISO/IEC 15408: “Information technology - Security techniques - Evaluation criteria for IT security“. 23 ISO/IEC 17799 (2000):
29、 “Information technology - Code of practice for information security management“. NOTE: BS 7799-1 contains the same information as ISO/IEC 17799. 24 BS 7799-2 (2002): Information security management systems - Specification with guidance for use“. 25 CORAS (2003): “UML profile for security assessment
30、“, Mass Soldal Lund, Ida Hogganvik, Fredrik Seehusen, Ketil Stlen. SINTEF Telecom and Informatics (http:/). 26 ETSI SR 002 211 (2004): “List of standards and/or specifications for electronic communications networks, services and associated facilities and services; in accordance with Article 17 of Di
31、rective 2002/21/EC“. 27 ISO 9000 family: “Quality management systems“, 2000, consisting of: ISO 9000 (2000): “Quality management systems - Fundamentals and vocabulary“; and ISO 9001 (2000): “Quality management systems - Requirements“. 28 ISO/IEC Guide 2: “Standardization and related activities - Voc
32、abulary“; and ISO/IEC DIS 17000: “Vocabulary for conformity assessment“. NOTE: ISO/IEC DIS 17000 is currently in the draft International Standard stage of development; it will replace some of the terminology defined in Guide 2. 29 OMG: “UML Profile for Modeling Quality of Service and Fault Tolerance
33、 Characteristics Protocol Framework Definition; Methods and Protocols for Security; Part 2: Counter Measures“. 31 Directive 2002/21/EC of the European Parliament and of the Council of 7 March 2002 on a common regulatory framework for electronic communications networks and services (Framework Directi
34、ve). 32 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). ETSI ETSI TR 102 420 V1.1.1 (2005-05) 8 33
35、 Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector. 34 ISO/IEC 10746 (ODP-RM): “Information technology - Open Distributed Processing“. 35 ETSI EN 300 396-6: “
36、Terrestrial Trunked Radio (TETRA); Direct Mode Operation (DMO); Part 6: Security“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in the ISO/IEC Guide 2 28 and the following apply: accreditation: formal recognition by a speci
37、alized body - an accreditation body - that a certification body is competent to carry out ISO 9000 27 certification in specified business sectors certification: issuing of written assurance (the certificate) by an independent, external body that has audited an organizations management system and ver
38、ified that it conforms to the requirements specified in the standard registration: recording by an auditing body of a particular certification in its client register 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: DNS Domain Name System DNSSEC DNS Secur
39、ity extensions EAL Evaluation Assurance Level ENUM Electronic NUMbering MBRA Model-Based Risk Assessment NAPTR Naming Authority PointeR NNPA National Number Plan Administrator PP Protection Profile PSTN Public Switched Telephone Network RR Resource Record RRSIG Resource Record SIGnature SIP Session
40、Initiation Protocol TLD Top Level Domain TOE Target of Evaluation TSF TOE Security Function TSP Telecommunications Service Provider UDP User Datagram Protocol UML Unified Modelling Language ETSI ETSI TR 102 420 V1.1.1 (2005-05) 9 4 Introduction The present document gathers and presents information r
41、elating to the preparation of a set of ETSI deliverables on the application of the Common Criteria 22 to standardization. Clause 5 presents a review of public specifications relating to the management of security developments and how these relate to ETSI and to Common Criteria specifications. Clause
42、 6 presents the results of a case study looking at a security analysis of ENUM. This clause also introduces and describes the results of applying the CORAS method to risk analysis and security requirements capture. Clause 7 presents the results of using UML in a security modelling environment. 5 Rev
43、iew of other security domain specifications 5.1 ISO/IEC 17799 There are many standards that lead to consistency in the quality of output from an undertaking. The most well known of these is probably the ISO-9000 27 series which comprises standards and guidelines relating to quality management system
44、s with related supporting standards on terminology and specific tools such as auditing (the process of checking that the management system conforms to the standard). In the ISO 9000 27 context, the standardized definition of quality refers to all those features of a product (or service) which are re
45、quired by the customer. ISO/IEC 17799 23 deals with quality for security. It is a “best practise“ type of document which specifies what an organization should do to ensure that its products or services satisfy the customers security requirements and comply with any applicable regulations. Due to the
46、 voluntary nature of standardization, the standards development process is unlikely ever to comply with ISO/IEC 17799 23 whose requirements for personnel security (clause 6) in particular are almost impossible to meet in such an environment. 6 ENUM Case study 6.1 Purpose The purpose of including a c
47、ase study in the work of the preparation of a set of ETSI deliverables on the application of the Common Criteria 22 to standardization was to test and validate the guidance as it evolved in a “live“ environment. A number of case studies were used in the development of the guidance. ES 202 382 2 uses
48、 the TETRA Direct Mode Operation security specification (EN 300 396-6 35) as an example in building a Protection Profile from existing standards. The TIPHON threat analysis (ES 202 165-1 10) and countermeasure (ES 202 165-2 30) documents were examined in the development of guidance to the Vulnerabil
49、ity assurance evaluation class in EG 202 387 1. The use of ENUM as a case study was to examine the security analysis aspects of Common Criteria and in particular to determine how the guidance to the assurance classes of EG 202 387 1 apply to a standard in development. In addition to this one of the tasks in the preparation of a set of ETSI deliverables on the application of the Common Criteria 22 to standardization was to evaluate the COR
