信息安全保障1.ppt

ComSEC) (CompSEC) IT (ITSEC) IA)

40 40 70 70 1949 1949 Shannon Shannon 1977 1977 DES DES 1976 1976 Diffie Diffie Hellman Hellman New Directions in New Directions in Cryptography Cryptography

70 70 80 80 TCB TCB 1985 1985 TCSEC TCSEC D C1 C1 C2 C2 B1 B1 B2 B2 B3 B3 A1 A1 TNI TNI 1987 1987 TDI TDI 1991 1991 rainbow rainbow

PKI PKIVPN CC ISO 15408 GB/T 18336

GB/T 9387.2 2 : ISO 7498-2 : a. b.

Application layer Representation layer Session layer Transport layer Network layer Link layer Physical layer enciperment Data integrity Access control Route control Digital signature Data Exchange Traffic Padding notarization authentication Access control Data integrity Data confidentiality Non-repudiation Trusted functionality Security Label Detection Security Audit Trail Security Restoration

OSI OSI

ISO 1 2 3 4 5 6 7

--CC GB 18336 idt ISO 15408

(CC) 1993 1996 1996 V 1.0, 1998 V 2.0 19995 ISO-15408. ITSEC FC PP.

CC IT / IT CC

TOE(Target of Evaluation) PP(Protection Profile) ST(Security Target) EAL(Evaluation Assurance Level)

TOE

PP : Smart Card PP, Firewall PP

PP 1 1 1 PP 12 PP 2 TOE TOE 3 31 32 33 4 41 TOE 42 5 IT 51 TOE 52 TOE 53 IT IT 6 61 62 7 PP TOE CC CC

ST / IT : Firewall ST

1.1 ST 1.2 ST ST 1.3 CC 2 TOE TOE 3 31 32 33 4 41 TOE 42 5 IT 51 TOE 52 TOE IT 53 IT 6 TOE 61 TOE 62 7 71 PP 72 PP 73 PP 8 81 82 83 TOE ST TOE ST TOE CC CC IT IT IT

- / - -

/ FDP FDP FDP_ACC FDP_ACC FDP_ACC.1) PP/ST/

Family Family PP/ST/

CC / PP ST

Family Family

11

6 2 3 6 13 4 16 3 3 2 6 135 135

FAU

CM ACM CM CM ADO ADV TSF AGD ALC ATE AVA TOE ACM_AUT ACM_CAP ACM_SCP ADO_DEL ADO_IGS ADV_FSP ADV_HLD ADV_IMP ADV_INT ADV_LLD ADV_RCR ADV_SPM AGD_ADM AGD_USR ALC_DVS ALC_FLR ALC_LCD ALC_TAT ATE_COV ATE_DPT ATE_FUN ATE_IND AVA_CCA AVA_MSU AVA_SOF AVA_VLA

EAL1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7

EAL E AL EAL1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7

C1 C2 C3 Cn (CC PART 2) (CC PART 3) Family C1 C2 C3 Cn Family C1 C2 C3 Cn C1 C2 C3 Cn C1 C2 C3 Cn C1 C2 C3 Cn PPST 1 2 3 n CC CC TOE / CC CC

via TSP via TSP INTERNET Via TSP 1 2 Via TSP

--

- SSE-CMM ISSE

Engineering Engineering Assurance Assurance Risk Risk

PA04 PA04 PA05 PA05 PA03 PA03 PA02 PA02

PA10 PA10 PA08 PA08 PA07 PA07 PA09 PA09 PA01 PA01 SSE-CMM CMM

PA11 PA11 PA06 PA06 PA PA SSE-CMM CMM

1 2 3 4 5

1. 2. 3.

1. 2. 3. 4. ( ) 5.

P,D),

-- PDR PPDR APPDRR

PDR Protection: (DACL) (MACL) (Security Label)

PDR Detection:

PDR Reaction:

PDR)

Fred Cohen BUG

GB 18336 idt ISO/IEC 15408 BS 7799, ISO/IEC 17799 SSE-CMM

/ /

GB 18336 idt ISO/IEC 15408

- / / / / / /

-

GB/T 18336 idt ISO/IEC 15408 GB/T 18336 idt ISO/IEC 15408 PP PP PP PP PP PP PP PP ISO/IEC 18045 CEM ISO/IEC 18045 CEM ISPP ISPP /

GB GB 18336 18336 idt idtiso/iec 15408 15408 IATF IATF BS BS 7799, 7799, ISO/IEC ISO/IEC 17799 17799 ISO/IEC ISO/IEC 15443, 15443, COBIT COBIT ISSE ISSE SSE-CMM SSE-CMM DITSCAP, DITSCAP,

- PBX (Internet) Internet VPN PKI

-

-

I II B B B M B M / III B M H IV B H H V M H H

T1 T2 T3 T4 T5 T6 T7

SAL1 SAL1 SAL1 SAL2 SAL2 SAL2 SAL1 SAL1 SAL1 SAL2 SAL3 SAL3 SAL1 SAL2 SAL2 SAL3 SAL3 SAL4 SAL2 SAL3 SAL4 SAL4 SAL4 SAL5

+ EAL EAL + + XX ISPP ISPP XX ISST ISST

ISPP ISPP ISPP ISPP TOE TOE TOE TOE ISPP ISPP ISPP ISPP TOE ISPP ISPP ISPP ISPP TOE TOE TOE TOE ISPP ISPP ISPP ISPP TOE

ISST ISST ISST ISST TOE TOE ISPP ISPP ISST ISST TOE IT TOE TOE TOE TOE TOE ISST ISST ISST ISST TOE TOE ISPP ISPP ISST ISST TOE IT TOE TOE TOE TOE TOE TOE TOE TOE

?,

--CIA

CIA--,,,,,,

MAC DAC BLP Chinese Wall RBAC Biba Clark-Wilson the Chinese Wall Policy is a mandatory access control policy for stock market analysts. This organizational policy is legally binding in the United Kingdom stock exchange.

Usual notation Knowledge logic BAN Process theory CSP,FDR, Casper Spi-calculus Petri nets Strands MSR Inductive methods Temporal logic Automata NRL Prot. Analizer CAPSL Murφ

UMLsec

,,

, Confidence CC C&A Assurance

Complexity Composition&Decomposition Security property System&Security Modelling.

,