LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/Secure-Programs-HOWTO/requirements.html

238 lines
4.5 KiB
HTML
Raw Permalink Blame History

<HTML
><HEAD
><TITLE
>Security Requirements</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="Secure Programming for Linux and Unix HOWTO"
HREF="index.html"><LINK
REL="PREVIOUS"
TITLE="Specialized Security Extensions for Unix-like Systems"
HREF="unix-extensions.html"><LINK
REL="NEXT"
TITLE="Common Criteria Introduction"
HREF="x595.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Secure Programming for Linux and Unix HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="unix-extensions.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="x595.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="REQUIREMENTS"
></A
>Chapter 4. Security Requirements</H1
><TABLE
BORDER="0"
WIDTH="100%"
CELLSPACING="0"
CELLPADDING="0"
CLASS="EPIGRAPH"
><TR
><TD
WIDTH="45%"
>&nbsp;</TD
><TD
WIDTH="45%"
ALIGN="LEFT"
VALIGN="TOP"
><I
><P
><I
>You will know that your tent is secure;
you will take stock of your property and find nothing missing.</I
></P
></I
></TD
></TR
><TR
><TD
WIDTH="45%"
>&nbsp;</TD
><TD
WIDTH="45%"
ALIGN="RIGHT"
VALIGN="TOP"
><I
><SPAN
CLASS="ATTRIBUTION"
>Job 5:24 (NIV)</SPAN
></I
></TD
></TR
></TABLE
><DIV
CLASS="TOC"
><DL
><DT
><B
>Table of Contents</B
></DT
><DT
>4.1. <A
HREF="x595.html"
>Common Criteria Introduction</A
></DT
><DT
>4.2. <A
HREF="x608.html"
>Security Environment and Objectives</A
></DT
><DT
>4.3. <A
HREF="x615.html"
>Security Functionality Requirements</A
></DT
><DT
>4.4. <A
HREF="x641.html"
>Security Assurance Measure Requirements</A
></DT
></DL
></DIV
><P
>Before you can determine if a program is secure, you need to determine
exactly what its security requirements are.
Thankfully, there's an international standard for identifying and defining
security requirements that is useful for many such circumstances:
the Common Criteria [CC 1999], standardized as ISO/IEC 15408:1999.
The CC is the culmination of decades of work to identify
information technology security requirements.
There are other schemes for defining security requirements and evaluating
products to see if products meet the requirements,
such as NIST FIPS-140 for cryptographic equipment,
but these other schemes are generally focused on a
specialized area and won't be considered further here.</P
><P
>This chapter briefly describes the Common Criteria (CC) and how to use its
concepts to help you informally identify security requirements and
talk with others about security requirements using standard terminology.
The language of the CC is more precise, but it's also more formal and
harder to understand; hopefully the text in this section will help you
"get the jist".</P
><P
>Note that, in some circumstances, software cannot be used unless it
has undergone a CC evaluation by an accredited laboratory.
This includes certain kinds of uses in the U.S. Department of Defense
(as specified by NSTISSP Number 11, which requires that before some
products can be used they must be evaluated or enter evaluation),
and in the future such a requirement may
also include some kinds of uses for software in the U.S. federal government.
This section doesn't provide enough information
if you plan to actually go through a CC evaluation by an
accredited laboratory.
If you plan to go through a formal evaluation,
you need to read the real CC, examine various websites to really understand
the basics of the CC, and
eventually contract a lab accredited to do a CC evaluation.</P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="unix-extensions.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="x595.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Specialized Security Extensions for Unix-like Systems</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Common Criteria Introduction</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink