8(495)909-90-01
8(964)644-46-00
pro@sio.su
Главная
Системы видеонаблюдения
Охранная сигнализация
Пожарная сигнализация
Система пожаротушения
Система контроля удаленного доступа
Оповещение и эвакуация
Контроль периметра
Система домофонии
Парковочные системы
Проектирование слаботочных сетей
Аварийный
контроль
Раздел: Документация

0 ... 20 21 22 23 24 25 26 ... 73

Objectives

EAL5 permits a developer to gain maximum assurance from security engineering based upon rigorous commercial development practices supported by moderate application of specialist security engineering techniques. Such a TOE will probably be designed and developed with the intent of achieving EAL5 assurance. It is likely that the additional costs attributable to the EAL5 requirements, relative to rigorous development without the application of specialised techniques, will not be large.

EAL5 is therefore applicable in those circumstances where developers or users require a high level of independently assured security in a planned development and require a rigorous development approach without incurring unreasonable costs attributable to specialist security engineering techniques.

Assurance components

EAL5 (see Table 6.6) provides assurance by an analysis of the security functions, using a functional and complete interface specification, guidance documentation, the high-level and low-level design of the TOE, and all of the implementation, to understand the security behaviour. Assurance is additionally gained through a formal model of the TOE security policy and a semiformal presentation of the functional specification and high-level design and a semiformal demonstration of correspondence between them. A modular TOE design is also required.

The analysis is supported by independent testing of the TOE security functions, evidence of developer testing based on the functional specification, high-level design and low-level design, selective independent confirmation of the developer test results, strength of function analysis, evidence of a developer search for vulnerabilities, and an independent vulnerability analysis demonstrating resistance to penetration attackers with a moderate attack potential. The analysis also includes validation of the developers covert channel analysis.

EAL5 also provides assurance through the use of a development environment controls, and comprehensive TOE configuration management including automation, and evidence of secure delivery procedures.

This EAL represents a meaningful increase in assurance from EAL4 by requiring semiformal design descriptions, the entire implementation, a more structured (and hence analysable) architecture, covert channel analysis, and improved mechanisms and/or procedures that provide confidence that the TOE will not be tampered with during development.


Assurance class

Assurance components

Configuration management

ACMAUT. 1 Partial CM automation

ACMCAP.4 Generation support and acceptance procedures

ACMSCP.3 Development tools CM coverage

Delivery and operation

ADO DEL.2 Detection of modification

ADOIGS. 1 Installation, generation, and start-up procedures

Development

ADVFSP.3 Semiformal functional specification

ADV HLD.3 Semiformal high-level design

ADVIMP.2 Implementation of the TSF

ADVINT.l Modularity

ADV LLD. 1 Descriptive low-level design

ADV RCR.2 Semiformal correspondence demonstration

ADVSPM.3 Formal TOE security policy model

Guidance documents

AGDADM.1 Administrator guidance

AGDUSR.1 User guidance

Life cycle support

ALCDVS.1 Identification of security measures

ALCLCD.2 Standardised life-cycle model

ALCTAT.2 Compliance with implementation standards

Tests

ATE COV.2 Analysis of coverage

ATEDPT.2 Testing: low-level design

ATE FUN.1 Functional testing

ATE IND.2 Independent testing - sample

Vulnerability assessment

AVA CCA.l Covert channel analysis

AVA MSU.2 Validation of analysis

AVASOF. 1 Strength of TOE security function evaluation

AVAVLA.3 Moderately resistant


Objectives

EAL6 permits developers to gain high assurance from application of security engineering techniques to a rigorous development environment in order to produce a premium TOE for protecting high value assets against significant risks.

EAL6 is therefore applicable to the development of security TOEs for application in high risk situations where the value of the protected assets justifies the additional costs.

Assurance components

EAL6 (see Table 6.7) provides assurance by an analysis of the security functions, using a functional and complete interface specification, guidance documentation, the high-level and low-level design of the of the TOE, and a structured presentation of the implementation, to understand the security behaviour. Assurance is additionally gained through a formal model ofthe TOE security policy, a semiformal presentation of the functional specification, high-level design, and low-level design and a semiformal demonstration of correspondence between them. A modular and layered TOE design is also required.

The analysis is supported by independent testing of the TOE security functions, evidence of developer testing based on the functional specification, high-level design and low-level design, selective independent confirmation of the developer test results, strength of function analysis, evidence of a developer search for vulnerabilities, and an independent vulnerability analysis demonstrating resistance to penetration attackers with a high attack potential. The analysis also includes validation of the developers systematic covert channel analysis.

EAL6 also provides assurance through the use of a structured development process,

development environment controls, and comprehensive TOE configuration management including complete automation, and evidence ofsecure delivery procedures.

This EAL represents a meaningful increase in assurance from EAL5 by requiring more comprehensive analysis, a structured representation of the implementation, more architectural structure (e.g. layering), more comprehensive independent vulnerability analysis, systematic covert channel identification, and improved configuration management and development environment controls.



0 ... 20 21 22 23 24 25 26 ... 73