ECMA TR 78-1999 ECMA Protection Profile E - COFC Public Business Class《ECMA保护轮廓 E-COFC 公共商业级》.pdf
《ECMA TR 78-1999 ECMA Protection Profile E - COFC Public Business Class《ECMA保护轮廓 E-COFC 公共商业级》.pdf》由会员分享,可在线阅读,更多相关《ECMA TR 78-1999 ECMA Protection Profile E - COFC Public Business Class《ECMA保护轮廓 E-COFC 公共商业级》.pdf(104页珍藏版)》请在麦多课文档分享上搜索。
1、ECMA Technical Report TR/78December 1999Standardizing Information and Communication SystemsPhone: +41 22 849.60.00 - Fax: +41 22 849.60.01 - URL: http:/www.ecma.ch - Internet: helpdeskecma.chECMA Protection ProfileE - COFC Public Business Class.ECMA Technical Report TR/78December 1999Standardizing I
2、nformation and Communication SystemsPhone: +41 22 849.60.00 - Fax: +41 22 849.60.01 - URL: http:/www.ecma.ch - Internet: helpdeskecma.chLL TR-078.DOC 28-02-00 10,04ECMA Protection ProfileE - COFC Public Business Class.Brief HistoryAfter the ECMA Technical Committee TC36 “IT Security“ had completed t
3、he development of the StandardECMA-271 “Extended Commercially Oriented Functionality Class for Security Evaluation (E - COFC)“ it was quitenatural to continue with the development of a Protection Profile, i.e. a Profile that combines the functional criteria ofthe E - COFC with a set of assurance cri
4、teria. It was decided to use the Common Criteria for this purpose, since thesecriteria were in the process of being standardized by ISO/IEC JTC1/SC27.Due to the active support of the US National Institute of Standardization and Technology (NIST) in TC36 it waspossible to build this profile, based on
5、 the Public Business Class of E - COFC. Starting point and basis of theE - COFC PP development was the NIST PP Version 0.31 by Gary Stoneburner (NIST), 23 July 1998. Kristina C.Rogers (Cygnacom Solutions) was then given the task to convert the E - COFC Public Business Class into aProtection Profile.
6、 This work was then adopted by TC36 and updated to include those changes which meanwhile weremade to the E - COFC in its second edition.The purpose of developing a Protection Profile was to demonstrate how the E - COFC criteria can be applied for ITsystem evaluations.This Technical Report ECMA TR/78
7、 gives the technical details. Another Technical Report will explain theapplication of the Profile and discuss its limitations. This report is under preparation.Adopted as ECMA Technical Report TR/78 by the General Assembly of 16 December 1999.- i -Table of Contents1 Introduction 31.1 Identification
8、31.2 Protection Profile overview 32 TOE description 32.1 E - COFC overview 32.2 The TOE environment 32.3 Hierarchical classes 43 Security environment 53.1 Secure usage assumptions 53.2 Organizational security policies 53.3 Threats to security 54 Security objectives 74.1 TOE security objectives 74.2
9、Environmental security objectives 95 Security requirements 105.1 TOE security functional requirements 105.1.1 Class FAU: Security audit 125.1.2 Class FCO: Communication 135.1.3 Class FCS: Cryptographic support 145.1.4 Class FDP: User data protection 155.1.5 Class FIA: Identification and authenticati
10、on 175.1.6 Class FMT: Security management 195.1.7 Class FPR: Privacy 215.1.8 Class FPT: Protection of the TOE security functions 215.1.9 Class FRU: Resource utilization 235.1.10 Class FTA: TOE access 235.1.11 Class FTP: Trusted path channels 245.1.12 New components 245.2 TOE assurance requirements 2
11、55.2.1 Class ACM: Configuration management 265.2.2 Class ADO: Delivery and operation 265.2.3 Class ADV: Development (ADV) 275.2.4 Class AGD: Guidance documents 295.2.5 Class ALC: Life cycle support 305.2.6 Class ATE: Tests 315.2.7 Class AVA: Vulnerability assessment 325.2.8 Class AMA: Maintenance of
12、 assurance 335.3 Security requirements for the IT environment 33- ii -Annex A PP Rationale 35A.1 Introduction to PP Rationale 35A.2 Security objectives rationale 35A.3 Functional requirements rationale 41A.4 Functional requirements dependencies 47A.5 Assurance requirements rationale 50A.6 Mapping of
13、 E - COFC threats to PP threats 51A.7 Mapping of E - COFC threats and Countermeasures to Protection Profile objectives 54A.8 Mapping of E - COFC functionalities to CC functional components 61A.9 Mapping of CC functional components to E - COFC functionalities 87Annex B Glossary 91Annex C References 9
14、31 Introduction1.1 IdentificationTitle: ECMA Protection Profile, E - COFC Public Business Class, Version 2.02Assurance level: EAL2 AugmentedRegistration: Keywords: electronic commerce, commercial functionality, operating systems, networks, distributedsystems, ECMA, E - COFC.1.2 Protection Profile ov
15、erviewThe Extended Commercially Oriented Functionality Class (E - COFC) Public Business (PB) ClassProtection Profile (PP) is based on the requirements for the Public Business Class contained in ECMA-271.The E - COFC PP is Part 2 extended with respect to its functional requirements and EAL2 augmented
16、 withrespect to its assurance requirements. The E - COFC PP applies to the security of data processing in acommercial business environment, independent of hardware and software platforms of the participatingsystems. Its functions are selected to satisfy the minimal set of security requirements for t
17、ypical businessapplications of interconnected systems. The IT Security Policy is based on a Confidentiality Policy, anIntegrity Policy, an Accountability Policy and an Availability Policy. These dedicated policies are enforcedby an appropriate IT security architecture which is decomposed into differ
18、ent domains, such as networksecurity, systems security and application security. This IT security architecture provides a specific set ofsecurity services and the associated security management. The security services and the securitymanagement are based on a specific set of protocols and mechanisms
19、(security enforcing functions) whichmay be realized by non-cryptographic (access control) and cryptographic means (symmetric methods,public key methods).The Protection Profile Rationale is provided in annex A.2 TOE description2.1 E - COFC overviewThe Extended Commercially Oriented Functionality Clas
20、s (E - COFC) is an ECMA standard, whichspecifies security evaluation criteria for interconnected IT systems. The systems are interconnected througha communication network, which is considered priori not trusted. The systems may be located at differentsites, cities or countries, and are connected thr
21、ough leased lines, public networks or private networks.The E - COFC Standard applies to the security of data processing in a commercial business environment,independent of hardware and software platforms of the participating systems. Its functions are selected tosatisfy the minimal set of security r
22、equirements for typical business applications of interconnected systems.The E - COFC is based on an IT Security Policy of a commercial enterprise taking typical environmentaland organizational constraints into account. As in reality the IT Security Policy is based on aConfidentiality Policy, an Inte
23、grity Policy, an Accountability Policy and an Availability Policy. Thesededicated policies are enforced by an appropriate IT security architecture which is decomposed intodifferent domains, such as network security, systems security and application security. This IT securityarchitecture provides a s
24、pecific set of security services and the associated security management. Thesecurity services and the security management are based on a specific set of protocols and mechanisms(security enforcing functions) which may be realized by non-cryptographic (access control) andcryptographic means (symmetri
- 1.请仔细阅读文档,确保文档完整性,对于不预览、不比对内容而直接下载带来的问题本站不予受理。
- 2.下载的文档,不会出现我们的网址水印。
- 3、该文档所得收入(下载+内容+预览)归上传者、原创作者;如果您是本文档原作者,请点此认领!既往收益都归您。
下载文档到电脑,查找使用更方便
10000 积分 0人已下载
下载 | 加入VIP,交流精品资源 |
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ECMATR781999ECMAPROTECTIONPROFILEECOFCPUBLICBUSINESSCLASSECMA 保护 轮廓 ECOFC 公共 商业 PDF

链接地址:http://www.mydoc123.com/p-704884.html