The First International Cryptographic Module Conference
September 24-26, Gaithersburg, MD
Bringing experts together from around the world to confer on the topic of cryptographic modules.
Operating System Protection Profile Published by BSI and atsec information security2010-07-06
Austin, TX – atsec is pleased to announce that a new Common Criteria protection profile for operating systems has been published. The protection profile was developed for the German Federal Office for Information Security (BSI) by atsec in cooperation with the OSPP Forum (Argus Systems, HP, IBM (AIX group, z/OS group, Linux group), Juniper Networks, Microsoft, Novell (SUSE), Oracle, Red Hat, SUN, Univention, BSI, NIAP, and atsec).
The need for a second generation certified Operating System Protection Profile (OSPP) becomes apparent when you take a look at the current reality of networked systems and the few general purpose OSPPs that specify industry-agreed functional and assurance requirements applicable to them. The OS paradigm has evolved from single isolated systems to more complex distributed and networked multi-machine environments, thus rendering several of the original protection profiles, including the much cited Labeled Security PP (LSPP), Role-Based Access Control (RBAC), and Controlled Access (CAPP) PPs obsolete. In addition, applications executing on operating systems depend upon a secure platform. The security assurance provided by many modern operating systems has been raised over the last decade with EAL4 being the norm for this technology and with leading vendors raising the bar further.
The OSPP forum included atsec experts, with many decades of security experience, and security architects from leading vendors that are working with key operating systems. Bringing such cooperation to OS security standards is an exemplary model for consolidating the improvements of the last years into the overall security posture of modern operating systems.
Gerald Krummeck, atsec’s laboratory director, summarized “atsec was excited that BSI provided us the opportunity to distill our outstanding expertise as the lab performing most of the OS evaluations worldwide into this protection profile. Together with the OSPP Forum we combined all the expertise that BSI could muster to define a PP that actually worked for both servers and workstations and that fulfils the needs of government and commercial users alike. That's really a new quality for operating system PPs.”
The OSPP project defines a common base of security functions, adds a flexible set of agreed security requirements, and has extensive industry endorsement.
An important feature of the OSPP is its flexibility. By using a base package of mandatory security functions and a set of extended packages, the OSPP makes use of – and enhances – the CC package mechanism. It is also open for future updates, which are intended on a regular basis.
The OSPP Forum agreed on these basic security functions:
- Local auditing
- Cryptographically protected communication links
- User data protection based on discretionary access control
- Packet filter functionality
- Security Management
- Assurance Level EAL4 augmented by flaw remediation
In addition, the following security functions can optionally be claimed by evaluations compliant with the OSPP:
- Role-based management
- Central audit server
- General-purpose cryptography
- Central identification and authentication mechanisms
- Integrity verification
- Access control based on labels
- Trusted boot capability
- Virtualization (hardware-based as well as software-based)
Matthias Intemann, BSI overseer for the development of the OSPP, stated:”When initiating this project, we wanted to create a unified way of evaluating operating systems. Often, you had to cover different protection profiles with different approaches, partly based on different CC versions. Having one approach to the relevant security functional requirement packages helps all involved parties concentrating on security and worrying less about covering formal aspects. Additionally, we wanted to stay under the terms of the international Common Criteria Recognition Agreement (CCRA). Along the way we defined what security functions both customers and developers expect from every modern operating system in a managed environment.”
Helmut Kurth, atsec’s Chief Scientific Officer, co-editor of ISO/IEC TR 15446 “A guide for the production of Protection Profiles and Security Targets”, and one of the editors of the OSPP commented: “We are very happy with the result of this project: the OSPP offers a flexible approach allowing the consideration of many security functions, which are often implemented by different cooperating systems. The OSPP is based on today’s best practices in the security functions expected from a modern operating system and addresses secure OS deployment. The development included expert advice from industry and government. Best of all, it is designed to be open for future development. The process taken to develop the Protection Profile in close cooperation between vendors, users, evaluators and certifiers should become a standard for the development of Common Criteria protection profiles and other such areas of industry significance where cybersecurity is dependent on a united position. atsec’s long term experience with the security evaluation of many operating systems from different vendors including Apple, Cray, IBM, Microsoft, Novell SUSE, Red Hat, and Silicon Graphics was a key factor to develop a protection profile capable of addressing the security functionality modern operating systems provide.”
The OSPP can be viewed at the BSI website.
# # #
About atsec information security
atsec information security (www.atsec.com) is an independent, standards-based information technology security services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich, Germany in 2000 and has extensive international operations with offices in the U.S., Germany, Sweden, and China. atsec's service include formal laboratory testing and evaluation, independent testing and evaluation as well as information security consultancy.
atsec also offers evaluation and testing services leading to formal certification for IT security including evaluation under Common Criteria schemes in the U.S., Germany, and Sweden; This is supported by cryptographic module and algorithm testing under the Cryptographic Module Validation Program of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada.
atsec works with such leading global companies as Apple, Cray, Hewlett-Packard, IBM, Microsoft, Oracle and Red Hat.