seminar term paper
play

Seminar Term Paper Certification of Hardware and Software Formal - PowerPoint PPT Presentation

Aug 22, 2023 •806 likes •1.02k views

Seminar Term Paper Certification of Hardware and Software Formal Methods for Fun and Profit Summer Semester 2005 Theme: Certification of Hardware and Software Supervisor: Jr. Prof. Beckert Presented by: Kiptoo A. Kiprop Registration

  1. Seminar Term Paper Certification of Hardware and Software Formal Methods for Fun and Profit Summer Semester 2005 Theme: Certification of Hardware and Software Supervisor: Jr. Prof. Beckert Presented by: Kiptoo A. Kiprop Registration number: 201210795 University of Koblenz Institute of Computer Science

  2. Certification of Hardware and Software Security Issues � Security � I ssues Certification � Certification � Common Criteria � CC � Protection Profiles � PP � � Security Target ST � � Evaluation Assurance Levels (EALs) EALs � Product certification Product � � Certification Examples � Examples � � Linux Server v.8, JVCM Formal � methods Application of formal methods � application � B-Method Conclusion � Conclusion �

  3. Certification of Hardware and Software Security Issues � Security � I ssues Avoid financial loses � Preserve health and life Certification � � Where security is needed CC � � PP � � high risk systems – banking systems, military, .. ST � � complex and expensive tools – rockets, .. EALs � � everywhere .. Product � Certification � Provision and control of security in ICT Examples � Formal � producers, developers? � methods � Government e.g. through BSI application � EU level Conclusion �

  4. Certification of Hardware and Software Certification � Security � Act of conferring legality, formal warrant I ssues � Some requirements must be fulfilled first � Certification � Certification problems CC � � PP � Extend of validity, e.g. over borders � ST � Requirements may be too lenient � EALs � Time limits for validity � Product � Certification Certification advantages Examples � � Formal � Some quality of security � methods application Standardization � Source of income � Conclusion �

  5. Certification of Hardware and Software Department of Data Security – Schleswig Holstein � Security � I ssues � an example of a functioning certifying body. � issued by the State of Schleswig-Holstein (independent). Certification � � product not compulsory. CC � � issue seal of approval. PP � ST � EALs � Product � Certification Examples � Formal � � Approval of ICT products as well as data processing methods methods. application � go after citizen complaints about products. Conclusion � � citizen assistance.

  6. Certification of Hardware and Software Common Criteria � Security � To develop standard collection of necessary � I ssues requirements. Certification � A short history of national standards � From Trusted Computer Systems evaluation criteria CC � � TCSec – USA (“Orange Book”) to CC v.3.0. PP � ST Flexible enough for newer standards � � EALs � Product � Requirements under unique categories: � Certification Functional requirements – define the desired security Examples � � behaviour in classes ( e.g. Audit, Privacy), families and Formal � methods components. application Security assurance requirements – countercheck to � Conclusion � determine if security measures are effective and correctly implemented, e.g. Development

  7. Certification of Hardware and Software Security � Protection Profiles � I ssues What is needed in a security solution � Certification � User oriented, simple language � PP says what the system has to do CC � � PP � ST � EALs � Security Target � Product � Created by developer � Certification Contains IT security objectives and requirements of a Examples � � specific identified TOE Formal � methods Basis over which an evaluation is performed � application Identify security capabilities of a particular product � Conclusion �

  8. Certification of Hardware and Software � Evaluation Assurance Levels Security � � Trustworthiness, reliability I ssues � hierarchy level increases with increasing security assurance. Certification � CC � PP � ST � EALs � Product � Certification Examples � Formal � methods application Conclusion �

  9. Certification of Hardware and Software � Evaluation Assurance Levels Security � � High-level design: decomposes system into modules I ssues (subsystems) providing functionality described in fuctional Certification � specification. � Low-level design: provide specification of the internal CC � workings of each module. PP � ST � low-level design high-level design EALs � Product � EAL 1 Informal Informal Certification Examples EAL 2 Informal Informal � Formal � EAL 3 Informal Informal methods application EAL 4 Informal Informal Conclusion � EAL 5 Semi-formal Semi-formal EAL 6 Semi-formal Semi-formal EAL 7 Semi-formal Formal

  10. Certification of Hardware and Software Summary of correlation between CC components � Security � I ssues Certification � CC � PP � ST � EALs � Product � Certification Examples � Formal � methods application Conclusion � Target Of Evaluation - TOE: an IT product or system and its � associated administrator and user guidance documentation that is the subject of an evaluation. Defines assets to protect. -> satisfies the ST

  11. Certification of Hardware and Software Certified products � Security � I ntegrated circuits : Microcontrollers I ssues ST Micro, Samsung Electronics, Infineon Technologies, AMTEL Certification smartcards, .. EAL4+ (most of them) � CC � Smart Cards : Operating Systems PP � ST Micro , Axalto, Infineon Technologies, Oberthur Card, ST � Philips, Gemplus, IBM, .. EAL1+ , .., EAL4+ . Some EAL 5 e.g. EALs � Sun JavaCard. Product � Network Products : Firewalls Certification Bull, EADS Telecom, EAL2+ Examples � Formal � methods application Conclusion �

  12. Certification of Hardware and Software Suse Linux Enterprise Server v.8 � Security � I ssues � evaluated and obtained an EAL3 rating � no code re-engineering, no interruption of development Certification � process, but more costs. CC � PP � � TOE: operating system, running and tested on the hardware ST � and firmware specified in the ST. EALs � � design of test only to verify correct operation of security Product � related user programs, DB-files and systems calls. Certification Examples � � testing for system availability in a stress environment Formal � methods � no formal methods application: EAL 4 would be next. application � system works in an normal environment. Conclusion �

  13. Certification of Hardware and Software Java Card Virtual Machine (JCVM) � Security � I ssues � developed by Sun Microsystems. Certification � � surrogate to Smartcard CC � -> used to secure data storage and authentification. PP � � based on a collection of Java applets. ST � EALs � � widely used in banking and telecom sector. Product � � may run on platform independent virtual machines. Certification Examples � interaction with systems through APIs – Application � Formal � Programming Interfaces. methods application Conclusion �

  14. Certification of Hardware and Software Java Card Virtual Machine (JCVM) � Security � I ssues Evaluated and obtained EAL 4 and EAL 5+ rating. � Certification � � TOE : CC � � processor chip and IC for software - drivers. PP � ST � Card Operating System � EALs � � JavaCard Runtime Environment � Card manager e.g. Global Platform Envir. (OPEN) Product � Certification Examples � � Semi-formal (formal) models: description for each Formal � methods representation level (SPM, FSP, HLD) application -> Assurance Development Class (ADV) Conclusion �

  15. Certification of Hardware and Software Java Card Virtual Machine (JCVM) � Security � � What should be semi-formally described? I ssues Certification � � SPM: security rules (TOE security policy model) � FSP : external interfaces (functional specification) CC � � HLD: subsystems and interactions (high-level design) PP � � RCR: correspondence relations (between FSP and HLD) ST � EALs � Product � Certification Examples � Formal � methods Code-Spec-Review > compare Low application Level Design (LLD) model to implementation Conclusion as demo of their correspondence. �

  16. Certification of Hardware and Software JCVM specification formalizing with B-Method � Security � I ssues � formalizing for CC evaluation. Certification � � applies semi-formal and formal models which specify, design and code high risk systems. CC � PP � � covers the whole system life-cycle i.e. from specification to ST � executable code. EALs � � Refinement process to obtain the implementation of the B Product � specification. Certification Examples � Formal � methods application Conclusion �

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Term paper Examination Submission deadline: November 20 at 1:00 PM Examination: Term paper (10

Term paper Examination Submission deadline: November 20 at 1:00 PM Examination: Term paper (10

MUS2006 October 27 Term paper Examination Submission deadline: November 20 at 1:00 PM Examination: Term paper (10 pages, each containing approx. 2.300 characters, spaces not included). Language of examination You may submit the term paper in

138 views • 10 slides
18.204 Term Paper Workshop 18.204 SPRING 2020 MALCAH EFFRON AND LASZLO MIKLOS LOVASZ Paper

18.204 Term Paper Workshop 18.204 SPRING 2020 MALCAH EFFRON AND LASZLO MIKLOS LOVASZ Paper

18.204 Term Paper Workshop 18.204 SPRING 2020 MALCAH EFFRON AND LASZLO MIKLOS LOVASZ Paper requirements For the term paper, you will write a paper based on your topic. The paper should be at least 10 pages, and should include an

378 views • 22 slides
Economics 512 Term paper Dr. R. Graves, Director, Writing Across the Curriculum Associate

Economics 512 Term paper Dr. R. Graves, Director, Writing Across the Curriculum Associate

Economics 512 Term paper Dr. R. Graves, Director, Writing Across the Curriculum Associate Director, Centre for Teaching and Learning Professor, English and Film Studies Paper requirements Other requirements for the term paper are as follows:

220 views • 17 slides
Seminar Presentation and Seminar Manuscript Spring Term 2011 D. Pahr, T. Daxner Institute of

Seminar Presentation and Seminar Manuscript Spring Term 2011 D. Pahr, T. Daxner Institute of

Seminar Presentation and Seminar Manuscript Spring Term 2011 D. Pahr, T. Daxner Institute of Lightweight Design and Structural Biomechanics Outline 1. Presentation Environment 2. Seminar Presentation 3. Seminar Manuscript 1. Presentation

269 views • 15 slides
LONG-TERM BARRIERS TO ECONOMIC DEVELOPMENT This paper was prepared for the Handbook of Economic

LONG-TERM BARRIERS TO ECONOMIC DEVELOPMENT This paper was prepared for the Handbook of Economic

LONG-TERM BARRIERS TO ECONOMIC DEVELOPMENT This paper was prepared for the Handbook of Economic Growth Working Paper 19361 August 2013 Romain Wacziarg Education Ph.D. Economics, 1998, Harvard University Interests Growth, Political Economy,

222 views • 18 slides
Custom Writing Service - Special Prices Presentation of a research paper Happiness research paper

Custom Writing Service - Special Prices Presentation of a research paper Happiness research paper

Custom Writing Service - Special Prices Presentation of a research paper Happiness research paper on gst creative writing critique thinking cheap term paper physical education homework book? teaching research paper political science 3rd edition .

742 views • 4 slides
Seminar: Recreational Computer Science 2. How to write a (Seminar) Paper Gabi R oger

Seminar: Recreational Computer Science 2. How to write a (Seminar) Paper Gabi R oger

Seminar: Recreational Computer Science 2. How to write a (Seminar) Paper Gabi R oger Universit at Basel October 2, 2017 Getting started Structure Citation Common problems Getting started Getting started Structure Citation Common

357 views • 24 slides
Midterm Review 02-223 Personalized Medicine: Understanding Your

Midterm Review 02-223 Personalized Medicine: Understanding Your

Midterm Review 02-223 Personalized Medicine: Understanding Your Own Genome Fall 2014 Term Paper Term paper ideas Survey of a parFcular disease

495 views • 31 slides
DISTRIBUTED AND WEB BASED GEO-INFORMATION SERVICES AND APPLICATIONS Term Paper By Mohammed

DISTRIBUTED AND WEB BASED GEO-INFORMATION SERVICES AND APPLICATIONS Term Paper By Mohammed

DISTRIBUTED AND WEB BASED GEO-INFORMATION SERVICES AND APPLICATIONS Term Paper By Mohammed Abdul Fasi Submitted to CRP 514 Dr. Baqer Al- Ramadan 1 CONTENTS 1. INTRODUCTION 2. DIFFERENT TYPE OF INTERNET GIS 3. RECENT HISTORY AND

422 views • 18 slides
Paper Reading and Presentation CMPS 7010 Research Seminar A Three-Phase Approach How to read

Paper Reading and Presentation CMPS 7010 Research Seminar A Three-Phase Approach How to read

Paper Reading and Presentation CMPS 7010 Research Seminar A Three-Phase Approach How to read a paper by Srinivasan Keshav, University of Waterloo Phase 1 (5-10 min) Carefully read the title, abstract, and intro Read the section and

496 views • 22 slides
PAPER PRESENTED TO THE INTERNATIONAL CO-OPERATIVE ALLIANCE- AFRICA SEMINAR FOR CO-OPERATIVE

PAPER PRESENTED TO THE INTERNATIONAL CO-OPERATIVE ALLIANCE- AFRICA SEMINAR FOR CO-OPERATIVE

PAPER PRESENTED TO THE INTERNATIONAL CO-OPERATIVE ALLIANCE- AFRICA SEMINAR FOR CO-OPERATIVE REGISTRARS/DIRECTORS/LEADERS AND MANAGERS IN HARARE ZIMBABWE FROM 8 TH TO 12 TH JUNE 2015. ROLES AND RESPONSIBILITIES OF GOVERNMENT OFFICIALS AND

712 views • 23 slides
PAPER VERSION OF LECTURE HELD AT LITTERATURHUSET, OSLO. AT THE SEMINAR 5G OG VR TRDLSE

PAPER VERSION OF LECTURE HELD AT LITTERATURHUSET, OSLO. AT THE SEMINAR 5G OG VR TRDLSE

OCTOBER 26, 2019 INSECTS ARE DISAPPEARING ALL OVER THE WORLD. THE CAUSE IS NOT KNOWN. OR IS IT? PAPER VERSION OF LECTURE HELD AT LITTERATURHUSET, OSLO. AT THE SEMINAR 5G OG VR TRDLSE VIRKELIGHET - HYT SPILL MED HELSE OG MILJ ARRANGED BY

458 views • 9 slides
Custom Writing Service - Special Prices Term paper service presentation Critical thinking in

Custom Writing Service - Special Prices Term paper service presentation Critical thinking in

Custom Writing Service - Special Prices Term paper service presentation Critical thinking in research daily life , telemetry nursing report sheet doing a research paper with critical thinking logic puzzles and arguments in philosophy world

359 views • 4 slides
Strategic Term Rewriting and Its Application to a VDM-SL to SQL Conversion Review Outline

Strategic Term Rewriting and Its Application to a VDM-SL to SQL Conversion Review Outline

Strategic Term Rewriting and Its Application to a VDM-SL to SQL Conversion Review Outline Goal of the paper Algebraic design by calculation VooDooM model Conclusions and future work Goal of the paper Convert datatypes in

357 views • 14 slides
Origami and mathematics: why you are not just folding paper Stefania Lisai MACS PhD Seminar 5th

Origami and mathematics: why you are not just folding paper Stefania Lisai MACS PhD Seminar 5th

Origami and mathematics: why you are not just folding paper Stefania Lisai MACS PhD Seminar 5th October 2018 Pretty pictures to get your attention ttsqr

568 views • 55 slides
From Paper To Presentation 01 June 2015 // An Academic Support Centre Seminar Today:

From Paper To Presentation 01 June 2015 // An Academic Support Centre Seminar Today:

From Paper To Presentation 01 June 2015 // An Academic Support Centre Seminar Today: Planning Structuring a presentation Key phrases Visual aids Articulating & Projecting Using effective body language Dealing with

309 views • 20 slides
Computer and Network Security Trusted Operating Systems R. E. Newman Computer & Information

Computer and Network Security Trusted Operating Systems R. E. Newman Computer & Information

Computer and Network Security Trusted Operating Systems R. E. Newman Computer & Information Sciences & Engineering University Of Florida Gainesville, Florida 32611-6120 nemo@cise.ufl.edu Trusted Operating Systems (Pfleeger Ch. 7)

653 views • 29 slides
Incident of the Week New logging functionality with insufficient access control Accessible

Incident of the Week New logging functionality with insufficient access control Accessible

Incident of the Week New logging functionality with insufficient access control Accessible to any application with internet access (i.e., almost all of them) Patching the issue is delayed because the patch needs to be tested with

765 views • 53 slides
Your First Guide to secure Linux August 12, 2010 Toshiharu Harada haradats@nttdata.co.jp

Your First Guide to secure Linux August 12, 2010 Toshiharu Harada haradats@nttdata.co.jp

Your First Guide to secure Linux August 12, 2010 Toshiharu Harada haradats@nttdata.co.jp NTT DATA CORPORATION Abstract There are two types of people in the world. Those who are security

872 views • 84 slides
IT Security Evaluation Why do we need security evaluation To provide a basis for specifying

IT Security Evaluation Why do we need security evaluation To provide a basis for specifying

IT Security Evaluation Why do we need security evaluation To provide a basis for specifying security expectations To verify that a computer product/system fulfills the requirements imposed on it To establish a metric for the degree

535 views • 19 slides
Lecture 02 (28.10.2013) Concepts of Safety and Security Christoph Lth Christian Liguda SQS,

Lecture 02 (28.10.2013) Concepts of Safety and Security Christoph Lth Christian Liguda SQS,

Systeme hoher Qualitt und Sicherheit Universitt Bremen, WS 2013/14 Lecture 02 (28.10.2013) Concepts of Safety and Security Christoph Lth Christian Liguda SQS, WS 13/14 SQS, WS 13/14 Where are we? Lecture 01: Concepts of Quality

1.15k views • 50 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 11, Nov. 29, 2010 Multi-Level Security Trusted Computing and Multilevel Security present some interrelated

1k views • 41 slides
Gesto de Riscos de Segurana Jos Eduardo Malta de S Brando Joni da Silva Fraga

Gesto de Riscos de Segurana Jos Eduardo Malta de S Brando Joni da Silva Fraga

Gesto de Riscos de Segurana Jos Eduardo Malta de S Brando Joni da Silva Fraga je.brandao@ipea.gov.br fraga@das.ufsc.br SBSeg 2008 - Gesto de Riscos de Segurana Sumrio Motivao Conceitos Principais Padres

522 views • 31 slides
Evil Module 1 Module 3 OS OS Module 2 Module 4 Safe? Safe? Yes! Yes! 5 6 1 5/23/10

Evil Module 1 Module 3 OS OS Module 2 Module 4 Safe? Safe? Yes! Yes! 5 6 1 5/23/10

5/23/10 A Travel Story Bryan Parno, Jonathan McCune, Adrian Perrig Carnegie Mellon University 1 2 Does program P compute F? Trust is CriAcal Is F what the programmer intended? Will I regret having done this? X Other Y Other F X Alice Y

429 views • 5 slides

More recommend