alljobs.co.in

Smart Learning Hub

PPT on Independent Expert Validation (IEV)| 10 Slides

A power point presentation on the topic “Independent Expert Validation” with a total of 10 slides.

Independent Expert Validation 1
Independent Expert Validation 2
Independent Expert Validation 3
Independent Expert Validation 4
Independent Expert Validation 5
Independent Expert Validation 6
Independent Expert Validation 7
Independent Expert Validation 8
Independent Expert Validation 9
Independent Expert Validation 10
previous arrow
next arrow
Independent Expert Validation 1
Independent Expert Validation 2
Independent Expert Validation 3
Independent Expert Validation 4
Independent Expert Validation 5
Independent Expert Validation 6
Independent Expert Validation 7
Independent Expert Validation 8
Independent Expert Validation 9
Independent Expert Validation 10
previous arrow
next arrow

Independent Expert Validation

Contents show

INTRODUCTION

It is fifth phase in the principles of High Assurance Software Engineering.

High assurance of the software is the belief between user and certifiers that the security policies and functions are properly fulfilled.

Increased assurance decreases sensitivity, improving security, safety, and reliability.

Evaluated Assurance Levels (EAL)

It is a numerical grade assigned to the system after completion of Common Criteria security evaluation.

Common criteria is evaluated against Protection Profiles which specifies functional and assurance requirements.

Protection Profiles is for firewalls, antivirus applications, OS, mobile devices.

Evaluated Assurance Levels (EAL)

  • EAL 1 – Functional Tested
  • EAL 2 – Structurally Tested
  • EAL 3 – Methodically Tested and Checked
  • EAL 4 – Methodically Designed , Tested and Reviewed
  • EAL 5 – Semiformally Designed and Tested
  • EAL 6 – Semiformally Verified Design and Tested
  • EAL 7 – Formally Verified Design and Tested

Examples

Products such as Windows, Linux, VMware, Oracle database servers, and Cisco routers, certified at EAL4 or lower levels.

U.S. Government Protection Profile for General Purpose OS in a Networked Environment, which describes requirements for user authentication, access control, cryptographic services, and audit services.

Operating System Protection Profiles

Separation Kernel(SKPP)

  • Used to simulate a distributed environment.
  • Threat Environment: high-valued information.
  • Security level : EAL6+ / High Robustness

Controlled Access(CAPP)

  • Threat Environment: non-hostile and well-managed user community.
  • Security level : EAL4+

Compartmentalized Operations(CCOPP)

  • Threat Environment: protect against sophisticated attacks
  • Security level : EAL4

Labeled Security (LSPP)

  • Threat Environment: non-hostile and well-managed user community.
  • Security level : EAL4+

Single Level (SLOS)

  • Threat Environment: use in unclassified environments
  • Security level : EAL4+

Multi Level (MLOS)

  • Threat Environment: Not appropriate for organization’s most sensitive information
  • Security level : EAL4+

Common Criteria

Configuration Management- Ability to automatically identify all aspects of the product. Example: Scripts.

Functional Specification – Description of the interfaces and behaviors of the product. Example: Green Hills Software INTEGRITY-178B OS.

Assurance Leveling – Assurance requirements not increases with increase in assurance level. Example: ADV_HLD (High Level Design) component

Download PPT Slides

More Related Content

alljobs.co.in, your Smart Learning Hub for education, careers, and technology. Our dedicated team offers high-quality, informative, and engaging content, catering to students, job seekers, and knowledge enthusiasts. Explore our site and embark on your journey to success with alljobs.co.in

 

Thank you for choosing us as your learning partner.

 

 

Copyright 2021 – 2023 by alljobs.co.in  , All Rights Reserved.