Application of ALC requirements to Open Source projects

Similar documents
An introduction to EJBCA and SignServer

Technical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium , Miami Beach FL / USA

BSI-DSZ-CC-S for. Dream Chip Technologies GmbH Germany. Dream Chip Technologies GmbH

Build a CC assurance package dedicated to your risk assessment. Francois GUERIN Security Program Manager francois.guerin@gemalto.

Certificate Issuing and Management Components Protection Profile. Version 1.5

Certification Report StoneGate FW/VPN 5.2.5

BSI-DSZ-CC-S for. GLOBALFOUNDRIES Singapore Pte. Ltd. GLOBALFOUNDRIES Singapore Pte. Ltd.

Certification Report

Details for the structure and content of the ETR for Site Certification. Version 1.0

Courtesy Translation

Joint Interpretation Library. Guidance for smartcard evaluation

Certification Report

Certification Report

MINISTERIO DE DEFENSA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN

Certification Report

Danske Bank Group Certificate Policy

CERTIFICATE. certifies that the. Info&AA v1.0 Attribute Service Provider Software. developed by InfoScope Ltd.

Certification Report

C033 Certification Report

The Costs of Managed PKI:

Security Target for EJBCA v5.0.4

Security Target. Astaro Security Gateway V8 Packet Filter Version Assurance Level EAL4+ Common Criteria v3.1

Chapter 5. Choose the answer that mostly suits each of the sentences given:

Automation Suite for. 201 CMR Compliance

Oracle WebCenter Content

PKI Made Easy: Managing Certificates with Dogtag. Ade Lee Sr. Software Engineer Red Hat, Inc

ISAAC Risk Assessment Training

BSI-DSZ-CC for. IBM Tivoli Access Manager for e-business version FP4 with IBM Tivoli Federated Identity Manager version 6.2.

CA CA, Inc. Identity Manager 12.5 Identity Manager r12.1 Security Target

Managed Support Policy

ISO COMPLIANCE WITH OBSERVEIT

REGISTRATION AUTHORITY (RA) POLICY. Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A.

Protection profile of an industrial switch

Lessons learnt in writing PP/ST. Wolfgang Killmann T-Systems

Protection profile of an industrial firewall

Certification Report

Korean National Protection Profile for Voice over IP Firewall V1.0 Certification Report

Class 3 Registration Authority Charter

Securing the Service Desk in the Cloud

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

Certification Report

05.0 Application Development

OFBiz Addons goals, howto use, howto manage. Nicolas Malin, Nov. 2012

C015 Certification Report

SSL BEST PRACTICES OVERVIEW

Certification Report

Certification Report - Firewall Protection Profile and Firewall Protection Profile Extended Package: NAT

BSI-DSZ-CC for

Certification Report

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Global Client Access Managed Communications Solutions. JPMorgan - Global Client Access. Managed Internet Solutions (EC Gateway)

NetSure Certificate means any of the types of Certificates that are subject to this Plan, as listed in Appendix A, List of Covered Services.

Software Delivery Integration and Source Code Management. for Suppliers

Intel Enhanced Data Security Assessment Form

CERTIFICATION PRACTICE STATEMENT UPDATE

Release Management PinkVerify v2.1. Mandatory Criteria

NetIQ Access Manager 3.2 integration

Guidelines for Developer Documentation

Certification Report

How To Understand The Toe

Certification Report

NIST ITL July 2012 CA Compromise

Cloud Services Catalog with Epsilon

DAVE Usage with SVN. Presentation and Tutorial v 2.0. May, 2014

SRA International Managed Information Systems Internal Audit Report

Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services

SAP Secure Operations Map. SAP Active Global Support Security Services May 2015

TELSTRA RSS CA Subscriber Agreement (SA)

Intland s Medical Template

The IDA Catalogue. of GENERIC SERVICES. Interchange of Data between Administrations

Certification Report

Security Policy Revision Date: 23 April 2009

Independent Accountants Report

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

Software Development. Overview.

Common Criteria for Information Technology Security Evaluation. Part 3: Security assurance components. September Version 3.

Common Criteria Evaluations for the Biometrics Industry

How To Evaluate Watchguard And Fireware V11.5.1

TeliaSonera Server Certificate Policy and Certification Practice Statement

PKI Disclosure Statement

Transcription:

Application of ALC requirements to Open Source projects Christophe BLAD 1 ICCC 2012 Paris

CESeCore Open Source library for digital signature and PKI services https://www.cesecore.eu Signature Key generation Certificate generation & revocation OCSP Initial development by CESeCore consortium: PrimeKey (Sweden) MultiCert (Portugal) E-Imza (Turkey) Commfides (Norway) Result of the CESeCore project sponsored by EUREKA s Eurostars Programme Partially funded by National public authorities of each participant 2 ICCC 2012 Paris

EJBCA Open Source PKI http://www.primekey.se/products/ejbca+pki/ Project hosted by Primekey (Sweden) EJBCA branch 5.x based on CESeCore library 3 ICCC 2012 Paris

EAL+ certification EAL4 augmented with ALC_FLR.2, CC 3.1 r3 Evaluation by Oppida ITSEF (France), Certification by ANSSI (France) All evaluation documents in Wiki format (except the security target) Compliance with CIMC PP level 3 4 ICCC 2012 Paris

ALC_LCD.1: Life-cycle definition The TOEs are mainly developed by core groups (CESECORE consortium, PrimeKey) but is open to external contributors All contributors can develop their own modules with the tools & techniques they want But contributions are only source code files (not built modules) Main steps: Discovery of new features or improvements Requirements analysis by the core group Analysis and design Development Quality assurance (code review & testing) 5 ICCC 2012 Paris

ALC_CMC.4, ALC_CMS.4: Configuration management Use of a classical Subversion repository managed by PrimeKey CC requirements: Recording of modification (by default in subversion) Contributions accounting Requires a reliable identification and authentication of contributors Modification of the contributors registration procedure Review of applications before granting write access to the repository Requires review of all contributions integration in an official release (systematic code review) 6 ICCC 2012 Paris

ALC_TAT.1: Development tools and techniques Java source code Edition with any editor State-of-the-art continuous integration tools: Subversion MediaWiki for documentation version control Atlassian JIRA for evolution and bug tracking Hudson for continuous integration Clover for testing code coverage assessment 7 ICCC 2012 Paris

ALC_DVS.1: Development security Confidentiality is not required (open source) Integrity is the main objective: unauthorized modification of the source code must not occur and (if any) must be detected All contributions must be authenticated Access to the source code repository must be strictly controlled 8 ICCC 2012 Paris

Repository security (server-side) EJBCA was previously hosted by SourceForge Incapability to verify the access control system and the physical security of repository servers (~Cloud computing issues) The only acceptable solution: Hosting in a auditable Datacenter Physical security under SLA Network and System administration by the project host Central management of contributors accounts Registration of known contributors Revocation of access if needed 9 ICCC 2012 Paris

Contributors security (client-side) All contributors use their own computer Major risk: malware installed in their computer Alteration of the source code in the contributor s computer Illicit alteration before commit All contributions must be reviewed by a trusted persons (release managers) Development of a contributor charter incl. security policy Must be signed before access granting Workstation security Probation period Password usage Incident reporting Revocation or legal actions in case of misuse 10 ICCC 2012 Paris

ALC_DEL.1: Delivery The TOE is Source code Delivery procedure consists in the provision of the source code to users Only svn over https distribution mode is certified ssl permits the authentication of the repository Generation of pre-built packages is not evaluated 11 ICCC 2012 Paris

ALC_FLR.2: Flow remediation Classical process Discovery Notification by email or direct contact Investigation Resolution (complete retesting due to continuous integration) Release All notifications are recorded in JIRA 12 ICCC 2012 Paris

Conclusions ALC applicable but with constraints on the development conditions Requires a strong involvement of the project leader: Strict management of the repository access Strong source code review policy Requires the involvement of the configuration management database host Security audit must be possible 13 ICCC 2012 Paris

14 ICCC 2012 Paris

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information