You have been hired by Prof. Comer to certify Xinu under the Common Criteria, specifically the new US Government Protection Profile for General-Purpose Operating Systems in a Networked Environment.
You don't have to have taken CS50300 to answer this question (even though it is technically a prerequisite for this course.) What you need to do is to describe how to go about evaluating Xinu with respect to the User Data Protection requirements (Section 5.3 of the Protection Profile.) You should describe tasks that would need to be performed, and tools/techniques you could use to assist in performing those tasks.
(If you are not familiar with Xinu, you can just assume a generic Unix-like operating system.)
While the Protection Profile
is designed only for evaluations up to EAL2+, you are asked to do this
planning
for an EAL6 evaluation.
(You can find a description of the evaluation levels in
Part 3
of the
Common Criteria Documents.
To make the problem more tractable, you can assume that Xinu
has already passed an EAL5 evalution; all you need to do is
describe what additional work should be done for
an EAL6 evalution, what techniques, methods, and tools you
would use, and briefly how you would use those.
Hint: See pages 41 and 43 of Part 3 - this should give you
a start on what you need to do.
Expect to turn in about two to three pages typeset. You should find things you have learned in several parts of the course useful in answering this question.
Assume a web-based system that has a state-less front-end web server (which just processes requests as it is with no state being tracked), an application engine (such as a Java servlet engine) that receives requests forwarded by the front-end, and a database that is used store/retrieve/manage data by the application engine. The application engine hosts application for a bank. The web-based system allows for a user to carry out online transactions, online viewing of accounts as well as other common tasks.
To answer this question, you will need to start by thinking about the security policy - it is not critical that your security requirements be complete (although you need to at least be reasonable), and then discuss how the logging would enable you to detect violations of those requirements.
For this question (and often in real life), it is more important to have a simple set of security requirements and a solid explanation of the auditing used to support those, than to have a comprehensive audit system that you can't justify.
Pretend you've just seen a new type of malware that places the
malicious code in an audio file, by using different frequencies
to correspond to different instructions. Existing vulnerabilities
are used to get access to the system and install a small interpreter
that reads the infected audio files and executes
them.
Assume that you are unable to detect/prevent the interpreter
(and that it doesn't do anything harmful by itself anyway) -
your job is to detect or prevent it from executing malicious
audio files.
This page last modified