Common Criteria

Abstract

Trusted Computer System Evaluation Criteria (TCSEC ) is an USDoD standard that sets basic requirements to assess the effectiveness of computer security controls that are built into a computer system . It classifies evaluates , and selects computer systems for the processing , retrieval and storage of sensitive information . It is also called Orange Book . It states four classes of requirements that are related to policy accountability , assurance and documentation . It has four divisions that are A , B , C and D with hierarchical subdivisions that are classes : A1 B1 , B2 , B3 , C1 , and C2

. The Common Criteria for Information Technology Security Evaluation has three parts : the introduction (to describe the CC , security functional requirements (to list various security functions , and security assurance requirements (to list various methods to assure that product is secure . The CC creates two types of documents that are : Protection Pro (PP ) and a Security Target (ST . A protection pro (PP ) is created by group of users to identify the desired security properties for a product . A PP is a list containing user security requirements , described in a specific way . The first step while defining a PP is to identify the security environment and then to define a set for security objectives keeping in mind system and environment . Here we have created the C-2 Protection Pro for database system to encapsulate all the security requirements and to have evaluation criteria as per the Common Criteria (CC ) document for every security requirement in the C-2 class of the Orange Book

C-2...