User:Hoyalang/Sandbox/評估保證等級

評估保證等級（英語：Evaluation Assurance Level，簡稱：EAL）是一個依循ISO/IEC 15408共同準則（Common Criteria）的安全規範，主要是用來評估資訊產品的安全性、功能性及驗證時要遵循的共同標準，全部有7個等級，分別為EAL1到EAL7，越高代表越安全。驗證內容包涵了產品開發的全部過程由初期的產品設計、中期的生產到最後的交付到使用者手中並順利運作。驗證EAL的等級是依據申請者所需要的產品安全功能所需等級，可以證明申請者產製資訊產品可達到的功能等級。

等級[编辑]

EAL1[编辑]

• 功能檢測

只檢測一個產品最基礎的功能，不包含任何安全性的評估，不保證安全性。EAL1驗證等級，只表示這個產品能夠開機、執行，不涉及任何安全性議題。 EAL1 is applicable where some confidence in correct operation is required, but the threats to security are not viewed as serious. It will be of value where independent assurance is required to support the contention that due care has been exercised with respect to the protection of personal or similar information. EAL1 provides an evaluation of the TOE (Target of Evaluation) as made available to the customer, including independent testing against a specification, and an examination of the guidance documentation provided. It is intended that an EAL1 evaluation could be successfully conducted without assistance from the developer of the TOE, and for minimal cost. An evaluation at this level should provide evidence that the TOE functions in a manner consistent with its documentation, and that it provides useful protection against identified threats.

EAL2[编辑]

• 結構性測試及檢查

EAL 2安全程度比EAL1高，EAL2才開始會作安全上的檢測。會用寬鬆的標準作適當的原始碼檢查，但嚴謹程度低於EAL 3。 EAL2 requires the cooperation of the developer in terms of the delivery of design information and test results, but should not demand more effort on the part of the developer than is consistent with good commercial practice. As such it should not require a substantially increased investment of cost or time. EAL2 is therefore applicable in those circumstances where developers or users require a low to moderate level of independently assured security in the absence of ready availability of the complete development record. Such a situation may arise when securing legacy systems.

EAL3[编辑]

• 系統化測試及檢查

EAL 3更嚴格檢查程式碼，但不需要重新翻修程式，也不會打斷整個開發流程。EAL 3不像EAL 4必須評估漏洞修補的成本，所以EAL3還是採用比EAL 4寬鬆的安全檢測標準。 EAL3 permits a conscientious developer to gain maximum assurance from positive security engineering at the design stage without substantial alteration of existing sound development practices. EAL3 is applicable in those circumstances where developers or users require a moderate level of independently assured security, and require a thorough investigation of the TOE and its development without substantial re-engineering.

EAL4[编辑]

• 系統化設計、測試及審查

EAL 4是最常見的安全性驗證標準，例如Windows 2000、NetWare等都取得EAL4以上的認證。只有到EAL4時，大家才會接受這個驗證，能有效確保系統的安全性，而供應商也會將漏洞修補包含在安全性檢測基本項目中。 EAL4 permits a developer to gain maximum assurance from positive security engineering based on good commercial development practices which, though rigorous, do not require substantial specialist knowledge, skills, and other resources. EAL4 is the highest level at which it is likely to be economically feasible to retrofit to an existing product line. EAL4 is therefore applicable in those circumstances where developers or users require a moderate to high level of independently assured security in conventional commodity TOEs and are prepared to incur additional security-specific engineering costs.

Commercial operating systems that provide conventional, user-based security features are typically evaluated at EAL4. Examples of such operating systems are AIX,^[1] HP-UX,^[1] FreeBSD, Oracle Linux, Novell NetWare, Solaris,^[1] SUSE Linux Enterprise Server 9,^[1][2] SUSE Linux Enterprise Server 10,^[3] Red Hat Enterprise Linux 5,^[4][5] Windows 2000 Service Pack 3, Windows 2003,^[1][6] Windows XP,^[1][6] Windows Vista,^[7][8] Windows 7,^[1][9] Windows Server 2008 R2,^[1][9] z/OS version 2.1 and z/VM version 6.3.^[1]

Operating systems that provide multilevel security are evaluated at a minimum of EAL4. Examples include Trusted Solaris, Solaris 10 Release 11/06 Trusted Extensions,^[10] an early version of the XTS-400, and VMware ESXi version 3.0.2,^[11] 3.5, 4.0 and 5.0 (EAL 4+).

EAL5[编辑]

• 半正規化測試及檢查

EAL 5是一個比EAL 4要求更周延的的安全驗證等級，必須經過非常嚴格的驗證流程，花費的時間、成本都比EAL 4還高。但不見得需要取得EAL 5驗證。 EAL5 permits a developer to gain maximum assurance from security engineering based upon rigorous commercial development practices supported by moderate application of specialist security engineering techniques. Such a TOE will probably be designed and developed with the intent of achieving EAL5 assurance. It is likely that the additional costs attributable to the EAL5 requirements, relative to rigorous development without the application of specialized techniques, will not be large. EAL5 is therefore applicable in those circumstances where developers or users require a high level of independently assured security in a planned development and require a rigorous development approach without incurring unreasonable costs attributable to specialist security engineering techniques.

Numerous smart card devices have been evaluated at EAL5, as have multilevel secure devices such as the Tenix Interactive Link. XTS-400 (STOP 6) is a general-purpose operating system which has been evaluated at EAL5 augmented.

LPAR on IBM System z is EAL5 Certified.^[12]

EAL6[编辑]

• 半正規化查證、設計及測試

EAL 6驗證如同是針對客戶提出某些高風險、特殊的安全要求，不惜耗費時間、金錢，一定要達到客戶的安全性要求。要取得EAL6的驗證。安全是EAL 6的基本要求，這意味著，整個系統的開發都必須奠基在安全的要求上。 EAL6 permits developers to gain high assurance from application of security engineering techniques to a rigorous development environment in order to produce a premium TOE for protecting high value assets against significant risks. EAL6 is therefore applicable to the development of security TOEs for application in high risk situations where the value of the protected assets justifies the additional costs.

Green Hills Software's INTEGRITY-178B RTOS has been certified to EAL6 augmented.^[1]

EAL7[编辑]

• 正規化查證、設計及測試

EAL 7只有用於極度高度風險的系統，對系統的要求不只是能用而已，還必須具有極度高度的風險性要求。金錢和時間花費難以想像，只會用在具有特殊安全功能的特定系統中。 EAL7 is applicable to the development of security TOEs for application in extremely high risk situations and/or where the high value of the assets justifies the higher costs.

Practical application of EAL7 is currently limited to TOEs with tightly focused security functionality that is amenable to extensive formal analysis. The Tenix Interactive Link Data Diode Device and the Fox-IT Fox Data Diode (one-way data communications device) claimed to have been evaluated at EAL7 augmented (EAL7+).^[13][14]

受保證等級的影響[编辑]

Technically speaking, a higher EAL means nothing more, or less, than that the evaluation completed a more stringent set of quality assurance requirements. It is often assumed that a system that achieves a higher EAL will provide its security features more reliably (and the required third-party analysis and testing performed by security experts is reasonable evidence in this direction), but there is little or no published evidence to support that assumption.

收費制度的衝擊[编辑]

In 2006, the US Government Accountability Office published a report on Common Criteria evaluations that summarized a range of costs and schedules reported for evaluations performed at levels EAL2 through EAL4.

In the mid to late 1990s, vendors reported spending US$1 million and even US$2.5 million on evaluations comparable to EAL4. There have been no published reports of the cost of the various Microsoft Windows security evaluations.

EAL擴充來源[编辑]

In some cases, the evaluation may be augmented to include assurance requirements beyond the minimum required for a particular EAL. Officially this is indicated by following the EAL number with the word augmented and usually with a list of codes to indicate the additional requirements. As shorthand, vendors will often simply add a "plus" sign (as in EAL4+) to indicate the augmented requirements.

EAL標章[编辑]

The Common Criteria standards denote EALs as shown in this article: the prefix "EAL" concatenated with a digit 1 through 7 (Examples: EAL1, EAL3, EAL5). In practice, some countries place a space between the prefix and the digit (EAL 1, EAL 3, EAL 5). The use of a plus sign to indicate augmentation is an informal shorthand used by product vendors (EAL4+ or EAL 4+).

註釋[编辑]

1. ^ ^{1.00 1.01 1.02 1.03 1.04 1.05 1.06 1.07 1.08 1.09} Common Criteria certified product list
2. ^ Certification Report for SUSE Linux Enterprise Server 9
3. ^ SUSE Linux Enterprise Server 10 EAL4 Certificate
4. ^ Red Hat Enterprise Linux Version 5 EAL4 Certificate
5. ^ https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.2_Release_Notes/security.html
6. ^ ^{6.0 6.1} Windows Platform Products Awarded Common Criteria EAL 4 Certification
7. ^ Myers, Tim. Windows Vista and Windows Server 2008 are Common Criteria Certified at EAL4+. Microsoft. [May 15, 2013]. 
8. ^ National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme (PDF). [May 15, 2013]. 
9. ^ ^{9.0 9.1} Microsoft Windows 7, Windows Server 2008 R2 and SQL Server 2008 SP2 Now Certified as Common Criteria Validated Products
10. ^ Solaris 10 Release 11/06 Trusted Extensions EAL 4+ Certification Report
11. ^ VMware Infrastructure Earns Security Certification for Stringent Government Standards
12. ^ IBM System z Security; IBM System z partitioning achieves highest certification
13. ^ [1]
14. ^ http://www.datadiode.eu

外部連結[编辑]

• GAO. INFORMATION ASSURANCE: National Partnership Offers Benefits, but Faces Considerable Challenges (PDF). Report GAO-06-392. United States Government Accountability Office. March 2006 [2006-07-10]. 

• Smith, Richard. Trends in Government Endorsed Security Product Evaluations (PDF). Proc. 20th National Information Systems Security Conference. October 2000 [2006-07-10]. 
• CCEVS Validated Products List
• Common Criteria Assurance Level information from IACS
• Cisco Common Criteria Certifications
• IBM AIX operating system certifications
• Microsoft Windows and the Common Criteria Certification
• SUSE Linux awarded government security cert
• XTS-400 information
• Understanding the Windows EAL4 Evaluation

• Charu Chaubal. Security Design of the VMware Infrastructure 3 Architecture (PDF). 20070215 Item: WP-013-PRD-01-01. VMware, Inc. February 2007 [2008-11-19].