Re: expertise, resources, and motivation of attackers

[Gary Stoneburner <gary.stoneburner@nist.gov>]

When considering the threat environment, the "expertise, resources,
and motivation of attackers" can be expressed in general terms to
describe the nature of the attackers this PP/ST is written to
address.  While this approach is not precise, it is compliant with
the CC and CEM (as they do not require more than this) and it is provides
useful information to the user and does help focus the PP/ST
development.  Examples:

1.  The TOE is expected to resist the attack of a sophisticated
attacker with the resources of a nation-state or large organization and
attacking in accordance with strategic and tactical plans for specific
purposes.
2.  The TOE is expected to resist the attack of an independent
attacker with low-level of sophistication who is attacking simply for the
thrill of doing so without a specific agenda and whose resources include
only those attack tools that are publicly available.

Many other possibilities exist for the type of attacker, these are just
two examples.

Cheers,
Gary

At 09:33 AM 11/29/02, you wrote:

> It was nice to hear that the
> requirement for a SOF-claim could be removed in
> the future ST.
>
> But, in the current CC version, ST authors still need to consider to put
> a
> SOF-claim
>  and the rationale in the ST.
>
> CEM is very very rigorous in this point.
>
> CEM: ASE_REQ.1-17 says:
> The evaluator shall examine the security requirements rationale to
> determine
> that it
> demonstrates that the minimum strength of function level, together with
> any
> explicit
>  strength of function claim, is consistent with the security
> objectives for
> the TOE.
>
> And, (431) says:
> The evaluator determines that the rationale takes into account details
> about
> the likely
> expertise, resources, and motivation of attackers as described in
> the
> statement of
> TOE security environment.
>
> Then, let's see the "TOE security environment".
>
> CEM: ASE_ENV.1-2  (321) says:
> The evaluator also determines that threat agents are characterised
> by
> addressing
> expertise, resourses, and motivation and that attacks are characterised
> by
> attack
>  methods, any vulnerabilities exploited, and opportunity.
>
> =====
> My question:
>
> The SOF rationale requires to takes into account details about the
> likely
> expertise, resources,
>  and motivation of attackers.
>
> Then, should we seek them in the threat statement in the TOE
> security
> environment?
> Namely, should ST authors always need to put expertise, resources,
> and
> motivation of attackers
>  in the threat statement?
>
> This is not plausible.
>
> Then, how could we take into account details about the likely
> expertise,
> resources,
>  and motivation of attackers to describe rationale for
> SOF-claim?
>
> Is it acceptable to refer the TOE description that describes the
> intended
> usage of the product?
> Is it acceptable to refer the assumptions that describes about the
> intended
> usage of the TOE
> and the environment use of the TOE (Especially, personnel
> aspects)?
>
> Those descriptions may give us hint on the expertise, resources, 
> and
> motivation of attackers
> when they are not described in the threat statement.
>
> I expect the answer 'yes' that we are accepted to seek the likely
> expertise,
> resources,
>  and motivation of attackers in the assumptions and in the TOE
> description.
> It is not practical to seek them only in the threat statement.
>
> Regards
>   Yokota

**************************************************************************
* Opinions expressed are not intended to reflect an official position
**************************************************************************
* Gary Stoneburner
* Computer Security Division, National Institute of Standards & Technology
* 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20877-8930         
* Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
**************************************************************************