1. Background

Our goal in writing this guide is to provide you with the information you need, whether you intend to use the he CC Profiling Knowledge Base (hereafter referred to simply as the knowledge base) as is, add more security information to it, or evolve its underlying functionality as well. Consequently, we have attempted to communicate not only the knowledge base content and structure, but the pragmatic decision making that went into developing the knowledge base as well.  Early sections are of a tutorial nature, while later sections are intended as a reference for use in evolving the knowledge base.
 

 1.1 Knowledge Base Overview

The knowledge base was built for the CC ToolBox, a software product that supports the creation of CC Protection Profiles (PPs) and Security Targets (STs).  The knowledge base is thus designed to hold the kinds of information needed for writing PPs and STs, and for tracking logical relationships among these various kinds of information.  Its design was influenced both by CC ToolBox requirements and by Common Criteria (CC) requirements for PPs.

The CC ToolBox uses the knowledge base to interview PP/ST authors with regard to threats, policies, assumptions, objectives, and safeguards expressed as applications of CC components.  In the future, additional information of this sort may be added to the knowledge base to better support the CC Toolbox.  In addition, the design of the knowledge base may evolve to handle new uses, for example, studying the relationship between threats and vulnerabilities. 

Our goals in developing the knowledge base were not only to provide the security information that will be useful in writing PPs, STs, and similar security specifications, but to structure the appropriate relationships between the various data types in a cohesive and understandable manner. 

1.2 Relationship to the Common Criteria

The knowledge base builds on the Common Criteria Version 2.1 (ISO 15408). The main portion of the knowledge base is structured roughly along the lines of PP Sections.  Figure 1-1 shows the typical PP structure, along with relevant knowledge base tables in dark red Italics. As can be seen from the figure, the knowledge base provides direct support for environment statements, security objectives, IT security requirements, and PP rationale.

The knowledge base tables include embedded guidance to help you determine the relevance of security information in particular environments.  They also contain fragmentary security analyses that can be used for some of the rationale in a PP or ST.  In addition, the knowledge base contains mapping tables that show the logical relationships among the various abstraction levels (e.g., environment statements to security objectives, security objectives to IT security requirements). 
 

Figure 1-1.  Protection Profile Content

Some parts of the knowledge base were built primarily to support the CC ToolBox and are not directly tied to the CC. The Prompts and Attributes tables are the primary examples of such parts (see Sections 4.3 and 4.4). 

Further details on how the knowledge base makes use of the CC may be found below in Section 4.5.
 

1.3 Initial Use of the Knowledge Base

Upon opening the knowledge base, your initial view will be that of the Main Menu pictured in Figure 1-2.  However, the full MS Access 97 user interface is immediately available (just click on the MS Access Window menu and select the database file name, e.g., CC PKB : Database). 

Environment statements (as defined in [CC, Part 1, Annex B.2.4] and discussed in detail below in Section 4.1) provide a logical starting point for developing Protection Profiles.  The Prompts button on the Main Menu provides access to an interview-based overview of all environment statements.  These environment statements may be viewed in more detail by pressing the Threat Categories, Policy Categories, Assumption Categories, General Threat, and General Policy Statement, and General Assumptions buttons.  The treatment of Assumptions in this knowledge base is less well developed than that of Threats and Policies.

Figure 1-2.  Main Knowledge Base Menu

In a PP, environment statements are addressed via Security Objectives, which are then implemented via Component Requirements.  The best reference for components is the CC itself. Consequently, the CC allows for the introduction of new components within PPs and STs, and the knowledge base allows new components to be introduced and organized in the same way as in the CC.  Click on any of the buttons in the CC Extensions box to see how this works.

Links from categories to environment statements, down to Security Objectives, and finally to CC Components are provided by Mapping tables.  You can access these by pressing the appropriate Links buttons.  For example, to see the mappings from General Threats to Security Objectives, press the Links button physically to the left of and almost between the buttons for these two tables.  These mapping links allow you to investigate possible refinements of, and responses to, the environment statements you select for inclusion in a PP.

The Abbreviations button provides an online version of Appendix B of this Guide.  The About button provides some reference information found in the final References section of this User Guide.  Domain Knowledge Observation Reports (DKORs) are described in Section 4.6.1 and Appendix A.4.3.  The Close button just closes the Main Menu.

Finally, once you have developed your own extensions of the knowledge base, the HTML button provides a means for efficiently producing your own knowledge base reports in HTML, and the CC_T button provides a way to port your knowledge base to the CC Toolbox for use in building PPs and STs. These last two topics are discussed in Section 3.2 and Section 5.2, respectively.

1.4 Cautions, Caveats, and Scope of the Effort

This section explains some of the issues that are of concern for anyone who uses the knowledge base. 

• The knowledge base provides catalogues of environment statements and security objective analogues to the CC Catalogues of Functions and Assurances.  However, in marked contrast to the CC, no effort has been made at achieving sufficient coverage, let alone standardization of these catalogues.
   
  
• In fact, this knowledge base is not complete by any means.  The data is a compilation of information that the initial team of developers thought to be representative threats, policies, and assumptions.  The development window was also time limited.  Therefore, as future threats arise and the knowledge base gains wider use, additional threats, policies, and assumptions may be needed.  This knowledge base is, and probably always will be, a work in progress.
   
• Unlike the CC ToolBox, this knowledge base does not directly support the development of Protection Profiles.
   
• This User Guide does not attempt to explain the CC ToolBox; rather it explains the knowledge base and depicts the detailed relationships between the knowledge base and the CC ToolBox.  Please refer to the CC ToolBox documentation for specifics about the CC ToolBox itself.
   
• To make active use of the knowledge base, you need to have Microsoft Access 97™, preferably Service Release 2 or later.  However, a HyperText Markup Language (HTML) version of the knowledge base is also available for informational purposes.
   
• Modifying the knowledge base through the table interface may have adverse effects on knowledge base integrity.  The knowledge base forms contain integrity mechanisms that are not invoked when accessing the tables directly.  In particular, some forms are initially locked, so that pop-up menus can be examined without accidentally modifying associated table fields.
   
• You are cautioned to consider the above caveats carefully and to back up the existing CC Profiling Knowledge Base before undertaking any changes. Changing the table structures may not only compromise knowledge base integrity but may also prevent successful loading of the knowledge base into the CC ToolBox.  Carefully read Appendix A before making structural changes.
   
• The knowledge base contains a mechanism for generating feedback (in the form of Domain Knowledge Observation Reports (DKORs)), although we currently have no plan for coordinating such feedback.  The feedback mechanism is nevertheless offered as a method for coordinating development among local groups.
     
• Without prior agreement, the NSA, the MITRE Corporation, Mitretek Systems, and/or Sparta, Inc. probably will not provide programming support for additional development, maintenance and/or debugging of the CC Profiling Knowledge Base nor provide any consultation regarding its modification.
  

1.5 Document Overview/Organization

This document is organized into five sections and four supporting appendices.  The structure is designed to support use, both as a text on the knowledge base and as a reference manual for looking things up. 

Section 2 presents requirements for running the knowledge base and suggestions on protecting the knowledge base during use.

Sections 3 and 4 explain knowledge base navigation and attempt to give the reader a good understanding of the knowledge base semantics. 

Section 5 describes the CC ToolBox use of the knowledge base in detail and shows how to transport new knowledge bases to the CC Toolbox.  It includes explanation of a table-dumping interface that could potentially be used to interface with other applications.

Appendix A provides a deeper understanding of the knowledge base semantics by presenting the techniques used to maintain knowledge base integrity.  It also provides documentation on the supporting software modules.

Appendix B is a list of acronyms and abbreviations used in the knowledge base.

Appendix C is a Glossary of security terms used in the knowledge base, along with additional database terms used in this Guide.

Appendix D is a list of references.
 

1.6 Typographical Conventions

In discussing forms and menus, this Guide generally uses the same font as the knowledge base.  In particular, a San Serif font is used in the following cases: 

• Table and query names
• Table or query field names and values
• Button titles on knowledge base forms
• Window and menu titles (MS Windows, MS Access, CC Toolbox)
     - underlining of keyboard shortcut letters is preserved
• Code and textual output from VBA routines
• San Serif titles that appear in User Guide figures

In both the database and the User Guide, titles are dark red.  For those who are viewing the User Guide online, unvisited hyperlinks are in blue.

1.7 Contacting the Authors

We welcome your feedback, although we do not currently have plans to maintain the knowledge base.  You may contact us by sending e-mail to cc-pkb@nist.gov.