Trustworthy MILS: CC Composite Evaluation Approach
Creators
- 1. Fraunhofer IESE on behalf of Airbus Group Innovations
- 2. Airbus Group Innovations
- 3. OpenSynergy
- 4. AIRBUS Operations SAS
- 5. AIRBUS Group SAS
Contributors
- 1. Airbus Group Innovations
- 2. Fraunhofer IESE
- 3. OpenSynergy
Description
As high assurance software systems are becoming more complex and sophisticated, assuring their security and safety is increasingly difficult and costly. Mono-lithic evaluation approaches do not scale well because evaluation effort grows exponentially with the complexity of the evaluation target. To keep pace with growing assurance demands, a compositional evaluation approach is a promising strategy.
In a compositional evaluation, the individual components of a system are evaluated independently, and these partial evaluation results are composed to derive the overall evaluation verdict with minimum additional effort. The Common Criteria for IT Security Evaluation (ISO/IEC 15408) and the sup-porting documentation offer two different compositional evaluation schemes: the “Composite Product Evaluation for Smart Cards and Similar Devices” (CPE) and the “Composed Assurance Package” (CAP).
In this report, we assess the suitability of CPE in the avionics domain, and we compare this evaluation scheme with its CAP alternative. We use the problem of evaluating an avionic security gateway as a case study to illustrate the implications, advantages, and drawbacks of the CPE approach.
Files
EURO-MILS-D21.3-PU-M30-1.0.pdf
Files
(554.1 kB)
| Name | Size | Download all |
|---|---|---|
|
md5:d1a8c6886aa8ad8834211805b527b708
|
554.1 kB | Preview Download |
Additional details
Funding
References
- Jim Alves-Foss, W. Scott Harrison, Paul Oman, and Carol Taylor (2006): The MILS Architecture for High-Assurance Embedded Systems. International Journal of Embedded Systems, Vol. 2, No. 3/4, pp. 239–247 http://www.researchgate.net/publication/220309643_The_MILS_architecture_for_high-assurance_embedded_systems/file/d912f50fee695f0273.pdf
- Airlines Electronic Engineering Committee (2005): Commercial Aircraft Information Security Concepts of Operation and Process Framework. ARINC Report 811
- Common Criteria Maintenance Board (2012): Common Criteria for Information Technology Security Evaluation, CCv3.1 Revision 4 (CCMB-2012-09-001, -002, -003) http://www.commoncriteriaportal.org/cc/
- Common Criteria Development Board (2012): Composite Product Evaluation for Smart Cards and Similar Devices. Common Criteria Supporting Document — Mandatory Technical Document, Version 1.2 (CCDB-2012-04-001) http://www.commoncriteriaportal.org/files/supdocs/CCDB-2012-04-001.pdf
- Common Criteria Development Board (2012): Security Architecture Requirements (ADV_ARC) for Smart Cards and Similar Devices. Supporting Document — Guidance, Version 2.0 (CCMB-2012-04-03) http://www.commoncriteriaportal.org/files/supdocs/CCDB-2012-04-003.pdf
- Common Criteria Development Board (2012): Security Architecture Requirements (ADV_ARC) for Smart Cards and Similar Devices — Appendix 1.Supporting Document — Guidance, Version 2.0 (CCMB-2012-04-04) http://www.commoncriteriaportal.org/files/supdocs/CCDB-2012-04-004.pdf
- Common Criteria Maintenance Board (2012): Common Methodology for Information Technology Security Evaluation, CEMv3.1 Revision 4 (CCMB-2012-09-004) http://www.commoncriteriaportal.org/files/ccfiles/CEMV3.1R4.pdf
- RTCA/EUROCAE (2012): Software Considerations in Airborne Systems and Equipment Certification. DO-178C / ED-12C http://www.rtca.org/store_list.asp
- RTCA/EUROCAE (2000): Design Assurance Guidance for Airborne Electronic Hardware. DO-254 / ED-80 http://www.rtca.org/store_list.asp
- Defence R&D Canada (2004): Review of the Composability Problem for System Evaluation. DRDC Ottawa CR 2004-19 http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.84.1268
- EURO-MILS consortium: Deliverable D11.1: Project Requirements: Classification, Cross-domain analysis and High-Level Architecture
- EURO-MILS consortium: Deliverable D12.3: Multiple Independent Levels of Security: Operating System (MILS PP: Operating System)
- EURO-MILS consortium: Deliverable D21.1: MILS Architecture
- RTCA/EUROCAE(2011): Airworthiness security methods and considerations. DO-YY3/ED-203, Working Draft
- Information Assurance Directorate (2007): U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness, Version 1.03 http://www.niap-ccevs.org/pp/pp_skpp_hr_v1.03.pdf
- ISO/IEC 15408:2009: Information technology — Security techniques — Evaluation criteria for IT security (= CCv3.1)
- ISO/IEC 18045:2008: Information technology — Security techniques — Methodology for IT security evaluation (= CEMv3.1)
- Christopher Preschern (2012): Catalog of Security Tactics linked to Common Criteria Requirements. In: Proc. 19th Conference on Pattern Languages of Programs (PLoP'12), October 19–21, Tucson, Arizona http://www.hillside.net/plop/2012/index.php?nav=program#acceptedpapers
- W. Vanfleet, R. Beckwith, B. Calloni, J. Luke, C. Taylor, and G. Uchenick (2005): MILS: Architecture for High-Assurance Embedded Computing. CrossTalk: Journal of Defence Software Engineering, Vol. 18, No. 8, pp. 12–16 http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.170.4270&rep=rep1&type=pdf