Technical Analysis of Available Assurance Techniques
- 1. Thales Communications & Security SAS
Contributors
- 1. Thales Communications & Security SAS
Description
This document presents a technical analysis of available assurance techniques proposed by the Common Criteria v3.1 (CC3.1) from Evaluation Assurance Level (EAL) 5 to EAL 7 to examine their applicability to a feasible transnational CC certification.
The conditions to international recognition of issued CC certificates are studied and several differentials are done showing what the prerequisites in terms of Security Assurance Requirements (SARs) are at EAL 5, 6 and 7 based on information available in CC3.1 and the Common Methodology for Information Technology Security Evaluation (CEM v3.1). EAL 5 evaluation is doable based on the CEM, EAL 6 evaluation requires the use of additional guidance and the gap to perform an EAL 7 evaluation is identified.
Finally a review of known evaluations at EAL 6 and 7 is done for resource management, for existing separation kernels/hypervisors compiled from published protection profiles, security targets or relevant publications.
Files
EURO-MILS-D12.1-Technical-Analysis-of-Available-Assurance-Techniques-PU-M09.pdf
Files
(751.3 kB)
Name | Size | Download all |
---|---|---|
md5:102a231ffc3dd18c20c32ae66d88e2d3
|
751.3 kB | Preview Download |
Additional details
Funding
References
- Application Notes and Interpretation of the Scheme (AIS), AIS34, v3, September 2009
- Common Criteria for Information Technology Security Evaluation. Version 3.1, revision 4, vol. 1--3, September, 2012, http://www.commoncriteriaportal.org/cc/.
- COTS Compartmentalized Operations Protection Profile Operating Systems, v2.0, 2008
- Common Methodology for Information Technology Security Evaluation, Evaluation methodology, September 2012, Version 3.1, revision 4
- Fox Crypto, Fort Fox Hardware Data Diode: Security Target Common Criteria FFHDD - EAL7+, 2010, http://www.commoncriteriaportal.org/files/epfiles/Fox%2520DataDiode%2520Security%2520Target%2520EAL7%2520(v2.04).pdf.
- Green Hills Software INTEGRITY-178B Separation Kernel Security Target, v1.0, Ref. IN-ICR750-0100-GH01ST, 2008
- General-Purpose Operating System Protection Profile, v3.9, September 2012 draft
- Security Target for PikeOS, v0.24, June 2013
- Operating System Protection Profile, 2010, v2.0, BSI-CC-PP-0067
- U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness. No. Version 1.03, National Security Agency, June 2007.
- Mutual Recognition Agreement of Information Technology Security Evaluation Certificates, v3.0, January 2010 [Note 12] Note d'application, réf. 12.1, Modélisation formelle des politiques de sécurité d'une cible d'évaluation, March 2008
- Tenix Datagate Inc, Interactive link data diode device: Common Criteria security target, no. 9126P01000001, August, 2005, http://www.commoncriteriaportal.org/files/epfiles/st_vid9512-st.pdf.
- Wind River VxWork MILS Platform, PO_VE_MILS_Platform.pdf, Rev 08/2010, www.windriver.com