Project deliverable Open Access
Bergé, Romain; Furgel, Igor; Ben, Thomas; Proch, Cyril; Saftig, Viola; Wagner, Thomas
This document is an Addendum to the current version of the [CEM] document.
The [CEM] document is used by any ITSEF in order to perform evaluation of TOE submitted.
However, the [CEM] is a generic document that is technologic agnostic.
Hence, the aim to this document is to provide additional information to the [CEM] as a form of suggestion.
This information could be used to perform the evaluation of a MILS system or MILS component.
First, this document studies the current status of various technological domains with regards to the Common Criteria standard.
In the second part, this document develops, like for many other technological domains, the “Attack Potential”. It is a refinement for the MILS technology of the five essential criterion of an attack: elapsed time, expertise of the attacker needed, knowledge of the TOE needed, windows of opportunity needed and equipment required for the attack. Like for the Smartcard domain or the the Point of Interaction domain, this document suggest values and definition to be used for an evaluation of a MILS system. This section is written in a form that is compatible to the JIL consortium.
Later, this document suggests an “Attack method” for the MILS domain. The aim is to suggest attack path that could be used to perform the evaluation of a MILS system. In addition, this section suggests the JIL quotation for each attack. The JIL quotation is a standardized way of evaluating the resources needed and the complexity of an attack.
In the fourth section, this document suggests a refinement of the CEM document in the context of MILS system. Indeed, CEM is not complete and some work units to be performed are not defined. This section suggests an interpretation of the missing work units of the CEM in the context of MILS domain.
Finally, this document deals with the concept of Composition. This concept is well defined in the case of Hardware based technology. However, this concept has never been pushed to the Software layer. This section suggests a methodology that allows performing an evaluation of a software platform (like an Operating System) and then taking benefit of this certification to compose with applications.