Project deliverable Open Access

Addendum to CEM

Bergé, Romain; Furgel, Igor; Ben, Thomas; Proch, Cyril; Saftig, Viola; Wagner, Thomas

Ben, Thomas; Proch, Cyril; Saftig, Viola; Wagner, Tobias

This document is an Addendum to the current version of the [CEM] document.
The [CEM] document is used by any ITSEF in order to perform evaluation of TOE submitted.
However, the [CEM] is a generic document that is technologic agnostic.

Hence, the aim to this document is to provide additional information to the [CEM] as a form of suggestion.
This information could be used to perform the evaluation of a MILS system or MILS component.

First, this document studies the current status of various technological domains with regards to the Common Criteria standard.

In the second part, this document develops, like for many other technological domains, the “Attack Potential”. It is a refinement for the MILS technology of the five essential criterion of an attack: elapsed time, expertise of the attacker needed, knowledge of the TOE needed, windows of opportunity needed and equipment required for the attack. Like for the Smartcard domain or the the Point of Interaction domain, this document suggest values and definition to be used for an evaluation of a MILS system. This section is written in a form that is compatible to the JIL consortium.

Later, this document suggests an “Attack method” for the MILS domain. The aim is to suggest attack path that could be used to perform the evaluation of a MILS system. In addition, this section suggests the JIL quotation for each attack. The JIL quotation is a standardized way of evaluating the resources needed and the complexity of an attack.

In the fourth section, this document suggests a refinement of the CEM document in the context of MILS system. Indeed, CEM is not complete and some work units to be performed are not defined. This section suggests an interpretation of the missing work units of the CEM in the context of MILS domain.

Finally, this document deals with the concept of Composition. This concept is well defined in the case of Hardware based technology. However, this concept has never been pushed to the Software layer. This section suggests a methodology that allows performing an evaluation of a software platform (like an Operating System) and then taking benefit of this certification to compose with applications.

Files (1.9 MB)
Name Size
EURO-MILS_D33.1_Addendum-to-CEM_PU_M36-V1.0.pdf md5:9a21f05ca19d99aca6c5338afecce941 1.9 MB Download
  • ANSSI : Note d'application, réf. 12.1, Modélisation formelle des politiques de sécurité d'une cible d'évaluation, March 2008
  • Application Notes and Interpretation of the Scheme (AIS), AIS34, v3, September 2009
  • Application of Attack Potential to Hardware Devices with Security Boxes, Version 1.0, May 2012
  • Application of Attack Potential to POIs, Version 1.0, June 2011
  • CEM Refinements for POI Evaluation, Version 1.0, May 2011
  • Common Criteria for Information Technology Security Evaluation. Version 3.1, revision 4, vol. 1--3, September, 2012
  • Common Methodology for Information Technology Security Evaluation, Evaluation methodology, September 2012, Version 3.1, revision 4
  • Composite product evaluation for Smart Cards and similar devices, v1.4
  • COTS Compartmentalized Operations Protection Profile Operating Systems, v2.0, 2008
  • Mutual Recognition Agreement of Information Technology Security Evaluation Certificates, v3.0, January 2010
  • Security Evaluation and Certification of Digital Tachygraphy
  • Tenix Datagate Inc, Interactive link data diode device: Common Criteria security target, no. 9126P01000001, August, 2005,
  • Wind River VxWork MILS Platform, PO_VE_MILS_Platform.pdf, Rev 08/2010,


Cite as