Addendum to CEM
- 1. Thales Communications & Security SAS
- 2. T-Systems International
Contributors
Researchers:
- 1. Thales Communications & Security SAS
- 2. T-Systems International
Description
This document is an Addendum to the current version of the [CEM] document.
The [CEM] document is used by any ITSEF in order to perform evaluation of TOE submitted.
However, the [CEM] is a generic document that is technologic agnostic.
Hence, the aim to this document is to provide additional information to the [CEM] as a form of suggestion.
This information could be used to perform the evaluation of a MILS system or MILS component.
First, this document studies the current status of various technological domains with regards to the Common Criteria standard.
In the second part, this document develops, like for many other technological domains, the “Attack Potential”. It is a refinement for the MILS technology of the five essential criterion of an attack: elapsed time, expertise of the attacker needed, knowledge of the TOE needed, windows of opportunity needed and equipment required for the attack. Like for the Smartcard domain or the the Point of Interaction domain, this document suggest values and definition to be used for an evaluation of a MILS system. This section is written in a form that is compatible to the JIL consortium.
Later, this document suggests an “Attack method” for the MILS domain. The aim is to suggest attack path that could be used to perform the evaluation of a MILS system. In addition, this section suggests the JIL quotation for each attack. The JIL quotation is a standardized way of evaluating the resources needed and the complexity of an attack.
In the fourth section, this document suggests a refinement of the CEM document in the context of MILS system. Indeed, CEM is not complete and some work units to be performed are not defined. This section suggests an interpretation of the missing work units of the CEM in the context of MILS domain.
Finally, this document deals with the concept of Composition. This concept is well defined in the case of Hardware based technology. However, this concept has never been pushed to the Software layer. This section suggests a methodology that allows performing an evaluation of a software platform (like an Operating System) and then taking benefit of this certification to compose with applications.
Files
EURO-MILS_D33.1_Addendum-to-CEM_PU_M36-V1.0.pdf
Files
(1.9 MB)
| Name | Size | Download all |
|---|---|---|
|
md5:9a21f05ca19d99aca6c5338afecce941
|
1.9 MB | Preview Download |
Additional details
Funding
References
- Application Notes and Interpretation of the Scheme (AIS), AIS34, v3, September 2009
- Common Criteria for Information Technology Security Evaluation. Version 3.1, revision 4, vol. 1--3, September, 2012
- COTS Compartmentalized Operations Protection Profile Operating Systems, v2.0, 2008
- Common Methodology for Information Technology Security Evaluation, Evaluation methodology, September 2012, Version 3.1, revision 4
- Mutual Recognition Agreement of Information Technology Security Evaluation Certificates, v3.0, January 2010
- ANSSI : Note d'application, réf. 12.1, Modélisation formelle des politiques de sécurité d'une cible d'évaluation, March 2008
- Tenix Datagate Inc, Interactive link data diode device: Common Criteria security target, no. 9126P01000001, August, 2005, http://www.commoncriteriaportal.org/files/epfiles/st_vid9512-st.pdf.
- Wind River VxWork MILS Platform, PO_VE_MILS_Platform.pdf, Rev 08/2010, www.windriver.com
- Application of Attack Potential to Hardware Devices with Security Boxes, Version 1.0, May 2012
- Application of Attack Potential to POIs, Version 1.0, June 2011
- CEM Refinements for POI Evaluation, Version 1.0, May 2011
- Security Evaluation and Certification of Digital Tachygraphy
- INTERPRETATION DU VLA.4/VAN.5 DANS LE DOMAINE DU LOGICIEL, VUL/I/01.1, Version 1
- ANSSI : PRISE EN COMPTE DES OUTILS DANS LES EVALUATIONS LOGICIELLES
- Composite product evaluation for Smart Cards and similar devices, v1.4