47300
doi
10.5281/zenodo.47300
oai:zenodo.org:47300
user-mils
user-eu
Leconte, Bertrand
Airbus Group Innovations
Gilles, Gobbo
Airbus Group Innovations
Schwarz, Reinhard
Fraunhofer IESE
Müller, Kevin
Airbus Group Innovations
Paulitsch, Michael
Airbus Group Innovations
Blomberg, Axel Söding-Freiherr
OpenSynergy
Tillequin, Axel
Airbus Group Innovations
Müller, Kevin
Airbus Group Innovations
Blomberg, Alex Söding-Freiherr
OpenSynergy
Leconte, Bertrand
AIRBUS Operations SAS
Gobbo, Gilles
AIRBUS Operations SAS
Paulitsch, Michael
Airbus Group Innovations
Tillequin, Axel
AIRBUS Group SAS
Trustworthy MILS: CC Composite Evaluation Approach
Schwarz, Reinhard
Fraunhofer IESE on behalf of Airbus Group Innovations
info:eu-repo/semantics/openAccess
Creative Commons Attribution 4.0 International
https://creativecommons.org/licenses/by/4.0/legalcode
Study
IT Security
Common Criteria
Compositional Security Evaluation
Composite Product Evaluation
<p>As high assurance software systems are becoming more complex and sophisticated, assuring their security and safety is increasingly difficult and costly. Mono-lithic evaluation approaches do not scale well because evaluation effort grows exponentially with the complexity of the evaluation target. To keep pace with growing assurance demands, a compositional evaluation approach is a promising strategy.</p>
<p><br>
In a compositional evaluation, the individual components of a system are evaluated independently, and these partial evaluation results are composed to derive the overall evaluation verdict with minimum additional effort. The Common Criteria for IT Security Evaluation (ISO/IEC 15408) and the sup-porting documentation offer two different compositional evaluation schemes: the “Composite Product Evaluation for Smart Cards and Similar Devices” (CPE) and the “Composed Assurance Package” (CAP).</p>
<p><br>
In this report, we assess the suitability of CPE in the avionics domain, and we compare this evaluation scheme with its CAP alternative. We use the problem of evaluating an avionic security gateway as a case study to illustrate the implications, advantages, and drawbacks of the CPE approach.</p>
Zenodo
2015-04-13
info:eu-repo/semantics/report
630760
user-mils
user-eu
award_title=EURO-MILS:
Secure European Virtualisation for Trustworthy Applications in Critical Domains; award_number=318353; award_identifiers_scheme=url; award_identifiers_identifier=https://cordis.europa.eu/projects/318353; funder_id=00k4n6c32; funder_name=European Commission;
1579538740.643505
554149
md5:d1a8c6886aa8ad8834211805b527b708
https://zenodo.org/records/47300/files/EURO-MILS-D21.3-PU-M30-1.0.pdf
public
isVersionOf
doi