Skip to main content
SpringerLink
Log in

A Quantitative Analysis of Common Criteria Certification Practice

  • Conference paper
Trust, Privacy, and Security in Digital Business (TrustBus 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8647))

Abstract

The Common Criteria (CC) certification framework defines a widely recognized, multi-domain certification scheme that aims to provide security assurances about IT products to consumers. However, the CC scheme does not prescribe a monitoring scheme for the CC practice, raising concerns about the quality of the security assurance provided by the certification and questions on its usefulness. In this paper, we present a critical analysis of the CC practice that concretely exposes the limitations of current approaches. We also provide directions to improve the CC practice.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. NIST National Vulnerability Database. National vulnerability database (2012)

    Google Scholar 

  2. T. C. C. R. Agreement. Common criteria for information technology security evaluation part 1: Introduction and general model revision 3 final foreword. NIST 49, 93 (2009)

    Google Scholar 

  3. Beckert, B., Bruns, D., Grebing, S.: Mind the gap: Formal verification and the common criteria (discussion paper)

    Google Scholar 

  4. Chang, S.-C., Fan, C.-F.: Construction of an ontology-based common criteria review tool. In: 2010 International Computer Symposium (ICS), pp. 907–912 (2010)

    Google Scholar 

  5. Cisco and Intel. Common criteria embrace, reform, extend. discussion draft 1.0. (2011)

    Google Scholar 

  6. Common Criteria. Common criteria portal (2012)

    Google Scholar 

  7. Damiani, E., Ardagna, C.A., Ioini, N.E.: Open Source Systems Security Certification, 1st edn. Springer (2008)

    Google Scholar 

  8. Ekelhart, A., Fenz, S., Goluch, G., Weippl, E.R.: Ontological mapping of common criteria’s security assurance requirements. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) New Approaches for Security, Privacy and Trust in Complex Environments. IFIP AICT, pp. 85–95. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  9. Herrmann, D.S.: Using the Common Criteria for It Security Evaluation. CRC Press, Inc., Boca Raton (2002)

    Google Scholar 

  10. Kallberg, J.: Common criteria meets realpolitik - trust, alliances, and potential betrayal. IEEE Security Privacy PP(99), 1 (2012)

    Google Scholar 

  11. Kaluvuri, S.P., Koshutanski, H., Di Cerbo, F., Mana, A.: Security assurance of services through digital security certificates. In: 2013 IEEE 20th International Conference on Web Services (ICWS). IEEE (2013)

    Google Scholar 

  12. Kaluvuri, S.P., Koshutanski, H., Di Cerbo, F., Menicocci, R., Maña, A.: A digital security certificate framework for services. International Journal of Services Computing, p. 25

    Google Scholar 

  13. Nygaard, T.B.: Common criteria design toolbox. Master’s thesis, Informatics and Mathematical Modelling, Technical University of Denmark, DTU, Richard Petersens Plads, Building 321, DK-2800 Kgs. Lyngby, Supervised by Professor Robin Sharp and Assoc. Professor Michael R. Hansen, IMM, DTU (2007)

    Google Scholar 

  14. U. S. G. A. Office. Information assurance: National partnership offers benefits, but faces considerable challenges. Technical Report GAO 06-392, Report (March 2006)

    Google Scholar 

  15. Shapiro, J.: Understanding the windows eal4 evaluation. Computer 36(2), 103–105 (2003)

    Article  Google Scholar 

  16. Smith, R.E.: Trends in security product evaluations. Inf. Sys. Sec. 16(4), 203–216 (2007)

    Google Scholar 

  17. Yajima, H., Murata, M., Kai, N., Yamasato, T.: Consideration of present status and approach for the widespread of cc certification to a private field cases in japan

    Google Scholar 

  18. Zhou, C., Ramacciotti, S.: Common criteria: Its limitations and advice on improvement. Information Systems Security Association ISSA Journal, 24–28 (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. SAP Labs France, France

    Samuel Paul Kaluvuri & Michele Bezzi

  2. Eurecom Institute, France

    Samuel Paul Kaluvuri & Yves Roudier

  3. Eindhoven University of Technology, The Netherlands

    Samuel Paul Kaluvuri

Authors
  1. Samuel Paul Kaluvuri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michele Bezzi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yves Roudier
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Fraunhofer-Institut für Angewandte und Integrierte Sicherheit (AISEC), Parkring 4, 85748, Garching, Germany

    Claudia Eckert

  2. Department of Digital Systems, University of Piraeus, 150 Androutsou St., 185 32, Piraeus, Greece

    Sokratis K. Katsikas

  3. LS Wirtschaftsinformatik 1 - Informationssysteme, Universität Regensburg, Universitätsstr. 31, 93053, Regensburg, Germany

    Günther Pernul

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Kaluvuri, S.P., Bezzi, M., Roudier, Y. (2014). A Quantitative Analysis of Common Criteria Certification Practice. In: Eckert, C., Katsikas, S.K., Pernul, G. (eds) Trust, Privacy, and Security in Digital Business. TrustBus 2014. Lecture Notes in Computer Science, vol 8647. Springer, Cham. https://doi.org/10.1007/978-3-319-09770-1_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-09770-1_12

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-09769-5

  • Online ISBN: 978-3-319-09770-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation