Abstract
The Common Criteria (CC) certification framework defines a widely recognized, multi-domain certification scheme that aims to provide security assurances about IT products to consumers. However, the CC scheme does not prescribe a monitoring scheme for the CC practice, raising concerns about the quality of the security assurance provided by the certification and questions on its usefulness. In this paper, we present a critical analysis of the CC practice that concretely exposes the limitations of current approaches. We also provide directions to improve the CC practice.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
NIST National Vulnerability Database. National vulnerability database (2012)
T. C. C. R. Agreement. Common criteria for information technology security evaluation part 1: Introduction and general model revision 3 final foreword. NISTÂ 49, 93 (2009)
Beckert, B., Bruns, D., Grebing, S.: Mind the gap: Formal verification and the common criteria (discussion paper)
Chang, S.-C., Fan, C.-F.: Construction of an ontology-based common criteria review tool. In: 2010 International Computer Symposium (ICS), pp. 907–912 (2010)
Cisco and Intel. Common criteria embrace, reform, extend. discussion draft 1.0. (2011)
Common Criteria. Common criteria portal (2012)
Damiani, E., Ardagna, C.A., Ioini, N.E.: Open Source Systems Security Certification, 1st edn. Springer (2008)
Ekelhart, A., Fenz, S., Goluch, G., Weippl, E.R.: Ontological mapping of common criteria’s security assurance requirements. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) New Approaches for Security, Privacy and Trust in Complex Environments. IFIP AICT, pp. 85–95. Springer, Heidelberg (2007)
Herrmann, D.S.: Using the Common Criteria for It Security Evaluation. CRC Press, Inc., Boca Raton (2002)
Kallberg, J.: Common criteria meets realpolitik - trust, alliances, and potential betrayal. IEEE Security Privacy PP(99), 1 (2012)
Kaluvuri, S.P., Koshutanski, H., Di Cerbo, F., Mana, A.: Security assurance of services through digital security certificates. In: 2013 IEEE 20th International Conference on Web Services (ICWS). IEEE (2013)
Kaluvuri, S.P., Koshutanski, H., Di Cerbo, F., Menicocci, R., Maña, A.: A digital security certificate framework for services. International Journal of Services Computing, p. 25
Nygaard, T.B.: Common criteria design toolbox. Master’s thesis, Informatics and Mathematical Modelling, Technical University of Denmark, DTU, Richard Petersens Plads, Building 321, DK-2800 Kgs. Lyngby, Supervised by Professor Robin Sharp and Assoc. Professor Michael R. Hansen, IMM, DTU (2007)
U. S. G. A. Office. Information assurance: National partnership offers benefits, but faces considerable challenges. Technical Report GAO 06-392, Report (March 2006)
Shapiro, J.: Understanding the windows eal4 evaluation. Computer 36(2), 103–105 (2003)
Smith, R.E.: Trends in security product evaluations. Inf. Sys. Sec. 16(4), 203–216 (2007)
Yajima, H., Murata, M., Kai, N., Yamasato, T.: Consideration of present status and approach for the widespread of cc certification to a private field cases in japan
Zhou, C., Ramacciotti, S.: Common criteria: Its limitations and advice on improvement. Information Systems Security Association ISSA Journal, 24–28 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Kaluvuri, S.P., Bezzi, M., Roudier, Y. (2014). A Quantitative Analysis of Common Criteria Certification Practice. In: Eckert, C., Katsikas, S.K., Pernul, G. (eds) Trust, Privacy, and Security in Digital Business. TrustBus 2014. Lecture Notes in Computer Science, vol 8647. Springer, Cham. https://doi.org/10.1007/978-3-319-09770-1_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-09770-1_12
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-09769-5
Online ISBN: 978-3-319-09770-1
eBook Packages: Computer ScienceComputer Science (R0)