Ecole d'ingénieur et centre de recherche en Sciences du numérique

A quantitative analysis of common criteria certification practice

Kaluvuri, Samuel Paul; Bezzi, Michele; Roudier, Yves

TRUSTBUS 2014, 11th International Conference on Trust, Privacy, and Security in Digital Business, September 2-3, 2014, Munich, Germany / Also published in Lecture Notes in Computer Science, Volume 8647/2014

The Common Criteria (CC) certification framework defines a widely recognized, multi-domain certification scheme that aims to provide security assurances about IT products to consumers. However, the CC scheme does not prescribe a monitoring scheme for the CC practice, raising concerns about the quality of the security assurance provided by the certification and questions on its usefulness. In this paper, we present a critical analysis of the CC practice that concretely exposes the limitations of current approaches. We also provide directions to improve the CC practice.

Document Doi Bibtex

Titre:A quantitative analysis of common criteria certification practice
Type:Conférence
Langue:English
Ville:Munich
Pays:ALLEMAGNE
Date:
Département:Sécurité numérique
Eurecom ref:4438
Copyright: © Springer. Personal use of this material is permitted. The definitive version of this paper was published in TRUSTBUS 2014, 11th International Conference on Trust, Privacy, and Security in Digital Business, September 2-3, 2014, Munich, Germany / Also published in Lecture Notes in Computer Science, Volume 8647/2014 and is available at : http://dx.doi.org/10.1007/978-3-319-09770-1_12
Bibtex: @inproceedings{EURECOM+4438, doi = {http://dx.doi.org/10.1007/978-3-319-09770-1_12}, year = {2014}, title = {{A} quantitative analysis of common criteria certification practice}, author = {{K}aluvuri, {S}amuel {P}aul and {B}ezzi, {M}ichele and {R}oudier, {Y}ves}, booktitle = {{TRUSTBUS} 2014, 11th {I}nternational {C}onference on {T}rust, {P}rivacy, and {S}ecurity in {D}igital {B}usiness, {S}eptember 2-3, 2014, {M}unich, {G}ermany / {A}lso published in {L}ecture {N}otes in {C}omputer {S}cience, {V}olume 8647/2014}, address = {{M}unich, {ALLEMAGNE}}, month = {09}, url = {http://www.eurecom.fr/publication/4438} }
Voir aussi: