TRUSTBUS 2014, 11th International Conference on Trust, Privacy, and Security in Digital Business, September 2-3, 2014, Munich, Germany / Also published in Lecture Notes in Computer Science, Volume 8647/2014
The Common Criteria (CC) certification framework defines a widely recognized, multi-domain certification scheme that aims to provide security assurances about IT products to consumers. However, the CC scheme does not prescribe a monitoring scheme for the CC practice, raising concerns about the quality of the security assurance provided by the certification and questions on its usefulness. In this paper, we present a critical analysis of the CC practice that concretely exposes the limitations of current approaches. We also provide directions to improve the CC practice.
Type:
Conference
City:
Munich
Date:
2014-09-02
Department:
Digital Security
Eurecom Ref:
4438
Copyright:
© Springer. Personal use of this material is permitted. The definitive version of this paper was published in TRUSTBUS 2014, 11th International Conference on Trust, Privacy, and Security in Digital Business, September 2-3, 2014, Munich, Germany / Also published in Lecture Notes in Computer Science, Volume 8647/2014 and is available at : http://dx.doi.org/10.1007/978-3-319-09770-1_12
See also:
