Papers
Topics
Authors
Recent
Search
2000 character limit reached

Chain of trust: Unraveling references among Common Criteria certified products

Published 22 Apr 2024 in cs.CR | (2404.14246v3)

Abstract: With 5394 security certificates of IT products and systems, the Common Criteria for Information Technology Security Evaluation have bred an ecosystem entangled with various kind of relations between the certified products. Yet, the prevalence and nature of dependencies among Common Criteria certified products remains largely unexplored. This study devises a novel method for building the graph of references among the Common Criteria certified products, determining the different contexts of references with a supervised machine-learning algorithm, and measuring how often the references constitute actual dependencies between the certified products. With the help of the resulting reference graph, this work identifies just a dozen of certified components that are relied on by at least 10% of the whole ecosystem -- making them a prime target for malicious actors. The impact of their compromise is assessed and potentially problematic references to archived products are discussed.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (6)
  1. Bundesamt fĂŒr Sicherheit in der Informationstechnik: Product certification: IT security certification scheme Common Criteria (CC), version 4.1 (2023)
  2. Common Criteria: ISO/IEC 15408 Information technology — Security techniques — Evaluation criteria for IT security. In: ISO/IEC 15408-1:2022. ISO/IEC (2022)
  3. Common Criteria Recognition Arrangement Management Committee: Assurance continuity: CCRA requrements (2012)
  4. Common Criteria Recognition Arrangement Management Committee: Operating procedures: Certificate validity (2021)
  5. Joint Interpretation Library: Composite product eval for smartcards and similar devices (2018), https://sogis.eu/documents/cc/domains/sc/JIL-Composite-product-evaluation-for-Smart-Cards-and-similar-devices-v1.5.1.pdf
  6. Netherlands Scheme for Certification in the Area of IT Security (NSCIB): NSCIB application form (2020), https://tuv-nederland.nl/assets/files/general-files/2020/01/nst_01_nscib_application_form_v2020-01-2020-01-31.doc

Summary

No one has generated a summary of this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Summarize

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up

Tweets

Sign up for free to view the 2 tweets with 0 likes about this paper.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up for Free