About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
IEEE IWIA 2004
Conference paper
Increased information flow needs for high-assurance composite evaluations
Abstract
Four Common Criteria Certification agencies from France, Germany, the Netherlands and the UK have developed a concept of composite evaluations in which software evaluators would not receive the full hardware Evaluation Technical Report (ETR), but instead would only receive an abbreviated ETR-lite. While ETR-lite is acceptable at low assurance levels, this paper argues that at high assurance levels, such an abbreviated report violates the basic principles of systems engineering and high assurance evaluation, and demonstrates that serious undetected security vulnerabilities can be the result. The paper recommends that additional information flow between hardware evaluators and software developers and evaluators is crucial for high assurance evaluation to succeed.