Increased Information Flow Needs for High-Assurance Composite Evaluations

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Paul A. Karger Articles by Helmut Kurth

Second IEEE International Information Assurance Workshop (IWIA'04)

Charlotte, North Carolina

April 08-April 09

ISBN: 0-7695-2117-7

	ASCII Text	x
	Paul A. Karger, Helmut Kurth, "Increased Information Flow Needs for High-Assurance Composite Evaluations," Information Assurance, IEEE International Workshop on/Innovative Architecture for Future Generation High-Performance Processors and Systems, International Workshop on/Innovative Architecture, International Workshop on, pp. 129, Second IEEE International Information Assurance Workshop (IWIA'04), 2004.

	BibTex	x
	@article{ 10.1109/IWIA.2004.1288043, author = {Paul A. Karger and Helmut Kurth}, title = {Increased Information Flow Needs for High-Assurance Composite Evaluations}, journal ={Information Assurance, IEEE International Workshop on/Innovative Architecture for Future Generation High-Performance Processors and Systems, International Workshop on/Innovative Architecture, International Workshop on}, volume = {0}, year = {2004}, isbn = {0-7695-2117-7}, pages = {129}, doi = {http://doi.ieeecomputersociety.org/10.1109/IWIA.2004.1288043}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Information Assurance, IEEE International Workshop on/Innovative Architecture for Future Generation High-Performance Processors and Systems, International Workshop on/Innovative Architecture, International Workshop on TI - Increased Information Flow Needs for High-Assurance Composite Evaluations SN - 0-7695-2117-7 SP EP A1 - Paul A. Karger, A1 - Helmut Kurth, PY - 2004 KW - composite evaluation KW - common criteria KW - high assurance KW - smart cards KW - covert channels VL - 0 JA - Information Assurance, IEEE International Workshop on/Innovative Architecture for Future Generation High-Performance Processors and Systems, International Workshop on/Innovative Architecture, International Workshop on ER -

Paul A. Karger, IBM Corp., T. J. Watson Research Center, Yorktown Heights, NY

Helmut Kurth, atsec information security GmbH, Munich, Germany

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/IWIA.2004.1288043

Four Common Criteria Certification agencies from France, Germany, the Netherlands and the UK have developed a concept of composite evaluations in which software evaluators would not receive the full hardware Evaluation Technical Report (ETR), but instead would only receive an abbreviated ETR-lite. While ETR-lite is acceptable at low assurance levels, this paper argues that at high assurance levels, such an abbreviated report violates the basic principles of systems engineering and high assurance evaluation, and demonstrates that serious undetected security vulnerabilities can be the result. The paper recommends that additional information flow between hardware evaluators and software developers and evaluators is crucial for high assurance evaluation to succeed.

Index Terms:

composite evaluation, common criteria, high assurance, smart cards, covert channels

Citation:

Paul A. Karger, Helmut Kurth, "Increased Information Flow Needs for High-Assurance Composite Evaluations," iwia, pp.129, Second IEEE International Information Assurance Workshop (IWIA'04), 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.