Leveraging Common Criteria for Products’ Security Specification (I11a)
Over time, Common Criteria (CC) have shown to be excellent tools to foster the development of highly secure products corresponding to a given market use-case. This talk will illustrate another virtue of the CC: the ability to generate products matching the necessary and sufficient level of security. Indeed, it is believed that the practice of CC shall not be seen as “exploits” after a “certification marathon”, but rather as a methodology to maintain “certification-ready” product lines. Such “left shift” is mandatory for industries leveraging Security Sub-Systems (3S), which shall accommodate to various products. This talk will show that the adoption of CC “within core products” instead of “per project” allows for a fine-grain control of the security functionalities to be instantiated, thereby offering a clear path to successful certification process. This talk illustrates the systematic use of attack-countermeasure trees to yield early quotations at the specification level. Thereby, products’ configurations are generated to match exactly with the targeted Evaluation Assurance Level. Such methodology allows to select the right amount of protections, in terms both of breadth and depth, and therefore to minimize the overall product cost. This talk will show examples of this methodology for the reuse of the same 3S in various contexts (namely automotive with PP 0114 and smartphone with PP 0117).