Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
An Introduction to Smart Cards Kapitel lesen Erstes Kapitel lesen

2017 | OriginalPaper | Buchkapitel

8. Common Criteria: Origins and Overview

verfasst von : John Tierney, Tony Boswell

Erschienen in: Smart Cards, Tokens, Security and Applications

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

This chapter will consider how the Common Criteria for Information Technology Security Evaluation evolved, how they are defined and how they are used in practice. As an example we will look at how Common Criteria is applied to smart card evaluations. This chapter will not attempt to describe the full detail of Common Criteria, but will explore the scope of the criteria, the infrastructure that supports their use, and how protection Profiles and Security Targets are created to act as baselines for evaluations. As such it acts as an introduction to the use of Common Criteria, on which a reader can base further reading and practice in order to apply Common Criteria to real-world situations.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Introduction to the TPM
Nächstes Kapitel Smart Card Security
Fußnoten
1
Also known as “The Orange Book”, and one of the “Rainbow Books”: a series of security standards and guidance documents published by the US National Computer Security Center in a range of coloured covers.
 
2
The revisions contain mostly minor updates and corrections to clarify the criteria and their interpretation. A description of the CC maintenance process is given at www.​commoncriteriapo​rtal.​org/​cc/​maintenance.
 
3
See the text of the CCRA on the Common Criteria portal (www.​commoncriteriapo​rtal.​org) for more details of the recognition constraints.
 
4
See the text of the mutual recognition agreement on the SOG-IS website at www.​sogis.​org.
 
5
A Certification Body (also sometimes known as a Validation Body, but usually abbreviated as “CB”) is an entity operated or sponsored by a national Common Criteria scheme to oversee evaluations carried out in that national scheme and to carry out certification on the basis of the technical reports from its evaluation laboratories.
 
6
Use of the assurance levels in CC part 3 still continues, but in some areas the most recent use of CC has emphasised the definition of assurance in terms of the individual components rather than packaged levels.
 
7
The topic of attack potential calculations (which basically involve deriving a number representing the difficulty of an attack) for actual and potential vulnerabilities is too big to discuss in this chapter. However, the interested reader is referred to [6] for details of how this is done for smart cards and related products.
 
8
The order in which the components are listed is not significant.
 
9
For example, if a software application requires certification then this will often imply a need or benefit for the underlying hardware also to be certified. See the discussion of composite evaluations later in this chapter.
 
10
Indeed there are specific definitions and separate treatment of collaborative Protection Profiles (cPPs) developed from recognised international Technical Communities (iTCs) described in the CCRA (see [5], especially the definitions in Annex A and description of Collaborative Protection Profiles in Annex K).
 
11
CC part 3 also defines assurance components for the evaluation of Protection Profiles and Security Targets, but these are not discussed here.
 
Literatur
1.
Common Criteria for Information Technology Security Evaluation - Part 1: Introduction and general model, Version 3.1 Revision 4, September 2012, CCMB-2012-09-001 (available from the ‘Publications’ section at www.​commoncriteriapo​rtal.​org)
2.
Common Criteria for Information Technology Security Evaluation - Part 2: Security functional components, Version 3.1 Revision 4, September 2012, CCMB-2012-09-002 (available from the ‘Publications’ section at www.​commoncriteriapo​rtal.​org)
3.
Common Criteria for Information Technology Security Evaluation - Part 3 Security assurance components, Version 3.1 Revision 4, September 2012, CCMB-2012-09-003 (available from the ‘Publications’ section at www.​commoncriteriapo​rtal.​org)
4.
Common Methodology for Information Technology Security Evaluation - Evaluation methodology, Version 3.1 Revision 4, September 2012, CCMB-2012-09-004 (available from the ‘Publications’ section at www.​commoncriteriapo​rtal.​org)
5.
Arrangement on the Recognition of Common Criteria Certificates In the field of Information Technology Security, 2 July 2014 (available from the ‘About the CC’ section at www.​commoncriteriapo​rtal.​org)
6.
7.
8.
Metadaten
Titel
Common Criteria: Origins and Overview
verfasst von
John Tierney
Tony Boswell
Copyright-Jahr
2017
Buch
Smart Cards, Tokens, Security and Applications

Print ISBN: 978-3-319-50498-8

Electronic ISBN: 978-3-319-50500-8

Copyright-Jahr: 2017

DOI
https://doi.org/10.1007/978-3-319-50500-8_8