Security Evaluation of Existing IT Systems under the Common Criteria at Levels above EAL4
- 15:30 5th December 2008 ( week 8, Michaelmas Term 2008 )Room 479 of the Wolfson Building
Things don't always go the way we planned. Sometimes even well-engineered systems suffer devastating failures in practice. This talk describes the history and some important events leading up to the failure of a large computer system designed for handling classified information to achieve Common Criteria (CC) security evaluation in 2006.
The software worked brilliantly; what failed was the certification process. There are numerous Certification and Accreditation (C&A) programmes to choose from; this talk will cover only two: firstly, the international Common Criteria for Information Technology Security Evaluation ('the Common Criteria'); and secondly, a related US government standard referred to as DCID 6/3.
Why did this particular security evaluation fail? I will describe my research toward finding the causes of and a cure for the problem of prohibitively expensive security C&A for national security systems.