In relation to the CC, the methodology involves proceeding from a
specification of a Protection Profile, which gives an abstract
description of a whole class of IT products, via the specification of a
Security Target to the production of an Implementation Representation
which in detail describes the concrete final product which can operate
in a specified environment:
For the PP and ST, a set of Threats, Assumptions and Organizational Security Policies (OSPs) are identified and used to produce a set of Security Objectives (SOs) for the product and the environment in which it is to operate. From these objectives, sets of Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs) are derived. Finally, concrete components are selected and an Implementation Representation is produced which fulfils the SFRs of the ST. This systematic procedure ensures that the product addresses the threats to which it will be exposed, and the SARs provide rules for achieving some agreed level of assurance that the design and subsequent implementation are correct from a security point of view.
At each step, more details are added to the specification, so in slightly more detail the process is as shown below:
If you have a case which you would like considered, please contact us.
A first step toward producing a tool has been to formulate a formal ontology for the concepts used in the Common Criteria. This ontology is technically speaking a Domain Ontology under SUMO, the Suggested Upper Merged Ontology (SUMO) defined by the IEEE P1600.1 Working Group. It has been formulated in SUO-KIF, the knowledge representation language designed by Niles and Pease in order to support the definition of the SUMO. You can see the latest version of the ontology here. This ontology won the 2006 SUMO Prize for the best submission of a new formalised domain ontology under SUMO.
The tool will support design at assurance levels up to EAL4, following the methodology described above. For further details, please contact us.