Published in Military & Aerospace Electronics
Authored by Richard Jaenicke of Green Hills Software and Steve Edwards of Curtiss-Wright.
Systems designers who are considering creating a trusted computing platform able to host cross-domains solutions (CDS) and other multi-level security (MLS) applications have some decisions to make about software and hardware concerns. First, the designer needs to understand the levels of security functionality and assurance that a robust trusted-computing solution needs.
The international standard for security evaluation of an information technology (IT) product or technology is the Common Criteria for Information Technology Security Evaluation (ISO/IEC 15408) -- simply referred to as the Common Criteria (CC).
The Common Criteria provides common requirements for computer security and for assurance measures applied to those IT products during a security evaluation. Evaluations can be done to different levels of depth and rigor, called Evaluation Assurance Levels (EAL). Each EAL defines security-assurance requirements: EAL 1 is the least rigorous and EAL 7 is the most rigorous.
By definition, an EAL addresses only assurance requirements and not functional requirements of a security solution. This can lead to applying rigorous evaluation methods to very lax security functionality. The Common Criteria explicitly acknowledges this up front:
“The CC is intentionally flexible, enabling a range of evaluation methods for a range of security in IT products. Therefore users of the standard are cautioned to exercise care that this flexibility is not misused. For example, using the CC in conjunction with unsuitable evaluation methods, irrelevant security properties, or inappropriate IT products, may result in meaningless evaluation results.”