Increased information flow needs for high-assurance composite evaluations

Proceedings - Second IEEE Information Assurance Workshop

Volumn , Issue , 2004, Pages 129-140

  Karger, Paul A ^a   Kurth, Helmut ^b  

^a IBM T J WATSON RESEARCH CENTER   (United States)

^b Atsec Information Security GmbH   (Germany)

Author keywords

Common criteria; Composite evaluation; Covert channels; High assurance; Smart cards

Indexed keywords

COMMERCIALLY LICENCED EVALUATION FACILITIES (CLEF); COMPOSITE EVALUATION; COVERT CHANNELS; EVALUATION TECHNICAL REPORT (ETR);

COMPUTER HARDWARE; COMPUTER SOFTWARE; CRYPTOGRAPHY; DATA REDUCTION; DATABASE SYSTEMS; SECURITY OF DATA; SMART CARDS;

INFORMATION DISSEMINATION;

EID: 4544388201     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/IWIA.2004.1288043     Document Type: Conference Paper

References (50)

1. Aharon Aharon, Ayal Bar-David, Barry Dorfman, Emanuel Gofman, Moshe Leibowitz, and Victor Schwartzburd. Verification of the IBM RISC System/6000 by a dynamic biased pseudo-random test program generator. IBM Systems Journal, 30(4):527-538, 1991.
2. Aharon Aharon, Dave Goodman, Moshe Levinger, Yossi Lichtenstein, Yossi Malka, Charlotte Metzger, Moshe Molcho, and Gil Shurek. Test program generation for functional verification of PowerPC processors in IBM. In Proceedings of the 32nd ACM/IEEE Design Automation Conference, pages 279-285, San Francisco, CA, June 1998. Association for Computing Machinery.
3. Hans-Gerd Albertson and Françoise Forge. The modular approach: A composite product evaluation for smart cards. In 3rd International Common Criteria Conference - Common Criteria: Delivering Information Assurance Solutions, Ottawa, Ontario, Canada, 13-14 May 2002. URL: http://www.expotrack.com/iccc/proceedings/pdf/proceed/english/track3/pr041_e. pdf.
4. Alpha architecture handbook. Technical report, Compaq Computer Corporation, October 1998.
5. Ross Anderson and Markus Kuhn. Tamper resistance - a cautionary note. In Second USENIX Workshop on Electronic Commerce Proceedings, pages 1-11, Oakland, CA, 1996. USENIX Association.
6. Walker Anderson. Logical verification of the NVAX CPU chip design. In 1992 International Conference on Computer Design: VLSI in Computers and Processors, pages 306-309. IEEE Computer Society Press, 1992.
7. Application of attack potential to smartcards. Technical Report Version 1.1, Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany, July 2002. URL: http://www.bsi.de/zertifiz/zert/interpr/aapsc11.pdf.
8. Dileep Bhandarkar. Architecture management for ensuring software compatibility in the VAX family of computers. Computer, 15(2):87-93, February 1982.
9. M. D. Brown. MULTOS version 3 on Hitachi H8/3112 integrated circuit card. Technical Report UK ITSEC Scheme Certification Report No. P130, UK IT Security Evaluation and Certification Scheme, Certification Body, PO Box 152, Cheltenham, UK, 13 September 1999.
10. Zhiqun Chen. Java Card (tm) Technology for Smart Cards: Architecture and Programmer's Guide. Addison-Wesley, Boston, 2000.
11. Common criteria for information technology security evaluation: Supplement: Vulnerability analysis and penetration testing. Technical Report CCIBM-2002-07-001, Version 0.68, Common Criteria Interpretation Management Board, July 2002. URL: http://web.archive.org/web/20030507065423/http://www.commoncriteria.org/ review_docs/docs/2002-07-001.pdf.
12. Department of defense trusted computer system evaluation criteria. DOD 5200.28-STD, National Computer Security Center, Washington, DC, December 1985. URL: http://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.pdf.
13. Joan Dyer, Ron Perez, Sean Smith, and Mark Lindemann. Application support architecture for a high-performance, programmable secure coprocessor. In 22nd National Information Systems Security Conference, Crystal City, VA, 18-21 October 1999. URL: http://csrc.ncsl.nist.gov/nissc/1999/proceeding/papers/p16.pdf.
14. ETR-lite for composition. Technical Report Version 1.1, Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany, July 2002. URL: http://www.bsi.de/zertifiz/zert/interpr/etrli11.pdf.
15. ETR-lite for composition: Annex a composite smartcard evaluation: Recommended best practice. Technical Report Version 1.1, Direction Centrale de la Sécurité des Systèmes d'Information (DCSSI), Paris, France, March 2002. URL: http://www.bsi.de/zertifiz/zert/interpir/etrlia12.pdf.
16. Functionality classes and evaluation methodology for physical random number generators. Technical Report AIS 31, Version 1, Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany, 25 September 2001. URL: http://www.bsi.bund.de/zertifiz/zert/interpr/ais31e.pdf.
17. Guidance for smartcard evaluation. Technical Report Version 1.1, Direction Centrale de la Sécurité des Systèmes d'Information (DCSSI), Paris, France, March 2002. URL: http://www.bsi.de/zertifiz/zert/interpr/scgui11.pdf.
18. Kevin B. Hennigan. Hardware subverter for the Honey well 6180. Technical Report ESD-TR-76-352, The MITRE Corporation, Bedford, MA, HQ Electronic Systems Division, Hanscom AFB, MA, December 1976.
19. Wei-Ming Hu. Reducing timing channels with fuzzy time. In Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pages 8-20, Oakland, CA, 20-22 May 1991.
20. IBM Corporation, Boca Raton, FL. IBM Series/1 Model 5 - 4955 Processor and Processor Features Description, November 1976. URL: http://www.spies.com/~aek/pdf/ibm/series1/GA34-0021-0_series1mod5proc.pdf.
21. IBM Corporation, Boca Raton, FL. IBM Series/1 - 4942 Processor Models A and B and Processor Features Description, April 1981.
22. IBM Corporation, Boca Raton, FL. IBM Series/1 - Processor Models 30D, 31D, 60D, and 61D Description, January 1986.
23. Information Processing Center, Massachusetts Institute of Technology, Cambridge, MA. Summary of the H6180 Processor, 22 May 1973.
24. Information technology - security techniques - evaluation criteria for IT security - part 3: Security assurance requirements. Technical Report ISO/IEC15408-3, International Organization for Standardization, Genève, 1999.
25. intel Corporation. Pentium Pro Family Developer's Manual - Volume 2: Programmer's Reference Manual, December 1995.
26. Paul A. Karger and Roger R. Schell. Multics security evaluation: Vulnerability analysis. Technical Report ESD-TR-74-193, Vol. II, HQ Electronic Systems Division, Hanscom AFB, MA, USA, June 1974. URL: http://csrc.nist.gov/publications/history/karg74.pdf.
27. Paul A. Karger and Roger R. Schell. Thirty years later: Lessons from the Multics security evaluation. In Proceedings of the 18th Annual Computer Security Applications Conference, pages 119-126, Las Vegas, NV, 9-13 December 2002. URL: http://www.acsac.org/2002/papers/classic-multics.pdf.
28. Paul A. Karger and John C. Wray. Storage channels in disk arm optimization. In Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pages 52-61, Oakland, CA, 20-22 May 1991.
29. Paul A. Karger, Mary Ellen Zurko, Douglas W. Bonin, Andrew H. Mason, and Clifford E. Kahn. A retrospective on the VAX VMM security kernel. IEEE Transactions on Software Engineering, 17(11): 1147-1165, November 1991.
30. P. Kocher, J. Jaffe, and B. Jun. Differential power analysis: Leaking secrets. In Proceedings of Crypto '99, pages 388-397, Santa Barbara, CA, August 1999. Lecture Notes in Computer Science, Vol. 1666, Springer Verlag.
31. Oliver Kömmerling and Markus Kuhn. Design principles for tamper-resistant smartcard processors. In Proceedings of the USENIX Workshop on Smartcard Technology (Smartcard '99), pages 9-20, Chicago, IL, 10-11 May 1999. USENIX Association.
32. Markus G. Kuhn and Ross J. Anderson. Soft tempest: Hidden data transmission using electromagnetic emanations. In Information Hiding: Second International Workshop, IH'98, pages 124-142, Portland, OR, April 1998. Lecture Notes in Computer Science, Vol. 1525, Springer Verlag. URL: http://www.cl.cam.ac.uk/mgk25/ih98-tempest.pdf.
33. Timothy E. Leonard, editor. VAX Architecture Reference Manual. Digital Press, Bedford, MA, USA, 1987.
34. Nancy G Leveson. Safeware: System Safety and Computers, Addison-Wesley, Reading, MA, 1995.
35. Sudhindra N. Mishra. The VAX 8800 microarchitecture. Digital Technical Journal, (4):20-33, February 1987.
36. Lee M. Molho. Hardware aspects of secure computing. In 1970 Spring Joint Computer Conference, pages 135-141, Atlantic City, NJ, 5-7 May 1970. AFIPS Press.
37. Philips Electronics North America Corporation. XA User Guide, 1998. URL: http://www-us.semiconductors.philips.com/acrobat/various/XA_USER_GUIDE_1.pdf.
38. Philips Semiconductors. P16WX064 SmartXA-Family: Secure 16-bit Smart Card Controller, February 2001. URL: http://www-us.semiconductors.philips.com/acrobat/other/identification/ smartxa_ls.pdf.
39. Josyula R. Rao. On the role of formal methods in security. Information Processing Letters, 77(2-4):209-212, 28 February 2001.
40. Marvin Schaefer, Barry Gold, Richard Linde, and John Scheid. Program confinement in KVM/370. In Proceedings of the 1977 ACM Annual Conference, pages 404-410, Seattle, WA, 16-19 October 1977.
41. Roger R. Schell. Information security: Science, pseudoscience, and flying pigs. In Proceedings of the 17th Annual Computer Security Applications Conference, pages 205-216, New Orleans, LA, 10-14 December 2001. IEEE Computer Society. URL: http://www.acsac.org/invited-essay/essays/2001-schell.pdf.
42. Security requirements for cryptographic modules. Technical Report FIPS PUB 140-1, National Institute of Standards and Technology, Gaithersburg, MD, 11 January 1994. URL: http://csrc.nist.gov/publications/fips/fips140-1/fips1401.pdf.
43. Security requirements for cryptographic modules. Technical Report FIPS PUB 140-2, Change Notice 1, National Institute of Standards and Technology, Gaithersburg, MD, 10 October 2001. URL: http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf.
44. William R. Shockley and Roger R. Schell. TCB subsets for incremental evaluation. In Proceedings of the Third Aerospace Conference on Computer Security, pages 131-139, Oakland, CA, 7-11 December 1987. American Institute of Aeronautics and Astronautics. URL: http://www.acsac.org/secshelf/papers/tcbsubsets.pdf.
45. Smartcard IC platform protection profile. Technical Report BSI-PP-0002-2001, developed by Atmel Smart Card ICs, Hitachi Europe Ltd., Infineon Technologies AG, and Philips Semiconductors, registered and certified by Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany, July 2001. URL: http://www.bsi.bund.de/cc/pplist/ssvgpp01.pdf.
46. ST-lite. Technical Report Version 1.1, Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany, July 2002. URL: http://www.bsi.de/zertifiz/zert/interpr/stlite11.pdf.
47. Scott Taylor, Michael Quinn, Darren Brown, Nathan Dohm, Scot Hildebrandt, James Huggins, and Carl Ramey. Functional verification of a multiple-issue, out-of-order, super-scalar Alpha processor - the DEC Alpha 21264 microprocessor. In Proceedings of the 35th Annual Conference on Design Automation, pages 638-644, San Francisco, CA, June 1998. Association for Computing Machinery.
48. The application of CC to integrated circuits. Technical Report Version 1.2, Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany, July 2002. URL: http://www.bsi.de/zertifiz/zert/interpr/hwiccc12.pdf.
49. Trusted database management system interpretation of the TCSEC (TDI). Technical Report NCSC-TG-021, National Computer Security Center, Fort George G. Meade, MD, April 1991. URL: http://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-021.ps.
50. Clark Weissman. Security controls in the ADEPT-50 time sharing system. In AFIPS Conference Proceedings, Volume 35, 1969 Fall Joint Computer Conference, pages 119-133, Montvale, NJ, USA, 1969. AFIPS Press.