Security evaluation and common criteria

Secure Smart Embedded Devices, Platforms and Applications

Volumn 9781461479154, Issue , 2014, Pages 407-427

  Boswell, Tony ^a  

^a Unit 6   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

APPLICATION CONTEXTS; COMMON CRITERIA; CURRENT DIRECTION; EMBEDDED DEVICE; EMBEDDED-DEVICE SECURITIES; EVALUATION CRITERIA; EVALUATION SCHEME; SECURITY EVALUATION; SOFTWARE APPLICATIONS;

EID: 84949177853     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.1007/978-1-4614-7915-4_18     Document Type: Chapter

References (27)

1. Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and General Model, Version 3.1 Revision 3, CCMB-2009-07-001, July 2009.
2. Common Criteria for Information Technology Security Evaluation, Part 2: Security Functional Components, Version 3.1 Revision 3, CCMB-2009-07-002, July 2009.
3. Common Criteria for Information Technology Security Evaluation, Part 3: Security Assurance Components, Version 3.1 Revision 3, CCMB-2009-07-003, July 2009.
4. Common Methodology for Information Technology Security Evaluation: Evaluation Methodology, v3.1 Release 3, CCMB-2009-07-004, July 2009.
5. Mayes K, Markantonakis K (eds) (2008), Smart Cards, Tokens, Security and Applications, Springer.
6. The Application of CC to Integrated Circuits, version 3.0 revision 1, CCDB-2009-03-002, March 2009 [Online] http://www.commoncriteriaportal.org/supporting/.
7. Requirements to perform Integrated Circuit Evaluations, version 1.0 revision 1, CCDB-2009- 09-001, September 2009 [Online] http://www.commoncriteriaportal.org/supporting/.
8. Application of Attack Potential to Smart Cards, version 2.7 revision 1, CCDB-2009-03-001, March 2009 [Online] http://www.commoncriteriaportal.org/supporting/.
9. Composite product evaluation for Smart Cards and similar devices, version 1.0 revision 1, CCDB-2007-09-001, September 2007 [Online] http://www.commoncriteriaportal.org/supporting/
10. Eurosmart, Security IC Platform Protection Profile, version 1.0, BSI-PP-0035, 15 June 2007, [Online]http://www.commoncriteriaportal.org/files/ppfiles/pp0035b.pdf
11. Government Computer News, Engineer shows how to crack a "secure" TPM chip, [Online] http://gcn.com/articles/2010/02/02/black-hat-chip-crack-020210.aspx, (accessed 2 June 2011)
12. Boswell T, Smart card security evaluation: Community solutions to intractable problems, Information Security Technical Report, Volume 14 issue 2, May 2009, pp57-69.
13. NIST, Security Requirements For Cryptographic Modules, FIPS PUB 140-2, issued 25 May 2001, with change notices as at 12 March 2002 (The original FIPS 140 standard was FIPS 140-1; this was superseded by FIPS140-2, and FIPS 140-3 is in draft at the time of writing. In this chapter, FIPS 140 is used as a general name for the scheme.).
14. NIST, Derived Test Requirements for FIPS PUB 140-2, draft of 4 January 2011.
15. Assurance Continuity: CCRA Requirements, CCIMB-2004-02-009, version 1.0, February 2004, [Online] http://www.commoncriteriaportal.org/files/supplements/2004-02-009.pdf.
16. PaymentCard Industry (PCI), PINTransaction Security (PTS) Point of Interaction (POI) Modular Security Requirements, version 3.0,April 2010, [Online] https://www.pcisecuritystandards.org/documents/pci-pts-poi-sr.pdf.
17. Payment Card Industry (PCI), PIN Transaction Security (PTS) Point of Interaction (POI) Modular Evaluation Vendor Questionnaire, version 3.0, April 2010, [Online] https://www.pcisecuritystandards.org/documents/pci-pts-poi-vq.pdf.
18. Common Approval Scheme, Point of Interaction Protection Profile, version 2.0, 26 November 2010, [Online] http://www.ssi.gouv.fr/IMG/certificat/ANSSI-CC-cible-PP-2010-10en.pdf.
19. Information Assurance Directorate, Protection Profile for USB Flash Drives, version 1.0, 1 December 2011, [Online] http://www.niap-ccevs.org/pp/pp-usb-fd-v1.0.pdf.
20. Trusted Computing Group, Trusted Computing Group Protection Profile PC Client specific Trusted Platform Module TPM Family 1.2; Level 2, version 1.1, 10 July 2008, [Online] http://www.commoncriteriaportal.org/files/ppfiles/pp0030b.pdf
21. GlobalPlatform, The Trusted Execution Environment: Delivering Enhanced Security at a Lower Cost to the Mobile Market, February 2011, [Online] http://www.globalplatform.org/documents/GlobalPlatform-TEE-White-Paper-Feb2011.pdf.
22. Global Platform, GlobalPlatform Device Technology TEE Client API Specification, version 0.17, 27 April 2010, [Online] http://www.globalplatform.org/specificationsdevice.asp.
23. ARM, Building a Secure System using TrustZone Technology, issue C, April 2009, [Online] http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C-trustzone-security-whitepaper.pdf.
24. Description of the CMVP, and list of CMVP validated modules, [Online] http://csrc.nist.gov/groups/STM/cmvp/index.html.
25. Mutual Recognition Agreement of Information Technology Security Evaluation Certificates, version 3.0, January 2010, [Online] http://sogisportal.org/.
26. International Common Criteria website, [Online] http://www.commoncriteriaportal.org.
27. PCI Security Standards council website, [Online] https://www.pcisecuritystandards.org.