At 10:07 AM 9/28/2014, Paul Koning wrote:
On Sep 28, 2014, at 7:00 AM, Dave G4UGM <dave.g4ugm
at gmail.com> wrote:
Liam,
He probably can't say. However I still don't
think CC security evaluation
is anything like a
mathematical proof the program works as
specified, it is also very expensive and time consuming
Common Criteria evaluations are performed by
commercial labs, so there's no reason to not say.
(i.e. it's not classified. Usually.) Unless the
vendor specifically put the lab under NDA, but
that'd be pretty unusual. Most of the time the
vendors want the fact that they're under evaluation to be public.
CC evaluation comes in different levels of
rigor. I?ve done EAL2. That involves high
level specs, design reviews, and testing. EAL4
adds substantially more design specs and source
code review. I don?t remember the detailed
rules for EAL7, but I?m pretty sure it includes
formal specifications and formal analysis of the code.
That's correct. You can't get to EAL7 without a
formal security model that has been rigorously
validated. (And a lot of other stuff: hight and
low level design, covert channel analysis, code
tracability, secure distribution, and a whole lot more.)
Now, the security model may be trivial, making it
easy to evaluate. For example, a company has a
EAL7 evaluated "data diode" that allows data to
flow in only one direction. (It's a very
expensive optoisolator.) That wasn't a big deal,
but that's how you build reliable, secure systems
- start with simple components that can be proven
to work correctly, then build upon that.
https://www.commoncriteriaportal.org/iccc/7iccc/t1/t1210900.pdf
An EAL7 general purpose OS isn't likely to happen.
Yes, I can say; I learned about it from the
supplier?s press release. It?s Lynx OS.
That's a separation kernel, and was designed from
the beginning to be modeled. I don't think it's
ever been actually evaluated at EAL7, just
"designed to be evaluated". EAL4 with
augmentation is as far as I think they've ever
gotten. Just waiting for the customer to drive the requirement.
I've worked on both sides of the Common Criteria
fence - as a vendor with a product being
evaluated, and as a validator performing
oversight of several commercial labs performing evaluations.
https://www.google.com/?gws_rd=ssl#q=murphy+site:commoncriteriaportal.org
-Rick