Standardizing essential Security Requirements for Separation Kernels
It was quite refreshing to travel to still early spring Trondheim (Norway) from almost summer Rhein-Main valley (Germany). Located in Trondheim Thales Norway and Norwegian University of Science and Technology (NTNU) have hosted the last bi-annual Common Criteria¹ Users Forum (CCUF²) from April 24 – 26.
I have represented the certMILS project and the MILS Community. The consortium of the certMILS project is developing a modular protection profile for separation kernels. A protection profile defines a set of security functionalities and assurance claims for a class of products. I have presented the Essential Security Requirements for Separation Kernels on April 24 during the main track for 100+ present security experts at the CCUF.
On the next day, I have lead a workshop initiating an international technical community for developing a modular protection profile. This workshop has been attended by several separation kernel vendors, security evaluation labs, security certification authorities, SoC design vendors, and system integrators who are the end-users of separation kernels. The workshop went well and we could quickly converge on the main definitions, roles, security objectives, disambiguate between separation and virtualisation, discuss the most relevant topics for each partner, and define next steps. After the workshop we have been approached by a number of other CCUF participants and had very interesting exchanges.
The next step for the certMILS project is to present a draft of the protection profile at the International Common Criteria Conference 2018 or at the autumn CCUF meeting in Amsterdam from October 30 to November 1, 2018.
If you would like to contribute, just join the MILS Community and/or visit the next “International Workshop on MILS: Architecture and Assurance for Secure Systems” in Luxembourg on June 25, 2018.
 Common Criteria (ISO 15408) is a standard for security evaluation of IT products, A typical certified product is a smart card, operating system, mobile devices, network devices, networked printers, gateways/firewalls.
 Common Criteria User Forum (CCUF) is the main forum for discussing technical topics of applying Common Criteria (ISO 15408), improvement and development of various protection profiles driven by the community consisting of vendors, end-users, security evaluation labs, and representatives from the national security authorities.