Další formáty:
BibTeX
LaTeX
RIS
@inproceedings{2420157,
author = {Janovský, Adam and Chmielewski, Lukasz Michal and Švenda, Petr and Jančár, Ján and Matyáš, Václav},
address = {Cham},
booktitle = {ICT Systems Security and Privacy Protection. SEC 2024. IFIP Advances in Information and Communication Technology},
doi = {http://dx.doi.org/10.1007/978-3-031-65175-5_14},
edition = {volume 710},
editor = {Nikolaos Pitropakis, Sokratis Katsikas, Steven Furnell, Konstantinos Markantonakis},
keywords = {security certification; Common Criteria; FIPS 140; security evaluation},
howpublished = {elektronická verze "online"},
language = {eng},
location = {Cham},
isbn = {978-3-031-65175-5},
pages = {191-205},
publisher = {Springer Nature Switzerland},
title = {Chain of Trust: Unraveling References Among Common Criteria Certified Products},
url = {https://link.springer.com/chapter/10.1007/978-3-031-65175-5_14},
year = {2024}
}
TY - JOUR
ID - 2420157
AU - Janovský, Adam - Chmielewski, Lukasz Michal - Švenda, Petr - Jančár, Ján - Matyáš, Václav
PY - 2024
TI - Chain of Trust: Unraveling References Among Common Criteria Certified Products
PB - Springer Nature Switzerland
CY - Cham
SN - 9783031651755
KW - security certification
KW - Common Criteria
KW - FIPS 140
KW - security evaluation
UR - https://link.springer.com/chapter/10.1007/978-3-031-65175-5_14
N2 - With 5394 security certificates of IT products and systems, the Common Criteria for Information Technology Security Evaluation have bred an ecosystem entangled with various kind of relations between the certified products. Yet, the prevalence and nature of dependencies among Common Criteria certified products remains largely unexplored. This study devises a novel method for building the graph of references among the Common Criteria certified products, determining the different contexts of references with a supervised machine-learning algorithm, and measuring how often the references constitute actual dependencies between the certified products. With the help of the resulting reference graph, this work identifies just a dozen of certified components that are relied on by at least 10% of the whole ecosystem – making them a prime target for malicious actors. The impact of their compromise is assessed and potentially problematic references to archived products are discussed.
ER -
JANOVSKÝ, Adam, Lukasz Michal CHMIELEWSKI, Petr ŠVENDA, Ján JANČÁR a Václav MATYÁŠ. Chain of Trust: Unraveling References Among Common Criteria Certified Products. Online. In Nikolaos Pitropakis, Sokratis Katsikas, Steven Furnell, Konstantinos Markantonakis. \textit{ICT Systems Security and Privacy Protection. SEC 2024. IFIP Advances in Information and Communication Technology}. volume 710. Cham: Springer Nature Switzerland, 2024, s.~191-205. ISBN~978-3-031-65175-5. Dostupné z: https://dx.doi.org/10.1007/978-3-031-65175-5\_{}14.
|
