Závěrečná práce: Lyubov Laurenyuk: Analysis and search for problematic certificates in Common Criteria
Bakalářská práce
Analysis and search for problematic certificates in Common Criteria
Anotace
Tato bakalářská práce analyzuje certifikace Common Criteria (CC) a vybrané certifikace FIPS 140 s cílem identifikovat případy, kdy jejich veřejně dostupná dokumentace naznačuje bezpečnostně relevantní omezení nebo nejednoznačnosti. S využitím ekosystému sec-certs, open-source frameworku pro sběr a analýzu artefaktů bezpečnostních certifikací, práce kombinuje automatizované vyhledávání v certifikačních …více
Abstract
This thesis analyzes Common Criteria (CC) and selected FIPS 140 certificates with the goal of identifying cases where their public documentation suggests security-relevant limitations or ambiguities. Using the sec-certs ecosystem, an open-source framework for collecting and analyzing security certification artifacts, it combines automated search in certification artifacts with manual analysis of selected …více
Zadání práce
The main goal for the student in this project is to identify so-called problematic certificates, primarily in the Common Criteria scheme but potentially in FIPS 140 as well. As problematic certificates, we consider those that suggest there may be underlying common-sense security issues in the certified products, even though they are certified.
There were several problematic certificates even before the work on this thesis started. For example, consider the following two certificates :
- Hikvision Network Camera Series: https://www.commoncriteriaportal.org/files/epfiles/SERTIT-115 Hikvision CR v1.0.pdf
Problem: A secure IP camera is evaluated as secure under the assumption that the network interface is secure. That suggests the network certificate may be insecure. - Samsung IC (ANSSI-CC-2022/09, certificate in French) with potentially misconfigured memory protection rights.
Problem: The certificate contains the following text: "The evaluation is based on the evaluation results of this same product certified on October 8, 2021, under the reference ANSSI-CC-2021/47, see [CER]. It corresponds to an evaluation with scope reduction following the identification of vulnerability.". This suggests that the product covered by the previous certificate may contain a vulnerability.
In particular, the following tasks should be executed within the project:
- Analyze existing problematic certificates and the root issues of their problems.
- Search for new problematic certificates using the search tooling developed within the sec-certs project. For all newly identified problematic certificates, assess the nature of the issues, their potential practical impact, and speculate on their root causes.
- Moreover, for all problematic certificates, classify them into distinct issue categories (i.e., certificates affected by similar security issue shoudl be grouped together).
- Optionally, the student will search for problematic certificates by analyzing unexpected modifications in them over time.
25. 5. 2026 10:47, Lukasz Michal Chmielewski, PhD, učo 247858
Práce na příbuzné téma
Seznam prací, které mají shodná klíčová slova.
-
Improving text and certification metadata extraction in sec-certs
Bc. Jakub Borský, učo 536361 -
Enhancing Common Criteria Certificate Analysis with Semantic Segment Search
Mgr. Dominik Macko -
Adding support for European Cybersecurity Certifications in sec-certs
Ing. Tadeáš Kachyňa, učo 553638 -
Evaluating LLM configurations for optimal chat performance in sec-certs
Bc. Yuliia Teslia -
Gaining insights in the security certifications ecosystem using sec-certs
Mgr. Vladimír Peňáz -
Data analysis of the Common Criteria certificates
Mgr. Jiří Michalík -
Analytics and dashboarding support for sec-cert.org project
Ing. David Valecký -
Analytics and dashboarding support for sec-cert.org project
Ing. David Valecký




