Chain of Trust: Unraveling References Among Common Criteria Certified Products

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F24%3A00136610" target="_blank" >RIV/00216224:14330/24:00136610 - isvavai.cz</a>

Výsledek na webu

<a href="https://link.springer.com/chapter/10.1007/978-3-031-65175-5_14" target="_blank" >https://link.springer.com/chapter/10.1007/978-3-031-65175-5_14</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-031-65175-5_14" target="_blank" >10.1007/978-3-031-65175-5_14</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Chain of Trust: Unraveling References Among Common Criteria Certified Products

Popis výsledku v původním jazyce

With 5394 security certificates of IT products and systems, the Common Criteria for Information Technology Security Evaluation have bred an ecosystem entangled with various kind of relations between the certified products. Yet, the prevalence and nature of dependencies among Common Criteria certified products remains largely unexplored. This study devises a novel method for building the graph of references among the Common Criteria certified products, determining the different contexts of references with a supervised machine-learning algorithm, and measuring how often the references constitute actual dependencies between the certified products. With the help of the resulting reference graph, this work identifies just a dozen of certified components that are relied on by at least 10% of the whole ecosystem – making them a prime target for malicious actors. The impact of their compromise is assessed and potentially problematic references to archived products are discussed.

Název v anglickém jazyce

Chain of Trust: Unraveling References Among Common Criteria Certified Products

Popis výsledku anglicky

With 5394 security certificates of IT products and systems, the Common Criteria for Information Technology Security Evaluation have bred an ecosystem entangled with various kind of relations between the certified products. Yet, the prevalence and nature of dependencies among Common Criteria certified products remains largely unexplored. This study devises a novel method for building the graph of references among the Common Criteria certified products, determining the different contexts of references with a supervised machine-learning algorithm, and measuring how often the references constitute actual dependencies between the certified products. With the help of the resulting reference graph, this work identifies just a dozen of certified components that are relied on by at least 10% of the whole ecosystem – making them a prime target for malicious actors. The impact of their compromise is assessed and potentially problematic references to archived products are discussed.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2024

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

ICT Systems Security and Privacy Protection. SEC 2024. IFIP Advances in Information and Communication Technology

ISBN

9783031651748

ISSN

1868-4238

e-ISSN

—

Počet stran výsledku

15

Strana od-do

191-205

Název nakladatele

Springer Nature Switzerland

Místo vydání

Cham

Místo konání akce

Edinburgh, UK

Datum konání akce

12. 6. 2024

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

001299944000014