For high security ICs, a security evaluation by an independent institution is of great importance to strengthen the confidence in the security of the product. Common Criteria (CC) is a widely used evaluation method for security products. In many countries, CC evaluations are required by law for certain IT products. For high assurance, CC requires a formal model of the implemented security policies. We show how such a formal security policy model based on temporal logic and model checking can be developed for the real world evaluation of a Security IC. We argue that temporal logics and model checking is suitable for the formal requirements of a CC Evaluation Assurance Level 6 evaluation, because models and security requirements can be developed by anybody with moderate knowledge of formal methods. Additionally, proofs (or refutations) are generated automatically.
Protocol describes a cascade of formalised standards or agreements to be implemented as control regimes for flexible material and/or semiotic organisation. It predictably structures in an often layered, sometimes hierarchical way the behaviours of data and objects to participate in infrastructural networks. While 'protocol' may refer specifically to Internet protocols, it also describes a mode of organisation evident in a variety of technical and non-technical settings.
Issue 1This article belongs to the Glossary of decentralised technosocial systems, a special section of Internet Policy Review.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.