VAX architecture reference manual
VAX architecture reference manual
A Retrospective on the VAX VMM Security Kernel
IEEE Transactions on Software Engineering
Safeware: system safety and computers
Safeware: system safety and computers
Test program generation for functional verification of PowerPC processors in IBM
DAC '95 Proceedings of the 32nd annual ACM/IEEE Design Automation Conference
DAC '98 Proceedings of the 35th annual Design Automation Conference
On the role of formal methods in security
Information Processing Letters - Special issue in honor of Edsger W. Dijkstra
Java Card Technology for Smart Cards: Architecture and Programmer's Guide
Java Card Technology for Smart Cards: Architecture and Programmer's Guide
Logical Verification of the NVAX CPU Chip Design
ICCD '92 Proceedings of the 1991 IEEE International Conference on Computer Design on VLSI in Computer & Processors
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Thirty Years Later: Lessons from the Multics Security Evaluation
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Information Security: Science, Pseudoscience, and Flying Pigs
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Program confinement in KVM/370
ACM '77 Proceedings of the 1977 annual conference
Design principles for tamper-resistant smartcard processors
WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology
Tamper resistance: a cautionary note
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Hardware aspects of secure computing
AFIPS '70 (Spring) Proceedings of the May 5-7, 1970, spring joint computer conference
Security controls in the ADEPT-50 time-sharing system
AFIPS '69 (Fall) Proceedings of the November 18-20, 1969, fall joint computer conference
Hi-index | 0.00 |
Four Common Criteria Certification agencies fromFrance, Germany, the Netherlands and the UK have developeda concept of composite evaluations in which softwareevaluators would not receive the full hardware EvaluationTechnical Report (ETR), but instead would onlyreceive an abbreviated ETR-lite. While ETR-lite is acceptableat low assurance levels, this paper argues thatat high assurance levels, such an abbreviated report violatesthe basic principles of systems engineering and highassurance evaluation, and demonstrates that serious undetectedsecurity vulnerabilities can be the result. Thepaper recommends that additional information flow betweenhardware evaluators and software developers andevaluators is crucial for high assurance evaluation to succeed.