مؤتمر
Incremental Common Criteria certification processes using DevSecOps practices
| العنوان: | Incremental Common Criteria certification processes using DevSecOps practices |
|---|---|
| المؤلفون: | Sébastien Dupont, Guillaume Ginis, Mirko Malacario, Claudio Porretti, Nicolò Maunero, Christophe Ponsard, Philippe Massonet |
| المساهمون: | Dupont, Sébastien, Ginis, Guillaume, Malacario, Mirko, Porretti, Claudio, Maunero, Nicolò, Ponsard, Christophe, Massonet, Philippe |
| بيانات النشر: | Institute of Electrical and Electronics Engineers Inc. |
| سنة النشر: | 2021 |
| المجموعة: | PORTO@iris (Publications Open Repository TOrino - Politecnico di Torino) |
| مصطلحات موضوعية: | common, criteria, devop, devsecop, certification, incremental, security, cybersecurity |
| الوصف: | The growing digitalisation of our economies and societies is driving the need for increased connectivity of critical applications and infrastructures to the point where failures can lead to important disruptions and consequences to our lives. One growing source of failures for critical applications and infrastructures originates from cybersecurity threats and vulnerabilities that can be exploited in attacks. One approach to mitigating these risks is verifying that critical applications and infrastructures are sufficiently protected by certification of products and services. However, reaching sufficient assurance levels for product certification may require detailed evaluation of product properties. An important challenge for product certification is dealing with product evolution: now that critical applications and infras- tructures are connected they are being updated on a more frequent basis. To ensure continuity of certification, updates must be analysed to verify the impact on certified cybersecurity properties. Impacted properties need to be re-certified. This paper proposes a lightweight and flexible incremental certification process that can be integrated with DevSecOps practices to automate as much as possible evidence gathering and certification activities. The approach is illustrated on the Common Criteria product certification scheme and a firewall update on an automotive case study. Only the impact analysis phase of the incremental certification process is illustrated. |
| نوع الوثيقة: | conference object |
| وصف الملف: | ELETTRONICO |
| اللغة: | English |
| العلاقة: | info:eu-repo/semantics/altIdentifier/wos/WOS:000783965100002; ispartofbook:2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Proceedings; 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW); firstpage:12; lastpage:23; numberofpages:12; info:eu-repo/grantAgreement/EC/H2020/corda__h2020::b0bc5e626dc42bb8a003fe0c76123879; http://hdl.handle.net/11583/2924232Test; info:eu-repo/semantics/altIdentifier/scopus/2-s2.0-85119056550; https://ieeexplore.ieee.org/document/9583720Test |
| DOI: | 10.1109/EuroSPW54576.2021.00009 |
| الإتاحة: | https://doi.org/10.1109/EuroSPW54576.2021.00009Test http://hdl.handle.net/11583/2924232Test https://ieeexplore.ieee.org/document/9583720Test |
| حقوق: | info:eu-repo/semantics/openAccess |
| رقم الانضمام: | edsbas.3FBAF830 |
| قاعدة البيانات: | BASE |
| DOI: | 10.1109/EuroSPW54576.2021.00009 |
|---|