Re: [STDS-P1619] New use for the Common Criteria found
False assumptions:
* Common Criteria certification == secure product
* Common Criteria (without specific PPs) == accepted by all nations (US
in particular)
* CC helps with global warming...all the tweaks to the assurance
packages result in deforestation and increased carbon dioxide when
previous version are incinerated (proprietary information)
Nice thought though....
-----Original Message-----
From: Luther Martin [mailto:martin@VOLTAGE.COM]
Sent: Tuesday, April 01, 2008 4:33 PM
To: STDS-P1619@LISTSERV.IEEE.ORG
Subject: [STDS-P1619] New use for the Common Criteria found
Fight Global Warming with the Common Criteria
There seems to be an unexpected benefit to Common Criteria
certifications. It appears that they may actually be able to effectively
combat global warming as Luther Martin from Voltage Security explains.
The debate over global warming seems to be getting shriller by the day,
with experts on both sides supporting their positions with scientific
arguments that the average person has almost no hope of fully
understanding. There are even more arcane arguments about what the best
thing to do about it is. Some believe that reducing the amount of carbon
dioxide in the air is the best approach while others argue that there
are better ways to approach the problem, and that public funds can be
better spent on other projects.
There are essentially two ways to reduce the amount of carbon dioxide in
the air: you can either stop adding more or you can find a way to take
some out. Planting more trees is an easy way to remove carbon dioxide
from the air because the cellulose fibers and the other components of
wood are made from carbon dioxide that trees get from air. In the
language that's used to discuss global warming, trees are a carbon
dioxide "sink." Some businesses even promise to take advantage of this
fact by planting additional trees to offset any emissions that their
operations create. The information security industry may have its own
way to take advantage of this, and it relates to the Common Criteria.
Buying security products can be tricky because you can't always tell if
they're working or not. If you have an intrusion detection system
running, for example, you know that you're going to have false alarms as
well as missing some real intrusion attempts, and those missed attacks
can cause trouble. You can hope to get the number of such missed attacks
down to an acceptable level, but you'll never really know how many you
missed. With spam filtering you have a similar trade-off between
mislabeling legitimate e-mail as spam and letting spam sneak through
your filter, and unless you check the list of messages that have been
identified as spam on a regular basis, you'll never know how many
messages were mislabeled.
If a vendor claims that their spam filtering technology only
misidentifies 0.01 percent of legitimate e-mail as spam while catching
99.99 percent of all spam, you might be inclined to think that they got
this estimate under laboratory conditions that may not reflect the
real-world. On the other hand, if an independent testing laboratory
comes up with the same estimate, you'd probably be more inclined to
believe it. So one good way to work around the problem of the unknown
quality of security products is to have an independent third-party test
them and certify them as being good in some way. Doing this helps both
security vendors and their customers. The vendors benefit from the trust
that comes with such a certification as well as the shorter sales cycle
that it can bring. Their customers benefit by the reduced effort
required to test the products before buying them.
On the other hand, too many certifications can also be a problem.
Getting products certified is expensive and time-consuming, so vendors
certainly don't want to do separate certifications for each country or
for each industry segment. So from the point of view of security
vendors, the Common Criteria is very useful. As its name tells us, it's
supposed to be a single standard that's widely accepted. So by getting
their products Common Criteria certified, vendors only need to get a
single certification rather than needing to get many different
certifications.
But the Common Criteria uses a very generalized definition of a product
that includes lots of additional specialized documentation that has
little or no relevance to the actual security provided by the product.
These documents are almost impossible for a non-specialist to get
correct, and most of the time and effort spent on a Common Criteria
certification is spent getting these documents just right. And because
these documents are considered part of the product from the Common
Criteria point of view, supporters of the Common Criteria can point to
the errors that occur in these documents as proof that evaluations
virtually always uncover "flaws" in security products. This is
definitely not the kind of standard that security vendors or their
customers would develop on their own, and it really doesn't provide the
type information that most customers find useful.
Because products (at least as most people would define it - which does
not include this specialized documentation) almost never changes during
the evaluation process, being Common Criteria certified doesn't really
give customers much useful information about the product that they might
buy - it just verifies that lots of unnecessary paperwork was completed.
Because of this, customers still need to do additional security testing
of products that are Common Criteria certified, which eliminates one of
the key advantages that a certified product is supposed to provide. On
the other hand, the unnecessary paperwork created by a Common Criteria
evaluation provides an additional benefit: it helps to fight global
warming.
The reams of paper that are used for the Common Criteria documents come
from trees, which are great carbon dioxide sinks. So the extra
documentation that the Common Criteria process requires may actually
have a beneficial side effect: the paper that's used for the Common
Criteria documentation binds up carbon that came from carbon dioxide in
the air, making it unavailable as a greenhouse gas that can contribute
to global warming. Note that you just need to print these documents to
get this advantage; you should feel lucky that you don't actually have
to read them.