Your System is Secure? Prove it!

Computer security is an old problem which has lost none of its relevance — as is evidenced by the annual Security issue of ;login:. The systems research community has increased its attention to security issues in recent years, as can be seen by an increasing number of security-related papers published in the mainstream systems conferences SOSP, OSDI, and USENIX. However, the focus is primarily on desktop and server systems.

I have argued two years ago in this place that security of embedded systems, whether mobile phones, smart cards, or automobiles, is a looming problem of even bigger proportions, yet there does not seem to be a great sense of urgency about it. Although there are embedded operating-system (OS) vendors working on certifying their offerings to some of the highest security standards, those systems do not seem to be aimed at, or even suitable for, mobile wireless devices.

Establishing OS Security

The accepted way for establishing system security is through a process called assurance. Assurance examines specification, design, implementation, operation, and maintenance of a system.

The most widely used assurance process is the international standard called the Common Criteria for IT Security Evaluation, or Common Criteria (CC) for short. CC evaluation is performed against a protection profile (PP), which represents a standardized set of security properties the system under evaluation is expected to meet. The idea is that purchasers of IT systems define their security requirements through a PP (or a combination of PPs) and can then select any system that is certified to match that PP.