ICCC18 Conference Agenda Archive

The following is an archive of the agenda for ICCC18, held 30 October – 1 November in Amsterdam, The Netherlands. Additional information can be found under “About ICCC>ICCC18 Archive”

Tuesday 30 October

Networking Sponsor

08:00 - 09:00 Registration

Ballroom Foyer

09:00 - 10:15 Plenary Keynote Session

Ballroom A-C

09:15 Security Certification in the Age of Digital Transformation (P10b) Eric Baize, Vice President, Product & Application Security, Dell, United States

09:45 Spearheading Cooperation in the EU Cybersecurity Certification Framework (P10c) Steve Purser, Head of Core Operations Department, European Union Agency for Network and Information Security (ENISA), Germany

10:15 - 11:00 Networking Break in Exhibits

Orange Room 3-6

11:00 - 13:00 Plenary Conference Session

Ballroom A-C

11:00 CCDB Update (P11a) David Martin, UK IT Security Evaluation and Certification Scheme, United Kingdom
11:20 CCUF Update (P11b) Fiona Pattinson, VP, atsec information security & Chair, CCUF, United States
11:40 CCRA Management Committee Update (P11c) Dag Stroman, Chair CCRA Management Committee, Sweden
12:00 Panel Discussion: The Revision of ISO/IEC 15408, 18045 and the TR22216 (P11d) Moderator: Miguel Bañón, Chair, Convenor, ISO/IEC JTC 1/SC 28/WG 3, Spain. Panelists include members of the ISO technical editorial team: Elżbieta Andrukiewicz, KSO3C Project Manager, National Institute of Telecommunications, Instytut Łączności, Poland; Tony Boswell, Senior Principal Consultant, DNV GL, United Kingdom; Dietmar Bremser, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; Carolina Lavatelli, CTO & Founder, Internet of Trust, France; Kwangwoo Lee, Security Architect, HP Inc; Christian Noetzel, IT Security Consultant & Evaluator, TÜV Informationstechnik GmbH, Germany;  Fiona Pattinson, VP, atsec information security & Chair, CCUF, United States

Additional editorial team members (not on panel): Heebong Choi, Helmut Kurth, Soohyeun Lee, David Martin, Guillaume Tétu

13:00 - 14:00 Lunch in Exhibit Area

Orange Room 3-6

14:00 - 15:30 Track Sessions

Advances in the Use of Common Criteria
(Ballroom A)

14:00 Track Keynote: Why I Care About the Security of Your Car (A12a) Marc Witterman, CEO, Riscure, Netherlands
14:30 Robustness Propagation Through Systems of Heterogeneous CC Components (A12b) Mohamad Hajj, Senior IT Security Consultant & Evaluation/Certification Coordinator, Internet of Trust, France
15:00 Common Criteria as Backbone of IoT Security Certification (A12c) Georg Stütz, Principal Security Certification Expert, NXP Semiconductors, Germany

Meeting Customer Requirements
(Ballroom B)

14:00 Introducing Secure Systems into NATO – the requirements to Common Criteria (M12a) Jan Fanekrog, NATO Communications and Information Agency, Belgium
14:30 Continuous Mobile Application Compliance Using Government Standards (M12b) Angelos Stavrou, DHS S&T Research Performer, Kryptowire, United States; Vincent Sritapan, HSARPA Program Manager, Department of Homeland Security, United States
15:00 Adopting Common Criteria Methodology and Strategies in Malaysia Critical National Information Infrastructure (CNII) (M12c) Muzamir Mohamad, Information Security Consultant, Securelytics Sdn Bhd, Malaysia; Ahmad Zuraimi Mohamad, Common Criteria, Cyber Security, Emerging Technologies, IoT, Securelytics Sdn Bhd, Malaysia

Updates from Schemes and ITCs
(Ballroom C)

14:00 Track Keynote: How Europe’s Cyber Security Act and CCRA Can Be Best Friends (U12a) Matthias Intemann, Federal Office for Information Security – BSI, Germany
14:30 Brexit, the EU Cyber Security Act, and Product Assurance in UK and the EU—An Update (U12b) Simon Milford, Head of Cyber Security, DNV GL, United Kingdom
15:00 Sweden Scheme Update (U12c) Dag Stroman, Swedish Certification Body for IT Security FMV/CSEC, Sweden

15:30 - 16:00 Networking Break in Exhibits

Orange Room 3-6

SPECIAL PRESENTATION
Live Demonstration of IoT Device Hacking (P12d) (Ballroom A) John Boggie, Director, Head of Product Certification, NXP Semiconductors, United Kingdom; Ken Munro, Pentest Partners

16:00 - 17:30 Track Sessions

Advances in the Use of Common Criteria
(Ballroom A)

16:00 Why Composite Evaluations Fail (A13a) Helmut Kurth, Chief Scientist and Laboratory Director, atsec information security, Germany
16:30 A Compositional Certification Methodology For a COTS-Based System (A13b) Alvaro Ortega, Head of Evaluation Area, Epoche and Espri (a DEKRA company), Spain; Sergey Tverdyshev, Director R&T, SYSGO AG, Germany
17:00 Evaluation of Distributed Products in the CC Paradigm (A13c) Richard West, Product Security Certification Engineer, Cisco Systems, United States

Meeting Customer Requirements
(Ballroom B)

16:00 Regulating IT Market with Common Criteria Certifications (M13a) Mehmet Cakir, CEO, BEAM Teknoloji, Turkey

16:30 Using Common Criteria for Procurement: International Procurement Initiatives (M13b) Jose Francisco Ruiz Gualda, Co-founder, jtsec Beyond IT Security, Spain

17:00 EU Cybersecurity Act: the tough part is yet to come! (M13c) Martin Schaffer, Global Head of Secure Products & Systems, SGS Group, Switzerland

Updates from Schemes and ITCs
(Ballroom C)

16:00 IPSA: An Adaptation of Common Criteria for Malaysian Local Market (U13a) Zarina Musa, Evaluator, CyberSecurity Malaysia, Malaysia; Norahana Salimin, Specialist, CyberSecurity Malaysia, Malaysia
16:30 [60MIN] Panel Discussion: The Why and How of Using CC in Private Schemes (U13b) Moderator: Francois Guerin, Security Program Manager, Gemalto; Panelists: Gil Bernabeu, GlobalPlatform, France; Gary Hemmings, Director, Industry Standards, Mastercard, UK; Regine Quentmeier, Bereichsleiterin, SRC Security Research and Consulting, Germany; Katsuya Shimoji, Senior Security Manager FeliCa Networks

17:30 - 19:30 Welcome Reception in Exhibits

19:30 - 21:30 Dine-Around Amsterdam

Wednesday 31 October

08:00 - 09:00 Coffee in The Exhibits

Orange Room 3-6

09:00 - 10:30 Track Sessions

Advances in the Use of Common Criteria
(Ballroom A)

09:00 Introducing the Partner Program Certification Concept (A20a) Roland Atoui, Security Certification Advisor, Certification Secretariat, FIDO Alliance, France
09:30 Basissicherheitszertifizierung (BSZ)—An Alternative Means to Achieve Assurance (A20b) Dr. Helge Kreutzmann, Bundesamt für Sicherheit in der Informationstechnik, Germany
10:00 TEE Certification: Managing Risk for Digital Services (A20c) Gil Bernabeu, GlobalPlatform, France

Meeting Customer Requirements
(Ballroom B)

09:00 Reconciling Security Vulnerabilities within the Common Criteria (M20a) Fabien Deboyser, Certification Engineer, Thales e-Security, United States
09:30 [60MIN] Hypervisor Security—Panel Discussion (M20b) Moderator: Ravi Jagannathan, Security Architect Vsphere./ESXi, VMware, United States; Panelists:Tony Boswell, Senior Principal Consultant, DNV GL; Fritz Bollmann, German Federal Office for Information Security (BSI), Germany; Andrew, Principal Security Specialist, NCSC; Robert Clemons, NIAP, United States;  Mike Grimm, Senior Program Manager, Microsoft, United States

Updates from Schemes and ITCs
(Ballroom C)

09:00 Netherlands Scheme Update (U20a) Rob Huisman, NLNCSA, Netherlands
09:30 NIAP Scheme Update (U20b) Mary Baish, Director, NIAP, United States
10:00 Scheme Update of Japan (U20c) Hitoshi Matsumoto, JISEC IPA JAPAN, Japan

10:30 - 11:00 Networking Break in Exhibits

Orange Room 3-6

11:00 - 12:30 Track Sessions

Advances in the Use of Common Criteria
(Ballroom A)

11:00 Scaling Common Criteria to the Next Level (A21a) Dirk-Jan Out, CEO, Brightsight, Netherlands
11:30 Common? C’mon! (A21b) Gerald Krummeck, Lab Director, atsec information security, Germany
12:00 Multi Assurance Evaluations for Real Products (A21c) Carolina Lavatelli, Chief Technical Officer & Founder, Internet of Trust, France; Georg Stütz, Principal Security Certification Expert, NXP Semiconductors, Germany

Meeting Customer Requirements
(Ballroom B)

11:00 Connected Cars. Security Certification Schemes. (M21a) Jose Emilio Rico, Lab Technical Manager, Epoche and Espri (a DEKRA company), Spain
11:30 Protection Profiles for Smart Home Appliances (M21b) Arnold Abromeit, Senior Security Consultant/Evaluator, TÜV Informationstechnik GmbH (TÜViT), Germany
12:00 Expressing Minimum Security Requirements for Smart Meters in a Protection Profile (M21c) Tony Boswell, Senior Principal Consultant, DNV GL Technical Assurance Laboratory, United Kingdom

Updates from Schemes and ITCs
(Ballroom C)

11:00 The Status of IT Security Evaluation and Standards in China—A Technical Perspective (U21a) Yan Liu, Principal Consultants, atsec China, China; Baofeng Zhang, China Information Technology Security Evaluation Center, China
11:30 The Russian IT Security Certification Scheme: Current Status and New Trends (U21b) Vitaly Varenitsa, Director, Certification and Source Code Analysis Department NPO Echelon, Russia
12:00 Update from ISCI WG (U21c) John Boggie, Director, Head of Product Certification, NXP Semiconductors, United Kingdom

12:30 - 13:30 Lunch in Exhibit Area

Orange Room 3-6

13:30 - 15:00 Track Sessions

Advances in the Use of Common Criteria
(Ballroom A)

13:30 Working Harder: Doing Painful Things With cPPs (A22a) Tony Boswell, Senior Principal Consultant, DNV GL Technical Assurance Laboratory, United Kingdom
14:00 Modular PPs: The Building Blocks of Tomorrow (A22b) Justin Fisher, Senior Security Assurance Engineer, Leidos, United States
14:30 How Much Decomposition is Too Much, The Debate Between Complete PPs and PP-Configurations (A22c) Brian Wood, Device Security Certification Manager, Samsung Electronics, United States

Meeting Customer Requirements
(Ballroom B)

13:30 An Evaluation Methodology with Assurance Levels for Privacy-by-Design (M22a) Quang-Huy Nguyen, ITSEF Manager, Trusted Labs, France
14:00 [60MIN] PP v/s EAL: Where Does Security Assurance Reside? (M22b) Ashit Vora, Lab Director and Co-Founder, Acumen Security, United States; Terrie Diaz, CC Technical Lead, Cisco Systems, United States

Updates from Schemes and ITCs
(Ballroom C)

13:30 CCDB Crypto Working Group Report (U22a) Frank Grefrath, BSI, Germany; Mary Baish, Director, NIAP, United States

14:00 SOG-IS Crypto WG: Objectives, Achievements and Perspectives (U22b) Thomas Hesselmann, BSI, Germany
14:30 Cryptographic Module Users Forum (CMUF) Update (U22c) Matt Keller, Senior Program Manager, Corsec, United States

15:00 - 15:30 Networking Break in Exhibits

Orange Room 3-6
Exhibits Close at 15:30

15:30 - 17:00 Track Sessions

Advances in the Use of Common Criteria
(Ballroom A)

15:30 Full Common Criteria Statistics Report with CC Scraper (A23a) Javier Tallón, Co Founder, jtsec Beyond IT Security, Spain
16:00 [60MIN] Panel Discussion: Next-Generation Tooling to Develop Protection Profiles, Automate Security Target Generation, and Support Evaluation Activity Reporting (A23b) Jeffrey Blank, Technical Director, Endpoint Solutions, NSA Cybersecurity, United States; Robert Clemons, NIAP, United States;

Meeting Customer Requirements
(Ballroom B)

15:30 Verification of Cryptographic Security Functionality in NIAP CCEVS (M23a) Dianne Hale, NIAP, United States
16:00 Ensuring Good Entropy Sources is Not a Random Act (M23b) Kelvin Desplanque, Compliance Engineer, Cisco Systems, Inc, Canada; Rumman Mahmud, Compliance Engineer, Cisco Systems, Inc, United States
16:30 TLS 1.3, the Real Trusted Channel (M23c) Guillermo Garcia Molina, IT Security Evaluator, Epoche and Espri (a DEKRA company), Spain

Updates from Schemes and ITCs
(Ballroom C)

15:30 When cPPs Grow Up: The Challenges of Maintenance (U23a) Michael Vogel, Security Certification Architect , Huawei Technologies, Germany
16:00 Towards Collaborative Protection Profiles for Biometric Systems (U23b) Brian Wood, Device Security Certification Manager, Samsung, United States
16:30 Test Automation Best Practices for CC (U23c) Lachlan Turner, Director Consulting, Lightship Security, Canada

Thursday 1 November

08:00 - 09:00 Coffee

Ballroom Foyer

09:00 - 10:30 Track Sessions

Advances in the Use of Common Criteria
(Ballroom A)

09:00 Connected Cars. What About Security? (A30a) Ignacio Aldarabi Carrillo, IT Security Evaluator, Epoche and Espri (a DEKRA company), Spain

09:30 [60MIN] Panel Discussion: Emerging Issues Between Hardware and Software Evaluations (A30b) Moderator: Dirk-Jan Out, CEO, Brightsight; Panelists: John BoggieDirector, Head of Security Maturity and Certification, NXP Semiconductors; Shawn Geddis,Security & Certifications Engineer Apple; Helmut Kurth, Chief Scientist and Laboratory Director, atsec information security; Dag Ströman, Swedish Certification Body for IT Security FMV/CSEC

Assurance
(Ballroom B)

09:00 Frequently Updated TOEs. Is Continued Assurance Possible? (S30a) Oleg Andrianov, Product Certification Professional, Kaspersky Lab, Russia
09:30 Assurance at the Speed of Development (S30b) Jason Lawlor, President, Lightship Security, Canada
10:00 Dealing with Patch Management in Common Criteria—Lessons Learned from Study Period in SC27 WG3 (S30c) Francois Guerin, Security Program Manager, Gemalto, France

Updates from Schemes and ITCs
(Ballroom C)

09:00 Hard Copy Device Technical Community Update (U30a) Alan Sukert, Product Security Specialist, Xerox, United States
09:30 JEDS – A Community for the Evaluation and Certification of Embedded Devices (U30b) Jürgen Blum, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany
10:00 Reusing ALC Activities—Looking for Efficiency in CC Evaluations: A Success Story (U30c) Gordon Caffrey, Principal Security Manager, NXP Semiconductors, United Kingdom; Jose Ruiz Gualda, jtsec Beyond IT Security, Spain; Rachel Menda-Shabat, Director of Security Certification, Winbond, Israel

10:30 - 11:00 Networking Break

Ballroom Foyer

11:00-12:30 Track Sessions

Advances in the Use of Common Criteria
(Ballroom A)

11:00 Quantum Key Distribution—A New Target for CC Evaluation (A31a) Jiajun Ma, QuantumCTek, China; Ye Teng, QuantumC Tek and the Pennington School; Hongsong Shi, China Information Technology Security Evaluation Center, China; Wei Wei, Research Associate, China Information Technology Security Evaluation Center, China
11:30 Guide for Evaluator in CC Evaluation: Tips and Tricks Malaysia Lab Style (A31b) Ahmad Dahari Jarno, Research Lead, CyberSecurity Malaysia, Malaysia; Ahmad Zuraimi Mohamad, Common Criteria, Cyber Security, Emerging Technologies, IoT, Securelytics Sdn Bhd, Malaysia
12:00 Impact of Technical Decisions on On-Going Evaluations Conforming to NDcPP (A31c) Nithya Rachamadugu, Director, CygnaCom

Assurance
(Ballroom B)

11:00 ePassport High Assurance Evaluations in a Timely Manner (S31a) Olaf Tettero, CTO, Brightsight, Netherlands; Monique Bakker, Sr. Security Evaluator, Brightsight, Netherlands
11:30 Hardware-Enabled AI for Embedded Security: Towards the Highest CC Evaluation Assurance Levels (S31b) Ismail Guedira, Sales & Marketing Engineer Secure-IC, France
12:00 ISCI-WG1: Lean CC and High Assurance—The Java Card Pre-Compiled Evidence Project (S31c) Monique Bakker, Sr. Security Evaluator, Brightsight, Netherlands; Wouter Slegers, CEO, TrustCB, Netherlands

Updates from Schemes and ITCs
(Ballroom C)

11:00 Network Device iTC Update (U31a) Terrie Diaz, Product Certification Engineer, Cisco, United States
11:30 JTEMS—A Payment Scheme Independent Framework for POI Terminal Specific Security Evaluations Based on Common Criteria (U31b) Sven-Martin Hühne, SRC Security Research & Consulting, Germany
12:00 Status and Overview of the DSC iTC (U31c) Shawn Pinet, Senior Security & Certifications Analyst, Gemalto, Canada

12:30 - 13:00 Networking Break

Ballroom Foyer

13:00 - 14:00 Closing Plenary Session

Ballroom A-C

Summary Panel Discussion: The EU Cybersecurity Act (P32a) Moderator: Martin Chapman, Director of Standards Strategy and Policy for EMEA, Oracle Panelists: Ioannis Askoxylakis, Cybersecurity Officer, European Commission; Thomas Ben, Security Specialist, ITSEF Manager THALES, France; Chris Gow, Director, EU Public Policy, Government Affairs Cisco Systems; Matthias Intemann, Federal Office for Information Security – BSI, Germany; Martin Schaffer, Global Head of Secure Products & Systems, SGS Group, Switzerland

Synthesizing three days of information presented at this year’s ICCC, panelists from labs, regulators, schemes, and product developers will present a forward-looking discussion on anticipated affects of the EU Cybersecurity Act, with opportunities for audience questions and comments.

The conference will conclude with the announcement of the 2019 International Common Criteria Conference.

14:00 Adjourn