High Assurance Evaluations of Software-Only TOES (A21c)
High assurance evaluation of TOEs not included in known technical domains (Smartcards or security boxes) faces the additional challenge of creating evaluation, attack, and test methodologies. These challenges are greater when only part of the product is in the scope of the evaluation, such as in software-only TOEs. Developer support is key for creating the appropriate test environment and tools. This talk presents the attack methodology agreed upon with the certifier for a TEE (Trusted Execution Environment) device.