Next-Generation Tooling to Develop Protection Profiles, Automate Security Target Generation, and Support Evaluation Activity Reporting (A23b)
The speakers will showcase tooling that is freely available to the Common Criteria community on GitHub at https://github.com/commoncriteria. Major contributions include: (1) Development of a formally-defined XML schema that provides structure for Protection Profiles. Use of the schema enables collaborative development of Protection Profiles through the use of the Git versioning system, and also makes all document changes fully transparent on GitHub. The schema also enables Protection Profiles to be viewed as web pages, creating a more dynamic document experience. Nearly a dozen Protection Profiles have already been produced or transitioned to this schema, including General Purpose Operating System, Application Software, Wireless Intrusion Detection System, and Mobile Device Fundamentals. (2) Automated generation of Security Targets becomes possible when Protection Profiles are structured according to a well-defined schema. They will demonstrate automated generation of Security Targets, which spares countless hours of tedium while ensuring the greatest fidelity between PPs and STs. (3) Structured identification of evaluation activities in Protection Profiles is necessary for meaningful interaction with external tooling. We will show how test automation efforts can leverage the interfaces provided in the XML schema, and how this will advance test automation efforts.