Panel Discussion: Emerging Issues Between Hardware and Software Evaluations (A30b)
Common Criteria evaluations of HW and SW products present different challenges, such as:
– Attackers of SW TOEs can usually examine the TOE in detail and manipulate it, while HW TOEs often have protection against this.
– Most high assurance evaluations today are done on hardware (or embedded software) and fall outside CCRA recognition, while most evaluations of non-embedded software user lower assurance methods and fall inside CCRA recognition
This panel will discuss these, and other differences between these two types of evaluations.