Security Evaluation of Existing IT Systems under the Common Criteria at Levels above EAL4

Things don't always go the way we planned. Sometimes even well-engineered systems suffer devastating failures in practice. This talk describes the history and some important events leading up to the failure of a large computer system designed for handling classified information to achieve Common Criteria (CC) security evaluation in 2006.

The software worked brilliantly; what failed was the certification process. There are numerous Certification and Accreditation (C&A) programmes to choose from; this talk will cover only two: firstly, the international Common Criteria for Information Technology Security Evaluation ('the Common Criteria'); and secondly, a related US government standard referred to as DCID 6/3.

Why did this particular security evaluation fail? I will describe my research toward finding the causes of and a cure for the problem of prohibitively expensive security C&A for national security systems.