Cryptographic Modules, Security Levels
Common Criteria
Protection Profile
Trusted Execution Environment
Method of Evaluation
Evaluation Assurance Level (EAL)
TCSEC
Purpose of Evaluation
Functionality
EAL 1
Security Target
Assurance
ITSEC
Target of Evaluation
EAL 7
Functionally tested.
Product/System has the security properties claimed, is suitable for a given application, and is accredited.
An international set of specifications and guidelines designed to evaluate information security products and systems.
Security evaluation criteria for US Defense sector.
An example of Data Protection, Protection Profile.
Implementation-dependent statement of security needs for a specific identified TOE.
Evaluation should not miss problems / different evaluations of the same product should give the same results.
A reusable set of security requirements.
European security evaluation criteria separating functionality and assurance.
System provides adequate for meeting a user's concrete security requirements.
formally verified, designed and tested.
The security services have been implemented properly so that the user can rely on them.
Defines what has to be done in an evaluation.
Software has to meet generic security requirements; OR system meets specific security requirements of a given application.
An example of a Trusted Computing Protection Profile.