[Cryptography Team] Common Criteria Documentation...

Kyle Hamilton aerowolf at gmail.com
Wed Oct 18 00:07:45 UTC 2006 

I've updated it with my comments.

Since the system is written in itself (and runs inside itself), there
are several things in the PP that require redesigning very large parts
of the system.  We need at least one VM hacker on this list to
evaluate the feasability of some of the needed changes.

Note: The current wiki system is probably not going to be sufficient
for long-term usage.  Part of the EAL that we need to meet includes
positive authorized user identification for all changes to the
configuration... and since documentation (and an audit trail and
history) will be a major part of proving our case to the assurance
labs, I'm thinking that we should treat it as part of the
configuration.  We'll need individual usernames and passwords for the
modifications until we get X.509/PKI up and running, then we'll
possibly be able to use PK crypto certificates for authentication.

I'll leave it up to Krishna to determine the actual policy and
implementation, since he's got formal validation experience.  I just
know what I've read in the CC PDFs and the single-layer OS/moderate
environment document, and I'm interpreting it in the most secure (and
most trust-pessimistic) manner that I can.

Here's hoping that we get at least one validation out of this in the end. :)

-Kyle H

On 10/17/06, Krishna Sankar <ksankar at doubleclix.net> wrote:
> Have started to put the task list and notes in our cryptography Wiki page at
> http://minnow.cc.gatech.edu/squeak/5776.
>
> For now, the cc information is at the end of the cryptography page. As we
> add more details and get a fix on the organization, we can start a set of
> new pages.
>
> Kyle, can you pl add your notes and observations ? Thanks.
>
> Cheers
> <k/>
>
> > -----Original Message-----
> > From: cryptography-bounces at lists.squeakfoundation.org
> > [mailto:cryptography-bounces at lists.squeakfoundation.org] On
> > Behalf Of Krishna Sankar
> > Sent: Tuesday, October 17, 2006 9:46 AM
> > To: Ron at USMedRec.com; 'Cryptography Team Development List'
> > Subject: RE: [Cryptography Team] Common Criteria Documentation...
> >
> > > http://code.google.com/p/squeak-cc-validation/ = Validation
> > > documentation, plan and test results, bug tracking.  This
> > should not
> > > hold code.
> > <KS>
> >
> >       I would prefer to hold the validation documentation,
> > plan and test results in a Wiki. That way we have built-in
> > revision control as well as history tracking. In that sense
> > the Google projects do not help us.
> >
> >       The bug tracking in Google projects is fine.
> >
> > </KS>
> >
> > > -----Original Message-----
> > > From: cryptography-bounces at lists.squeakfoundation.org
> > > [mailto:cryptography-bounces at lists.squeakfoundation.org] On
> > Behalf Of
> > > Ron Teitelbaum
> > > Sent: Tuesday, October 17, 2006 9:34 AM
> > > To: 'Cryptography Team Development List'
> > > Subject: RE: [Cryptography Team] Common Criteria Documentation...
> > >
> > > I thought the idea was to us SVN for those documents?  If more is
> > > needed let's just use the wiki that is part of
> > > www.squeaksource.com/Cryptography
> > >
> > > It's not a full wiki in that it doesn't appear to support
> > file uploads
> > > but that what I thought the google source was for.
> > >
> > > Can we map out what our requirements are and what our current
> > > resources are for meeting those requirements, then we can
> > look at what
> > > more we need.
> > >
> > > What I see is:
> > >
> > > www.squeaksoruce.com/Cryptography = Code Repository and limited wiki
> > >
> > > http://code.google.com/p/squeak-cc-validation/ = Validation
> > > documentation, plan and test results, bug tracking.  This
> > should not
> > > hold code.
> > >
> > > cryptography at lists.squeakfoundation.org is our mailing list.
> > >
> > > Ron
> > >
> > > > -----Original Message-----
> > > > From: cryptography-bounces at lists.squeakfoundation.org
> > > > [mailto:cryptography-bounces at lists.squeakfoundation.org] On
> > > Behalf Of
> > > > Krishna Sankar
> > > > Sent: Tuesday, October 17, 2006 11:11 AM
> > > > To: 'Cryptography Team Development List'
> > > > Subject: RE: [Cryptography Team] Common Criteria Documentation...
> > > >
> > > > Kyle,
> > > >
> > > >   Can you see if you have the SVN write access ?
> > > > All,
> > > >   Just as FYI, we need gmail address to become part of the Google
> > > > project and it has no Wiki. Any thoughts on the Wiki for us to
> > > > document the functionalities and the results of
> > > development/testing ?
> > > >
> > > > Cheers
> > > > <k/>
> > > >
> > > > > -----Original Message-----
> > > > > From: cryptography-bounces at lists.squeakfoundation.org
> > > > > [mailto:cryptography-bounces at lists.squeakfoundation.org]
> > > On Behalf
> > > > > Of Kyle Hamilton
> > > > > Sent: Monday, October 16, 2006 8:33 PM
> > > > > To: Cryptography Team Development List
> > > > > Subject: [Cryptography Team] Common Criteria Documentation...
> > > > >
> > > > > I found the Google Code project that Krishna started, and
> > > uploaded
> > > > > the Common Criteria documentation I found (in PDF
> > > > > form) to it as an issue.
> > > > >  Unfortunately, I don't have SVN write access, and I
> > > don't know how
> > > > > to get it either.
> > > > >
> > > > > After reading it, I realized that it /IS/ a good idea
> > for anyone
> > > > > starting on CC validation to read it before they start.  It's
> > > > > important to realize what it is, and what the goals
> > must be.  (As
> > > > > well, it also helps customers -- that'd include you, Ron --
> > > > > understand what the various validation levels are, and
> > > compare them
> > > > > to regulatory
> > > > > requirement.)
> > > > >
> > > > > --
> > > > >
> > > > > -Kyle H
> > > > > I speak only for myself.  I don't have the faintest clue about
> > > > > anyone else.
> > > > > _______________________________________________
> > > > > Cryptography mailing list
> > > > > Cryptography at lists.squeakfoundation.org
> > > > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cry
> > > > > ptography
> > > > >
> > > >
> > > > _______________________________________________
> > > > Cryptography mailing list
> > > > Cryptography at lists.squeakfoundation.org
> > > >
> > >
> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptograph
> > > > y
> > >
> > >
> > > _______________________________________________
> > > Cryptography mailing list
> > > Cryptography at lists.squeakfoundation.org
> > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cry
> > ptography
> > >
> >
> > _______________________________________________
> > Cryptography mailing list
> > Cryptography at lists.squeakfoundation.org
> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cry
> ptography
> >
>
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
>


-- 

-Kyle H

More information about the Cryptography mailing list