19 September 2006

Time

Track1

Track2

Track3

09:30-10:0

Opening Plenary

10:00-10:30

Keynote speech: Information Security in Europe - What role does and will certification play?

Carsten Casper, ENISA.

10:30-11:00

Keynote speech: Vendor Strategies for Maximizing Evaluation Process under the Common Criteria

Jane Medefesser, Sun Microsystems.

11:00-11:30

Coffee Break

11:30-12:30

Panel Discussion “IT Security and IT security Certification Policies”

Security policies to drive the security of the IT environment. Trade-offs between policy issue and policy compliance. Approaches to solve the compliance bottleneck. Market forces and policy issue.

Chaired by: Mr. Luis Jiménez, CCN.

Participants:

Mr. Bernd Kowalski, BSI.

Mr. Carsten Casper, Enisa.

Mr. Haruki Tabuchi, IPA.

Ms. Audrey Dale, NIAP.

Ms. Jane Medefesser, Sun Microsystems.

12:30-13:00

“CCRA progress and status”

Report from the CC Management Committee

13:00-14:30

Lunch

14:30-15:00

Site Certification Process. Frank Sonnenberg, BSI.

The current state of Common Criteria Development - a report from the CCDB, David Martin, CCDB chair.

Ways to CC evaluation cost reduction: beyond CC V3, Francoise Forge, Gemplus.

15:00-15:30

Trial Use Results of the Site Certification Process, Thomas Borsch, BSI.

Update on the GE scheme, Irmela Ruhrmann, BSI.

Product Vendors Guide to Planning for Government Required Validations, Matthew L. Keller, Corsec Security, Inc.

15:30-16:00

How to Write Site Security Targets, Gerald Krummeck, atsec information security.

Update on the SP scheme, Luis Jiménez, CCN.

Impacts of Third Party Consultants on Common Criteria Assurances, James L. Arnold Jr., SAIC Common Criteria Testing Laboratory

16:00-16:30

                                                                                                                 Coffee Break

16:30-17:00

Analysis of the composition problems in CC v3.0 with some suggested solutions, Dr.Albert Jeng, Taiwan Telecom Technology Center.

Update on the UK scheme, Nigel Jones, CESG.

Vulnerabilities, Vulnerabilities, Vulnerabilities, Simon Milford, LogicaCMG Security Practice.

17:00-17:30

Formal Specifications of Security Policy Models, Dr. Wolfgang Thumser, T-Systems GEI GmbH.

A brief update on the U.S. scheme and some policies implemented this year, Audrey Dale, NIAP.

How the Common Criteria requirements could be used for the development of secure software, Boutheina Chetali, Axalto.

17:30-18:00

Development of Informal Security Policy Models, Erin Connor, EWA-Canada.

Update on the IT scheme, Elin Wedlund, OCSI.

Build a CC assurance package dedicated to your risk assessment, Francois Guérin, Axalto

20 September 2006

Time

Track1

Track2

Track3

09:00-09:30

The Tao of Security Targets, Dirk-Jan Out, TNO-ITSEF.

CCV3 Supporting document  for composite product evaluation, Francoise Forge, Gemplus.

Integrating Common Criteria Evaluation into the COTS Product Development Process, Wesley Higaki - Symantec Corporation

09:30-10:00

High Assurance Evaluations - challenges in Formal Security Policy Modeling and Covert Channel Analysis, Sai Pulugurtha, CygnaCom Solutions Security Evaluations Laboratory.

Application of the Common Criteria to Distributed Systems, William R Simpson, Institute for Defense Analyses. 

Retrofitting Developer Documentation, Erin Connor, EWA-Canada. 

10:00-10:30

Modeling Security Functional Requirements, Helmut Kurth, atsec information security.

Composite Evaluation: General Approach and Practical Integration of Security Policies, Dr. Igor Furgel, Volker Schenk, T-Systems GEI GmbH.

Advantages and drawbacks to use CC methodology for a private scheme, Francois Guérin, Axalto.

10:30-11:00

                                                                                                                 Coffee Break                        

11:00-11:30

Industrial case study:  zero defect secure software to EAL5+ for the National Security Agency, Martin Croxford, Praxis High Integrity Systems Ltd.

Managing the transition phase between CCV2 to CC V3, Francoise Forge, Eurosmart PSSWG.

Software Security Reviews - Summarized experiences that led to a new methodology, Peter Bayer, Magnus Ahlbin, Combitech AB.

11:30-12:00

Delta Evaluation Approaches, James L. Arnold Jr., SAIC Common Criteria Testing Laboratory.

Applying the assurance class Development of CC v.3 to hardware, Wolfgang Killmann, T-Systems GEI GmbH, ITSEF.

Automating Security Testing, Mark Fallon, Oracle Corporation.

12:00-12:30

TSF Interfaces, Ronald Bottomly, U.S. Common Criteria Evaluation and Validation Scheme

Looking for a common attack methodology focused on fingerprint authentication devices, Dr. Marino Tapiador, CCN.

Application of Semantic Techniques to CC Problems, Mark Gauvreau, EWA-Canada.

12:30-13:00

Systematic Application of the Common Criteria Methodology to Evaluate IT Products and Systems Used in Automated Physical Protection Systems, Alexander S. Piskarev, Scientific, Technical and Certification Center for Information Security of the Russian Federal Agency for Atomic Energy.

Fingerprint Biometric CC Security Evaluations, José Ángel Álvarez Pérez, INTA.

A unified tool to fulfill semi formal and formal requirements for CC evaluations, Carolina Lavatelli, Trusted Labs; Jean-Pierre Krimm, CESTI-LETI.

13:00-14:30

Lunch

14:30-15:00

CC v3- Developing and Evaluating a ST, Nithya Rachamadugu, CygnaCom Solutions.

Rating Attack Potential for Smartcards, Dr Alain MERLE, ISCI.

New Attacks and CC v3.0, Yao-Chang Yu, Taiwan Telecom Technology Center.

15:00-15:30

CC-EAL4+ Certification of KeyOne, Jordi Iñigo, Safelayer Secure Communications S.A.

Examples on the calculation of the Attack Potential, Thomas Schroeder, JHAS working group.

Alternate Assurance Methodologies  for Increasing Product Security, Jeremy Epstein, webMethods; Wesley Higaki - Symantec Corporation; Eric Bidstrup, Microsoft Corporation.

15:30-16:00

The Check Point VPN-1/Firewall-1 NGX Medium Robustness Evaluation, Malcolm Levy, Check Point Software Technologies Ltd.; Nir Naaman, Metatron Ltd.

A smartcard ST in CC 3.1: what does it look like?, Wooster Slegers, TNO ITSEF B.V.

Alternative Assurance Criteria, Dr. David Brewer, Gamma Secure Systems Limited.

16:00-16:30

Coffee Break

16:30-17:00

An Experiment with CC Version 3.0 Migration, Thuy D. Nguyen, Naval Postgraduate School.

 

Achieving CC by retrofitting evidence to an existing product, Julian Straw, BT.

17:00-17:30

Addressing consumer needs to increase the demand for Common Criteria-evaluated products, David Ochel, atsec information security corporation.

Microsoft SQL Server 2005 - Certification against a moving Protection Profile, Roger French, Microsoft Corporation; Wolfgang Peter, TÜV Informationstechnik GmbH.

Static Code Analyzers, Mark Fallon, Oracle Corporation.

19:30-11:00

Gala Dinner

21 September 2006

Time

Track1

Track2

Track3

09:00-09:30

Developing a CC EAL7 Multi-Level Security Capability, Chris Walsh, Tenix Datagate Pty Ltd.

Requirements Engineering for eVoting, Roland Vogt, DFKI.

Design and Development of a Knowledge-based Tool for ST Developers Based on CC v3, Guillermo Horacio Ramirez Caceres, Soka University.

09:30-10:00

Meaningful vulnerability analysis with v3: by-product or the product of evaluation?, Denise Cater, BT

Protection Profile for Network-Based Anti-Spam Mail System, June-ho Lee, Young-tae Kim, KISA. 

Requirements-Driven Development for IT Security Products, Mark Gauvreau, EWA-Canada.

10:00-10:30

Applying the Draft CC Version 3.0 to Linux - Experience from a Trial Evaluation, Helmut Kurth, atsec information security.

Strategic ST Evaluation/Confirmation, Kai Naruki, IPA.

Document Security - Understanding and minimising the risks, Peter Plested, Sharp Digital Document Systems.

10:30-11:15

Coffee Break

11:15-12:15

Closing Panel “Roundup of events at the 7thICCC”

12:15-12:45

Closing Plenary

12:45-13:00

Announcement of 8th ICCC

13:15-14:45

Lunch