|Time||Track A||Track B||Track C|
IT Security Certification Center
National Intelligence Service
Cross-Border Collaboration in Security & Privacy (Prof. Tai-Myoung Chung, SungKyunKwan University, KR)
Security Evaluation of A Moving Target (Prof. Dieter Gollmann, Technischen Universität Hamburg-Harburg, DE)
Enhance Smart Card Business through Common Criteria (Dr. Chilhee Chung, Samsung Electronics, KR)
from the CC Management Committee
Mats Ohlin, MC Chair (FMV, SE)
|Time||Track A||Track B||Track C|
|09:00-10:30|| CCDB Workgroup - Evidence-based Approach
Steve LaFountain (NIAP, US)
| AVA_VAN.2 - Performing Vulnerability
Analysis under CC v3.1
Eve Pierre, James L. Arnold Jr. (SAIC, US)
| Scoping the TOE
Nithya Rachamadugu (CygnaCom, US)
| CCDB Workgroup - Predictive Assurance
Irmela Ruhrmann (BSI, DE)
| Circular Reasoning: Venn Will We Agree
Common SoF Analysis Method?
Nathan Lee, Amy Nicewick (Corsec Security, US)
| Developer Documentation - A Who to
Erin Connor (EWA, CA)
| CCDB Working Group - Writing a More
Meaningful Certification/Validation Report
Robert Harland (CSE, CA)
| Attack Potential: Using it Properly and
Evolving it for the Future
Tony Boswell (SiVenture, UK)
| An analysis of the coverage of some
cryptographic aspects in the Common Criteria
Massimiliano Orazi, Vittorio Bagini, Renato Menicocci, Franco Guida (Fondazione Ugo Bordoni, IT)
|11:00-12:30|| Challenging the Concept of One
Assurance Level per Evaluation
Miriam Serowy (BSI, DE), Nils Tekampe (TÜViT, DE)
| About the World-first CC smart card
Certificate using Formal Assurances
Boutheina Chetali (Gemalto, FR)
| Should and How CC be Used to Evaluate
based Passports or Banknotes?
Chia Hung Lin (Telecom Technology Center, TW)
| EAL1: Resuscitate or Euthanize? The Low
Julian Straw (BT, UK)
| Smartcard Security Development using
Method Tool SPIN
Naohisa ICHIHARA (NTTDATA, JP)
| Security Domain Separation as a
for Business Flexibility
Igor Furgel (T-Systems, DE)
| Proposal for a COTS Software Assurance
Wesley H. Higaki (Symantec Corporation, US)
| Towards Modelling and Evaluating SPM
Il-gon Kim, Hee-Jun Yoo, Won-Tae Sim, Byung-kyu Noh (KISA, KR)
| Integration of Architectural
into the CC Structure
Helmut Kurth (atsec, US), Susanne Pingel (BSI, DE)
|14:00-15:30|| CC V4 - Proposed Approaches
Anthony J. Apted, James L. Arnold Jr. (SAIC, US)
| Consistency Verification Method Between
and SPM on High Level Evaluation
Hee-Jun Yoo, Il-Gon Kim, Gyu-Min Cho, Byung-Gue Noh (KISA, KR)
| IT Security Starts Here: At the
Structure and Its Mission Critical Infrastructure
Joachim Faulhaber, Wolfgang Peter (TÜViT, DE)
| Common Criteria from a Commercial
Perspective - and options for improvement with version 4.0
Simon Milford (SiVenture, UK)
| Designing the Trusted Service Bus for
David Ochel (atsec, US), Brian Vetter (BlueSpace Software, US)
| Secure System Integration Methodology
Satoshi HARUYAMA, Toshiya YOSHIMURA, Naohisa ICHIHARA (NTTDATA, JP)
| Multi-Level Certifications - Using
EALs as Project Milestones
Bertolt KrÜger (SRC Security Research & Consulting, DE), Christian Tabias (Utimaco Safeware AG, DE)
| High Assurance Evaluations - Challenges
Formal Security Policy Modeling and Covert Channel Analysis
Sai Pulugurtha (CygnaCom, US)
| Measuring the Effectiveness of a
Michael Grimm (Microsoft, US), Helmut Kurth (atsec, US)
|16:00-18:00|| Introducing Usability to the Common
Matthew Nicolas Kreeger, Marcus Streets (nCipher, UK)
| High Assurance Product Development and
Common Criteria: Rethinking EAL7
Rance DeLong, John Rushby (LynuxWorks, US)
| Site Certification - Another Step to
the CC Process and to Reduce Costs
Hans-Gerd Albersten (NXP Semiconductors, DE), Juergen Noller (Infineon Technologies AG, DE)
| Introducing Assurance Measures for
Yi Mao (atsec, US)
| Biometrics in Common Criteria 2008: The
Nils Tekampe (TÜViT, DE)
| Site Evaluation according to the Site
Thomas Schroder (T-Systems, DE)
| Common Criteria and Source Code
Tools: Competitors or Complements
Adam O'Brien (Security Assurance Group, UK)
| New Challenges on Biometric
Analysis on Fingerprint Devices
Marino Tapiador (CCN, SP)
| The Centrality of Common Criteria in a
of Advanced Technologies
Lior Carmi (SII, IL)
| Software Design Complexity Assurance
Tim Huntley (Juniper Networks, US)
| Evaluation Methodology Based on CEM for
Testing Environmental Influence
in Biometric Devices
Belen Fernandez-Saavedra, Raul Sanchez-Reillo, Raul Alonso-Moreno (University Carlos III of Madrid, SP)
| Maximising the Benefits of Assurance
David MacFarlane (Research In Motion, CA)
Awards of CC certificates
Korean Music Performance
|Time||Track A||Track B||Track C|
|09:00-11:00|| FMEA for Improving Vulnerability
Byeonggak Ko (KTL, KR)
| Common Criteria Works! (How the
Industry uses the CC)
Tyrone Stodart (ISCI, UK)
| Guidelines for Evaluation Reports
to CC 3.1
Christian Krause (BSI, DE)
| Tool for Supporting a Common Criteria
Maria Soraya (CESTI, SP)
| Experience of Smart Card Evaluation
Masashi Tanaka, Kazuo Morimura, Yasuhiro Hosoda, Takahiro Yamamoto (NTT, JP)
| How to write Protection Profiles and
Security Targets - ISO/IEC TR 15446, The PP/ST Guide
Michael Nash (Gamma Secure Systems Ltd, UK)
| Tools and Techniques for Evidence
Supporting Tools for
Ismael Kane (LGAI-APPLUS, SP)
| The Complete(d) CC v3.1 Experience on a
Smart Card IC with Cryptolibrary
Wouter Slegers (Brightsight, NL)
| Lessons Learnt in Writing PP/ST
Wolfgang Killmann (T-Systems, DE)
| EPM (Enterprise Project Management)
Construction for Evaluating Progress Management
Nam-kyun Baik, Won-Tae Sim, Byung-kyu Noh (KISA, KR)
| The Functional Verification of AES RTL
Design using the H/W Assisted Co-Emulation
Jae-Deok Ji, Byung-Kwon Lee, Byung-kyu Noh (KISA, KR)
| Further Streamlining of PPs and STs
Dirk-Jan Out (Brightsight, NL)
Mats Ohlin, MC Chair
IT Security Certification Center
|12:10-12:30||Announcement of 10th ICCC|
|Time||CC Tutorial Session|
of CC and Part I
Mr. Jose Emilio Rico (Epoche, SP)
of Part II
Dr. Michael Nash (Gamma Secure Systems Ltd, UK)
of Part III and CEM
Dr. Su-en Yek (DSD, AU)
|Prof. Tai-Myoung Chung
|Vice Chair of OECD Working Party on Information Security &
Prof. Chung has been a faculty member & director of the Information Management Technology Lab. of the School of Information and Communications, Sungkyunkwan University in Korea since 1995. Before coming to Sungkyunkwan University, he had been a staff scientist of network technology department at BBN Labs., Cambridge, Massachusetts, and a systems manager at Waldner & Co., Oak Brook, Illinois all in the USA. Prof. Chung graduated from Purdue University with his Ph.D. in computer engineering. Currently, his research interests are Information Security, Network & Information Management, and Mobile Security. He has published 9 technical books and more than 500 refereed research papers. Also, he has served as program chairs of several international conferences and workshops.
Prof. Chung is actively involved in professional and social activities related to his expertise. He is now a vice chair of Working Party on Information Security & Privacy, OECD, senior member of IEEE, vice president of Korea Information Processing Society, chair of the Consortium of Computer Emergency Response Teams(CONCERTs), and the chair of Chief Privacy Officers Forum of Korea. He previously served as a Presidential Committee member of Korean e-government, expert member of Presidential Advisory Committee on Science & Technology of Korea, and advisory committee members of several public and private organizations such as Prime Minister’s Office, National Intelligence Service of Korea, National Security Council, Ministry of Information & Communications, Internet Crime Investigation Center of Seoul Public Prosecutor's Office, Electronic and Telecommunication Research Institute(ETRI), and SK Telecom, etc.
|Prof. Dieter Gollmann
|Head of Institute for Security in Distributed Applications, Technischen
Universitat Hamburg-Harburg, Germany|
Prof. Dieter Gollmann received his Dipl.-Ing. in Engineering Mathematics (1979) and Dr.tech. (1984) from the University of Linz, Austria, where he was a research assistant in the Department for System Science. He was a Lecturer in Computer Science at Royal Holloway, University of London, and later a scientific assistant at the University of Karlsruhe, Germany, where he was awarded the 'venia legendi' for Computer Science in 1991. He rejoined Royal Holloway in 1990, where he was the first Course Director of the MSc in Information Security.
He was a Visiting Professor at the Technical University of Graz in 1991, an Adjunct Professor at the Information Security Research Centre, QUT, Brisbane, in 1995, and has acted as a consultant for HP Laboratories Bristol. He joined Microsoft Research in Cambridge in 1998. In 2003, he took the chair for Security in Distributed Applications at Hamburg University of Technology, Germany. He is a Visiting Professor with the Information Security Group at Royal Holloway, a Visiting Professor with the School of Software at Tsinghua University, Beijing, and an Adjunct Professor at the Technical University of Denmark. Dieter Gollmann is one of the editors-in-chief of the International Journal of Information Security and an associate editor of the IEEE Security & Privacy Magazine. His textbook on 'Computer Security' has now appeared in its second edition.
|Dr. Chilhee Chung|
|Senior Vice President & General Manager, Samsung Electronics,
Dr. Chilhee Chung is a Senior Vice President & General Manger of the System LSI Division at Samsung Electronics. He is in charge of LSI Product and Technology which includes product development and advanced logic process technology for display driver IC, Smart Card IC and imaging solutions. He has been with Samsung Electronics, Semiconductor Business, since 1979, and has worked in various technology and product development area, such as SRAM, flash memory, LSI products. He was appointed as a vice president in 1998, and was responsible for System LSI Product Technology group. Since year 2000, he has worked as general manager of C&M (Chipcard and Microcontroller) Team, and he was promoted as Senior Vice President in January, 2005. From 2008, he is in charge of LSI Product and Technology.
As recognition of his dedicated research work, Dr. Chung was awarded the “Jangyoungsil-prize”, the prize for recognizing advanced smart card product and technology developments, from Korea Industrial Technology Association in 2002. He also awarded the Grand Prize of technology development from Samsung Electronics in 1984 for recognizing 256k DRAM product development. Dr. Chung has received a bachelor of science in Physics from Seoul National University, a master of science in Physics from KAIST (Korea Advanced Institute of Science and Technology), and a PhD in Physics from Michigan state University.
|Mr. Mats Ohlin (Moderator)
|CCRA Management Committee Chair, FMV, Sweden
Mats Ohlin has been involved in the computer security area since the beginning of the 80-ies working for the Swedish National Defence Research Establishment, the Swedish Defence Staff and the Swedish Defence Materiel Administration (FMV) where he currently holds a position as Strategic Specialist in the area of Information and IT Security. Joining FMV in 1989, he became involved in the Swedish National IT programme, which involved assessment of IT security evaluation criteria and the potential of a Swedish Certification Scheme. Mats Ohlin has been active in the international subcommittee within ISO/IEC ISO/IEC JTC 1/SC 27 (IT Security), and in particular in its WG 3 (Security evaluation criteria), since its start in 1990. Since October 1999 he convenes this Working Group.
Mats Ohlin was in the 90-ies one of the two Swedish officials in the Senior Officials Group - Information Security (SOG-IS) at the EU Commission and was active in establishing the European Mutual Recognition framework for IT security certification. He then became active in the harmonisation work leading to the international Arrangement for mutual recognition of IT security certificates (CCRA). He has been an expert 2003-2005 in the Cabinet Office’s Commission investigating Information Security policy and priorities on the national level and an advisor for the establishment of the Swedish IT Security Certification Body. Mats Ohlin is currently the chair of the Management Committee of the CCRA. He holds a M. Sc. from the Royal Institute of Technology in Stockholm.
|Ms. Audrey M. Dale
|Director, U.S. Common Criteria Scheme,
National Security Agency, USA
Ms. Dale has held numerous technical positions in the Information Assurance arena focusing on Information Systems Security Engineering and the evaluations of a wide variety of Information Assurance products. She also served 20 years in the United States Air Force as a Communications Computer Systems Officer in a variety of positions all over the world. Ms. Dale is a Certified Information Systems Security Professional, holds a Masters Degree from Texas A&M University and is a graduate of the University of Maryland.
|Mr. David Martin
|Chair of CC Development Board, CESG, UK
David Martin has worked in a number of areas of IT security including development work (such as the earliest UK commercial use of public key cryptography), and software/hardware for security in banking, as well as a wide variety of consultancy projects. For many years he ran a security consultancy company and during this time was involved in a number of high assurance development projects for UK Government.
He was a member of the BSI (the UK standards agency) security coordination committee, and is a chartered engineer and a member of the British Computer Society. He has also contributed to a number of books, articles and conferences in the field. He is currently the UK's Scheme Director for international Common Criteria development and is particularly keen to focus upon work that increases the efficiency, effectiveness and relevance of Common Criteria standards and methodology.
|Ms. Irmela Ruhrmann|
|Chair of Executive Subcommittee, BSI, Germany|
Irmela Ruhrmann holds a degree in mathematics from the University of Stuttgart, Germany. After having occupied various positions in industry and in the Canadian university environment, she joined the Certification Body of BSI in 1993. Since then she has been involved with increasing responsibilities in the management of certification projects, in the international harmonization of certification, in the introduction of Common Criteria in the certification scheme and in the negotiation of mutual recognition agreements.
In 1998, Mrs. Ruhrmann was appointed head of BSI Certification section, in June 2006 she was tasked with leading the division Certification, Approval and Conformity Testing. With BSI signature of the Common Criteria Recognition Arrangement (CCRA), she became the BSI representative in the Executive Subcommittee of the CCRA, taking on the responsibilities of the Chair in April 2006.
|Mr. Miguel Bañón|
|Chair of CC Maintenance Board, representing CCN, Spain|
Graduated in computer science, UPM 1990, Miguel Banon has worked in a number of areas related to safety and security IT certification. Project Editor for ISO/IEC 18045, the ISO equivalent of the CEM, and for ISO/IEC 15408, part 3, the ISO equivalent of CC, and chairman of the CCMB. He is currently CEO of Epoche and Espri, an evaluation laboratory based in Spain, and represents the Centro Criptologico Nacional in a number of forums.
|Mr. Pascal Chour|
|Head of Certification Body, DCSSI, France|
Mr. Pascal Chour works at DCSSI (French national security agency) where he is the head of the certification body since 2004. From 1992 to 2004, he was in charge of the security activity in a consultancy company and also, the director of the ITSEF of this company.
In 1987, he co-founded a company in the area of smart-card applications, security product analysis and cryptography. Previously, he was teacher and researcher in an engineer school in the area of networks, proof of communication protocols and security.
Mr. Pascal Chour is a graduate of SUPELEC and EFREI (engineer schools).
|Mr. Richard Helliwell|
|Manager of the Australasian Scheme, DSD, Australia|
Richard is the Manager of the Australasian Information Security Evaluation Program (AISEP) Certification Scheme and is its Principle Certifier. He has over five years experience in the AISEP and is responsible for the oversight of Scheme evaluation tasks.
Richard has participated at all levels of Common Criteria committee management and is currently the AISEP representative to the CCDB. He holds a Bachelor of Engineering (Systems).
|Dr. Marino Tapiador
|Centro Criptologico Nacional, Spain
In the Spanish IT Security Evaluation and Certification Scheme, Marino Tapiador is responsible of the technical management of the Spanish CB that is the organization in charge of Common Criteria, ITSEC and other IT Security evaluations in Spain. Marino Tapiador contributes to the development of IT Security evaluation standards as Common Criteria, he is member of the CC Development Board, CC Maintenance Board and JIL working groups. The interest of Marino Tapiador is focused on research areas related to IT Security evaluation methodologies and electronic identification technologies e.g. smartcards, biometric devices, or PKI systems. Previously Marino has worked for IBM Spain as IT Architect, and as Associate Professor in the Autonomous University of Madrid where he obtained a Ph.D. on Computer Engineering.
|Ms. Miriam Serowy|
After her studies of Computer Science at the University of Applied Sciences of Cologne Miriam joined the Common Criteria Certification Body at the BSI in 2005.
There she works on the certification of large software products like operating systems or firewalls and on the certification of systems conforming to ISO 27001.
She is also representing the BSI in the Common Criteria Maintenance Board, the German Institute for Standardization and ISO SC27 WG 3, following and supporting the further development of the Common Criteria and their standardization
|Mr. Rob Huisman
|NLNCSA, Ministry of the Interior and Kingdom
Rob Huisman joined the Netherlands National Communications Security Agency(NLNCSA) in 2000 and works as a senior policy(-making) official in the area of information security. Within the Netherlands Scheme for Evaluation and Certification of IT security products (NSCIB), he is acting as the technical manager responsible for managing the technical oversight on behalf of the Certification Body.
As a member of the Common Criteria Development Board (DB) he is also involved in maintaining and updating the Common Criteria standard. Furthermore he is representing the Netherlands in the European Schemes Joint Interpretation Working Group (JIWG) and is involved in the international development of CC Supporting Documents e.g. for smartcard evaluations. Rob Huisman graduated in electrical engineering in 1985 and followed a post graduate course in computer sciences. Before joining the NLNCSA, Rob Huisman worked as a project manager and consultant in a number of areas related to ICT within the Netherlands Ministry of Defense.
|Mr. Shaun H. Gilmore|
| U.S. Common Criteria Scheme, National
Security Agency, US|
As the NIAP Common Criteria Evaluation and Validation Scheme Chief Validator, Shaun Gilmore provides technical, CC, and managerial oversight for the US national program for the evaluation of Information Technology products. Mr. Gilmore serves as the primary US representative on the Common Criteria Maintenance Board and is a routine and active member of the Common Criteria Development Board. In this capacity, Mr. Gilmore influences the future advancement of the CC standard and criteria. Mr. Gilmore is a Certified Information Systems Professional, holds a Masters Degree from Carnegie Mellon University, and is a graduate from the University of Scranton.
|Mr. Wan Roshaimi Wan Abdullah|
|Head of Department, CyberSecurity
Wan Roshaimi is currently a Head of Department at CyberSecurity Malaysia. He is a Certified Information Systems Security Professional(CISSP) and also an ISMS Lead Auditor. He has been in information security industry for many years especially in security consulting and advisory. His other area of interest includes wireless security and SCADA security.
|Mr. Wan Suk Yi|
|Korea Information Security Agency, Korea|
He worked mainly in setting up Korean Evaluation and Certification Scheme, developing Korean criteria and PPs, providing education and training programs for evaluators for last twelve years. Since joining CCRA in 2006, he has been representing Korean Scheme at CCRA ES and CCDB meetings.
Before starting his career in the field of CC evaluation and certification in 1996, he was a consultant at Hyundai Information Technology. He also, worked in Korean Air Force as an aid de camp CINC, ROK/US Combined Forces Command. He majored in Computer Science from Virginia Polytechnic Institute and State University in USA and Computer Engineering from DongGuk University and SungKyunKwan University in Korea.
|Prof. Hyoung-Kee Choi (Coordinator)
Information & Communication Engineering, SungKyunKwan
Hyoung-Kee Choi received his B.S. degree from Sungkyunkwan University in Korea (1992), his M.S. degree from Polytechnic University in Brooklyn, NY (1996) and his Ph.D. degree from Georgia Institute of Technology in Atlanta, GA (2001), respectively. The title of his Ph.D. dissertation is "Measurement, Characterization and Modeling of World Wide Web Traffic". He is an assistant professor at the school of information and communication engineering in Sungkyunkwan University. He serves as a director at the education center for mobile communications. His research interests span network security and interne traffic modeling. He joined Lancope in 2001 and remained until 2004 where he guided, and contributed to research in the Internet security.
|Mr. Jose Emilio Rico (Overview of CC and PartI)
Epoche and Espri(Spanish Evaluation Lab.)
Jose Emilio Rico, graduated in computer science, has worked in areas related to the information systems development, safety software certification in the scope of aerospace technologies and IT systems and products security evaluation under ITSEC and CC standards. He is currently Technical Manager of Epoche and Espri, a security evaluation laboratory based in Spain.
|Dr. Michael Nash (Overview of PartII)
|Director, Gamma Secure
Systems Ltd, UK
Mike Nash has a long background in security evaluation criteria. He helped develop the UK national criteria, the ITSEC and finally the Common Criteria. Currently, his main involvement with the CC comes from advising major vendors and customers on how to prepare for and successfully achieve evaluation - and when not to bother trying. He is the Project Editor for Part 2 of ISO/IEC 15408, the ISO equivalent of the Common Criteria. Dr. Nash is a Director of Gamma Secure Systems Limited.
|Dr. Su-en Yek (Overview of PartIII)|
|Australasian Scheme, DSD,
Su-en is a Certifier for the Australasian Information Security Evaluation Program (AISEP) and is the AISEP representative to the CC Maintenance Board and working groups. Su-en holds a PhD in Computer Science and as a part of her academic tenure, published numerous journal and conferences papers in information security.