Home Events Mining Issued Common Criteria and FIPS 140-2 Certificates – More Transparency for Developers, Vulnerability Researchers and Society
Research Days 2021, March, Brno, main banner with Petr Svenda

Mining Issued Common Criteria and FIPS 140-2 Certificates – More Transparency for Developers, Vulnerability Researchers and Society

In the second Research Days 2021 event, Petr Švenda from the Faculty of Informatics at Masaryk University in Brno will feature a data-based insight into certification ecosystems with an open source tool for automatic analysis of publicly available certification reports. The talk will take place virtually on March 24th at 2:00-3:30 PM CET (9:00 AM EDT, 3:00 PM IST).

Abstract
Security certification reports might be long, but they are also a trove of publicly available data about proprietary devices and other products otherwise available only under NDAs. While downloading and reading a single certificate is easy, reasoning about the characteristics of the whole ecosystem, which covers more than ten thousand certified devices based on human-written documents, is different. Are there observable systematic differences between the Common Criteria and FIPS 140-2 certificates? Can I quickly find out if my device is using a certified component recently found vulnerable? Most importantly, can we measure and quantify whether the whole process is actually increasing the security of the products being certificated? This talk address these questions using an open source tool for automatic analysis of publicly available certification reports, accompanied by catchy graphs.

Speaker: Petr Švenda, Faculty of Informatics, Masaryk University

For more information, contact brno-research@redhat.com

Slides in PDF

Session Recording

Date

Mar 24 2021
Expired!

Time

GMT+01
2:00 pm - 3:30 pm

Location

Virtual
Register for the event

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.