An integrated approach for certification and re-certification based on the case study of an integrated circuit

Abstract

A system is expected to undergo necessary security assessment to ensure that it is in compliance with the baseline security requirements. Otherwise it becomes hard to trust that the product is secure enough to use. For this purpose, certification can be used to ensure that a system is secure and safe to use. In this thesis, we define an integrated approach that aims to reduce time and cost in the product evaluation process by refining and integrating existing approaches. Hence, we consolidate solutions from the ARMOUR methodology, the ECSO meta-scheme and the NIST SP 800-137 to support certification and re-certification. We use a case study of the integrated circuit (or chip) as an example. In addition, we follow the Common Criteria based European Cybersecurity Candidate Scheme guidelines from ENISA to define a standardized process in certifying and re-certifying the product. Three different validators validated the thesis through face validity.