|
|
Scientific Programme
Agenda 10ICCC
22 September 2009
| Time |
Track1 (Nord-Norge) |
Track2 (Rica Hall II) |
Track3 (Rica Hall I) |
| 09:30-10:00 |
Opening Plenary (Rica Hall)
Opening Ceremony
Øistein Hanssen, Local Entertainer
Berit Alette Mena, Local Entertainer
Welcoming addresses
Arild Hausberg, Mayor of Tromsø
Opening speeches
Knut Anders Moi, Deputy Director General, Ministry of Justice and the Police
Kjetil Nilsen, Director General, Norwegian National Security Authority (NSM)
|
| 10:00-10:30 |
Keynote speech
Common Criteria: A Community Focus on Improving Software Assurance
Steven B. Lipner, Senior Dir. of Security Engineering Strategy, Microsoft Corp.
|
| 10:30-11:00 |
Keynote speech
Accelerating Achievable Assurance
Mary Ann Davidson, Chief Security Officer, Oracle Corporation
|
| 11:00-11:30 |
Coffee Break |
| 11:30-12:30 |
Panel Discussion
The future direction of CC, and the role of industry in its development,
the role of testing tools in process based assurance, and other related
assurance initiatives.
Moderator
David Martin, Scheme Director, CESG, UK
Panelists:
Steven B. Lipner, Microsoft Corporation, US
Mary Ann Davidson, Oracle Corporation, US
|
| 12:30-13:00 |
Update from the CC Management
Committee
Dag Ströman, Acting MC Chair
|
| 13:00-14:30 |
Lunch |
| 14:30-15:00 |
Other Topics
Development of a Protection
Profile for Biometric Systems
Following ISO/IEC TR 15446
Fernandez S. Belen,
Univ. Carlos III of Madrid
|
E-ID
The e-ID Card Project in
Germany
Bernd Kowalski, Federal Office
of Information Security
|
The Next Generation of CC
CCDB Report and overview
of CC v.4 work areas
David Martin, CESG, UK
|
| 15:00-15:30 |
Experiences gained from the
first Site Certification
Projects
Christian Krause, BSI
Mr. Thomas Schröder,
T-Systems GEI GmbH
|
Strong Authentication based
on German ID Card
Klaus Lüttich,
Bremen Online Sevices
|
Detailed Report
Meaningful Reports
Working Group – Status update
Bob Morey,
Program Manager for the
Canadian CC Scheme,
Comm.Security Establishment
|
| 15:30-16:00 |
Dedicated EAL: The payment
terminal experience
Carolina Lavatelli,
Trusted Labs
|
Smart Card
Stepping into CC v.3.1 –
Supporting efficiently
ADV_ARC in the smart card
industry
Laurent Di Russo, NLNCSA
|
Predictive Assurance
Update on Lead Nation Project
Irmela Ruhrmann, BSI
|
| 16:00-16:30 |
Coffee Break |
| 16:30-17:00 |
Fine tuning a CC evaluation
in concurrence with a FIPS
140-3 validation
Javier J. Tallon, Epoche & Espri
|
Site Certification – 1st trial:
Good news and Guidelines
Hans Gerd Albertsen,
NXP Semiconductors Germany
|
Tools Support
Tools to verify
Match-on Card Fingerprint Verification
implementation
David Cerezo, CCN
|
| 17:00-17:30 |
New Crypto-Kid on the block
Sunil Trivedi, The MITRE Corp
|
Monitoring CC for Smart
Security Devices
Françoise Forge, ISCI
|
Skills and Interaction
CCDB Work Group
– Skills and Interaction
David Martin, CESG UK |
| 17:30-18:00 |
Low Cost Certification
Roadmap
Miguel Bañón, Epoche & Espri
|
Composite evaluation of
(U)SIM Applications
Carolina Lavatelli, Trusted Labs
|
Vulnerability Analysis:
Simplicity is the ultimate sophistication
Wouter Slegers,
Your Creative Solutions
|
| 20:00-21:30 |
10th anniversary celebration |
23 September 2009
| Time |
Track1 (Nord-Norge) |
Track2 (Rica Hall II) |
Track3 (Rica Hall I) |
| 09:00-09:30 |
Scheme Update
Update on UK Scheme
David Martin, CESG, UK
Update on Japanese Scheme
Hidehiro YAJIMA, IPA |
Tools, Techniques
and Experience
Formal security policy model
for a system with dynamic
information flow
Jens H.Rypestøl,
Applica Consulting
|
The Next Generation of CC
Challenges and Solutions of
Distributed Systems Composition
Tsun-Te Tsui, Telecom Technology
Center |
| 09:30-10:00 |
Update on Italian Scheme
Massimiliano Orazi, FUB
Update on US Scheme
Carol Houck, NIAP, US |
Evaluation Methodology for
Random Number Generator -
Update of German Scheme Doc.
Wolfgang Killmann,
T-Systems GEI |
Unofficial Part 4 of the CC
Lisa Vincent,
SAIC Acc. Testing & Eval. Lab. |
| 10:00-10:30 |
Update on US Scheme
Carol Houck, NIAP, US |
Effective evaluations outside the EAL frameowrk: Vertical
Assurance Packages & -Profiles
Jose E. Rico, Epoche & Espri |
An Attack Surface based Approach to Evaluation
Helmut Kurth,
atsec info.sec.corp. |
| 10:30-11:00 |
Coffee Break |
| 11:00-11:30 |
CC in the 21st Century
Appropriate Assurance:
Fitting like a Glove, Not a Tent
Tony Boswell, SiVenture |
Design and Development of a
Knowledge-based Tool to
support ST Developers on
acquisition of Cryptographic
Requirements
Gillermo H.R.Caceres,
Grad School of Engineering,
Soka University |
How the CC intersects and compares
with other security evaluation
programs and what it means for the
rest of us
Lachlan Turner,
DOMUS IT Security Laboratory |
| 11:30-12:00 |
CC vs. ISO/IEC 27001:2005:
How to use an
ISO/IEC 27001:2005
Certified Information Security
Management System (ISMS)
in a CC Evaluation.
Jean-Yves Bernard,
Thales ITSEF |
EAL6 Evaluation – Challenges
in Consistency Verification
between Security Policy Model
and other ADV classes
documents
Sun-Mi Kim, Korea Info Sec Agency |
Enterprise Security Management
Protection Profiles:
An Implementation Plan
Brickman Joshua, CA Inc. and
Eric Winterton, Booz | Allen |
| 12:00-12:30 |
OSPP: A Flexible Approach to
Operating Systems Security
Miriam Serowy, BSI |
Developer Tools and
Techniques, Part I:
ALC_TAT reformulation
Miguel Bañòn, Epoche & Espri |
Lessons learned while Evaluating
Windows Vista and Server 2008 using
the CC and alternative approaches
Michael Grimm, Microsoft Corp. |
| 12:30-13:00 |
The public domain and the CEM Attack Potential mismatch
Jose F. Ruiz, Epoche & Espri |
Developer Tools and
Techniques, Part II. Application
to SW: CAPEC
Robert Martin ,
MITRE Corporation |
Common Criteria Development
Lessons from the ISMS World
Mike Nash, Gamma Secure
Systems.Limited |
| 13:00-14:30 |
Lunch |
| 14:30-15:00 |
CC in the 21st Century
Walking by the Physical
borderline: Vulnerability
Analysis of Hardware TOE’s with Security Boxes
Marino Tapiador, CCN |
Tools, Techniques and Experience
Optimizing ADV/AGD
evidence for CC 3.1
Peter van Swieten,
Brightsight BV |
The Next Generation of CC
Making a Better PP
James Arnold, SAIC |
| 15:00-15:30 |
Public verifiability challenges CC paradigm in the context of e-voting and beyond
Roland Vogt, DFKI |
Policies vs. Threats: clarifying
the Security Target
Albert Dorofeev, Sony SCE |
Incorporating user-oriented
Security into CC
Robin Sharp,
Technical University of Denmark
|
| 15:30-16:00 |
Physical protection:
Anti-tamper mechanisms
in CC security evaluations
Chamorro Alvaro,
Epoche & Espri |
Taking White Hats to
the Laundry: How to
Strengthen Testing in CC
Apostol Vasilev,
atsec info. sec. corp. |
Vulnerability Analysis Taxonomy:
Achieving completeness in
a systematic way
Javier Jesús Tallon,
Epoche & Espri, S.L |
| 16:00-16:30 |
Coffee Break |
| 16:30-17:00 |
CC Schemes Around the
World: Some Lab Perspectives
Eve Pierre, SAIC |
Why source code when having
binaries? Applying reverse
engineering in Common
Criteria evaluations below
EAL4.
Trifon Giménez,
Epoche & Espri, S.L |
Protection of
Critical Infrastructure
Trusting Virtual Trust
Jeremy Powell, atsec info.sec.corp.
|
| 17:00-17:30 |
CC and EU
CC within the context of the EU Privacy Seal (EuroPriSe)
Wolfgang Peter, TÜViT |
Taming the Complexity
of the CC
Wouter Slegers,
Your Creative Solutions |
Evidence based Evaluations
Chances and Challenges
Helmut Kurth, atsec info.sec.corp |
| 19:30-22:30 |
Gala Dinner
Certificate Award Ceremony |
24 September 2009
| Time |
Track1 (Nord-Norge) |
Track2 (Rica Hall II) |
Track3 (Rica Hall I) |
| 09:00-09:30 |
CC and EU
Building successful
communities to interpret
and apply CC
Tony Boswell, SiVenture
|
Vendors and CC
Sony FeliCa: Smartcard CC Evaluation Experience with Five Schemes
Hiroaki Hamada,
Sony Corp.
|
Evidence based Evaluations
Semantic Techniques for the CC
Erin Connor,
EWA Canada
|
| 09:30-10:00 |
E-Health and
Trustworthy IT
The use of CC within the
German health system
Markus Mackenbrock,
BSI Germany
|
Secure Software Development
for Higher CC Evaluation
Assurance Levels
Shanai Ardi, Dept. of Computer
and Info.science, Linkøping Univ.
|
Evaluation and Certification results and vulnerability analysis in USB Storage Drive Management System
Hyeon Mee Pak, KISA
|
| 10:00-10:30 |
An innovative Composition
Approach by the German
Health Care market
Hans-Werner Blissenbach, TÜVIT and Mr. Marcel Weinand of BSI
|
How much!! The cost impact
of different approaches to
generating deliverables
Adam O’Brien, Oracle Corp.
|
A Comparison of Security Standards
Marcus Streets, Thales nCipher
|
| 10:30-11:15 |
Coffee Break |
| 11:15-12:15 |
Closing Panel (Rica Hall):
Summary of Events at the ICCC
Summary of Events.
David Martin, Scheme Director. CESG, UK
Speech.
Kjell W. Bergan, Scheme Director, Norwegian National Security Authority (NSM) / SERTIT
|
| 12:15-12:45 |
Closing Plenary
MC Chair
|
| 12:45-13:00 |
Announcement of the 11th ICCC |
| 13:15-14:45 |
Lunch |
|
