"Berke" is our codename for a tool which helps in the
making of an analysis why a certain product/service is
not vulnerable to an attacker of a certain
strength. In the Common Criteria this analysis is called
"vulnerability analysis (AVA_VAN)" if the evaluator
performs it, or "security architecture (ADV_ARC)" if the
developer performs it. In any case, the analysis why
all attacks are stopped is the core deliverable of any
good security evaluation.
Making such an analysis of the quality that it deserves requires from the human analyst almost superhuman skills at the same time:
The complexity of doing this crucial task correctly taxes the human analyst so much that the risk of mistakes and hence potentially undiscovered weaknesses becomes too high. Some form of computersupport to ease this task is clearly needed so that the analyst can focus on his added value: smart analysis and reasoning.
"Berke" seeks to help here by providing:
Currently "Berke" is in a stage where it is useful for us when providing our services, it still requires some work until it is a product we can confidently offer you. Should you be interested in being an early adopter, please contact us.
Still curious? See Wouter's ICCC10 presentation for some more details and insights gained already.
|Author: Wouter Slegers - Copyright Your Creative Solutions 2009 - All rights reserved|