Related papers: Chain of trust: Unraveling references among Common Criteria certified products

Chain of trust: Unraveling references among Common Criteria certified products

URL: http://arxiv.org/abs/2404.14246v3
Date: Mon, 19 Aug 2024 15:32:15 GMT
Title: Chain of trust: Unraveling references among Common Criteria certified products
Authors: Adam Janovsky, Łukasz Chmielewski, Petr Svenda, Jan Jancar, Vashek Matyas,
Abstract summary: This study devises a novel method for building the graph of references among the Common Criteria certified products. With the help of the resulting reference graph, this work identifies just a dozen certified components that are relied on by at least 10% of the whole ecosystem.
Score: 0.3058340744328236
License: http://creativecommons.org/licenses/by/4.0/
Abstract: With 5394 security certificates of IT products and systems, the Common Criteria for Information Technology Security Evaluation have bred an ecosystem entangled with various kind of relations between the certified products. Yet, the prevalence and nature of dependencies among Common Criteria certified products remains largely unexplored. This study devises a novel method for building the graph of references among the Common Criteria certified products, determining the different contexts of references with a supervised machine-learning algorithm, and measuring how often the references constitute actual dependencies between the certified products. With the help of the resulting reference graph, this work identifies just a dozen of certified components that are relied on by at least 10% of the whole ecosystem -- making them a prime target for malicious actors. The impact of their compromise is assessed and potentially problematic references to archived products are discussed.

Related papers

TrustScore: Reference-Free Evaluation of LLM Response Trustworthiness [58.721012475577716]
Large Language Models (LLMs) have demonstrated impressive capabilities across various domains, prompting a surge in their practical applications. This paper introduces TrustScore, a framework based on the concept of Behavioral Consistency, which evaluates whether an LLMs response aligns with its intrinsic knowledge.
arXiv Detail & Related papers (2024-02-19T21:12:14Z)
sec-certs: Examining the security certification practice for better vulnerability mitigation [0.2886273197127056]
Critical vulnerabilities get discovered in certified products with high assurance levels. Assessing which certified products are impacted by such vulnerabilities is complicated due to the large amount of unstructured certification-related data. We trained unsupervised models to learn which vulnerabilities from NIST's National Vulnerability Database impact existing certified products.
arXiv Detail & Related papers (2023-11-29T12:55:16Z)
An Ensemble-based approach for assigning text to correct Harmonized system code [2.365702128814616]
Harmonized System (HS) is the most standardized numerical method of classifying traded products among industry classification systems. A hierarchical ensemble model comprising of Bert- transformer, NER, distance-based approaches, and knowledge-graphs have been developed to address scalability, coverage, ability to capture nuances, automation and auditing requirements when classifying unknown text-descriptions as per HS method.
arXiv Detail & Related papers (2022-11-08T15:32:36Z)
OpenOOD: Benchmarking Generalized Out-of-Distribution Detection [60.13300701826931]
Out-of-distribution (OOD) detection is vital to safety-critical machine learning applications. The field currently lacks a unified, strictly formulated, and comprehensive benchmark. We build a unified, well-structured called OpenOOD, which implements over 30 methods developed in relevant fields.
arXiv Detail & Related papers (2022-10-13T17:59:57Z)
Towards a multi-stakeholder value-based assessment framework for algorithmic systems [76.79703106646967]
We develop a value-based assessment framework that visualizes closeness and tensions between values. We give guidelines on how to operationalize them, while opening up the evaluation and deliberation process to a wide range of stakeholders.
arXiv Detail & Related papers (2022-05-09T19:28:32Z)
Defining Security Requirements with the Common Criteria: Applications, Adoptions, and Challenges [17.700647389830774]
The adoption of ICT products with security properties depends on consumers' confidence and markets' trust in the security functionalities. Common Criteria for Information Technology Security Evaluation (often referred to as Common Criteria or CC) is an international standard for cyber security certification. Best practices on developing Protection Profiles, recommendations, and future directions for trusted cybersecurity advancement are presented.
arXiv Detail & Related papers (2022-01-19T05:05:33Z)
REAM$\sharp$: An Enhancement Approach to Reference-based Evaluation Metrics for Open-domain Dialog Generation [63.46331073232526]
We present an enhancement approach to Reference-based EvAluation Metrics for open-domain dialogue systems. A prediction model is designed to estimate the reliability of the given reference set. We show how its predicted results can be helpful to augment the reference set, and thus improve the reliability of the metric.
arXiv Detail & Related papers (2021-05-30T10:04:13Z)
Exploiting Knowledge Graphs for Facilitating Product/Service Discovery [1.2691047660244332]
This work presents a cost-effective solution for e-commerce on the Data Web by employing an unsupervised approach for data classification. The proposed architecture describes available products in web language OWL and stores them in a triple store. User input specifications for certain products are matched against the available product categories to generate a knowledge graph.
arXiv Detail & Related papers (2020-10-11T10:22:10Z)
Towards Question-Answering as an Automatic Metric for Evaluating the Content Quality of a Summary [65.37544133256499]
We propose a metric to evaluate the content quality of a summary using question-answering (QA) We demonstrate the experimental benefits of QA-based metrics through an analysis of our proposed metric, QAEval.
arXiv Detail & Related papers (2020-10-01T15:33:09Z)
Automatic Validation of Textual Attribute Values in E-commerce Catalog by Learning with Limited Labeled Data [61.789797281676606]
We propose a novel meta-learning latent variable approach, called MetaBridge. It can learn transferable knowledge from a subset of categories with limited labeled data. It can capture the uncertainty of never-seen categories with unlabeled data.
arXiv Detail & Related papers (2020-06-15T21:31:05Z)
Unveiling Relations in the Industry 4.0 Standards Landscape based on Knowledge Graph Embeddings [10.098126048053384]
Industry4.0 (I4.0) standards and standardization frameworks have been proposed with the goal of emphempowering interoperability in smart factories. We study the relatedness among standards and frameworks based on community analysis to discover knowledge that helps to cope with interoperability conflicts between standards.
arXiv Detail & Related papers (2020-06-03T17:37:08Z)

This list is automatically generated from the titles and abstracts of the papers in this site.