Open Source Systems Security Certification

1 What the book is about The major topic of this book is the rationale behind applying software security certifications (e.g. Common Criteria) to open source systems. At first glance, this seems to be a contradiction, because a security certification is usually given to a specific release of a specific software configuration, sometimes even only if running on a specific hardware or for a specific purpose, whereas open source systems like the Linux kernel undergo a constant development process that involves lots of code changes and usage shifts every day. Nevertheless, in order to use common open source products (like the Linux OS) in high-security areas like healthcare or e-government an appropriate security certification must be obtained. The book starts with a broad overview on the core concepts behind every security certification. After introducing the basic notions and paradigms of access control techniques, some in-depth descriptions on test-based security certification and model-checking-based security verification are given. Both fields are involved in typical security certification mechanisms, since they provide detailed information regarding the measurable degree of security a software product gives. Test-based security certification, for instance, can be used to obtain detailed information on whether a given software product can stand the state-of-the-art set of known attacks, and also whether its functionality matches the assumptions thereon. Model checking, on the other hand, provides a provable level of correctness, hence safety, of the software system's behaviour. Nevertheless, both approaches have their deficiencies when being used in a software security certification process. Test-based certification massively depends on the selection and processing of the particular test cases, whereas model checking tends to run into complexity issues known as the state explosion problem .