The Impact of Certification Criteria on Integrated COTS-Based Systems

While COTS products can be made secure and reliable within a individual domains, they may introduce security vulnerabilities when integrated with other components due to different security expectations. These problematic interactions within an integrated system can be hidden among the multiple, contributing policy types. Furthermore, security certification criteria governing the integrated system can introduce conflicts with local component policies. Security policies and certification criteria lack a common representation. Security policies use various formats and levels of granularity without comparable attributes. Certification criteria are often text-based checklists. We outline a policy configuration model to represent security policies in a format which can manifest conflicting properties across policy specifications. The model defines security policies according to fundamental attributes of property assertions, observable behaviors, mechanisms, constraints, communication and interaction expectations, dependencies on other policies, system configuration, and component state. We extend model expression concepts to incorporate requirements based on common certification criteria