The development of a Common Criteria protection profile for high-robustness separation kernels requires explicit modifications of several Common Criteria requirements as well as extrapolation from existing (e.g., medium robustness) guidance and decisions. The draft U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness (SKPP) is intended to be applicable to a class of products (the target of evaluation, or TOE) that includes, but is not limited to, real time and embedded systems. This paper describes certain SKPP concepts and requirements and provides underlying motivations and rationale for their inclusion in the SKPP. Primary areas of focus are the security requirements regarding information flow, dynamic configuration, and the application of the principle of least privilege to restrict actions of active entities.
Thuy D. Nguyen, Timothy E. Levin, Cynthia E. Irvin