This paper presents a formal security policy model for Smart-Cards with digital signature application. This kind of model is necessary for each evaluation according to Information Technology Security Evaluation Criteria assurance level E4 (Common Criteria level EAL5) and above. Furthermore, we argue that such a model is essential for reasoning about the security of Information Technology components like a spe-cific IT product or IT system. Without an unambiguous defi-nition of what security means, it is impossible to say whether a product really is secure.
Published Date: May 2000
Registration: ISBN 978-1-57735-113-9
Copyright: Published by The AAAI Press, Menlo Park, California.