Alpha release of C5-DEC CAD on 1 December 2023
The Alpha version of C5-DEC CAD has been released on GitHub: https://github.com/AbstractionsLab/c5dec
We have released C5-DEC CAD as open-source software on GitHub, under the AGPL 3.0 license.
C5-DEC, short for “Common Criteria for Cybersecurity, Cryptography, Clouds – Design, Evaluation and Certification”, is a sub-project of the CyFORT project, which in turn stands for “Cloud Cybersecurity Fortress of Open Resources and Tools for Resilience”.
C5-DEC CAD, the software component of C5-DEC, is a suite of tools for computer-aided design and development (CAD), mainly dealing with: the creation and evaluation of secure IT systems according to the Common Criteria standards, secure software development life cycle (SSDLC), and what we refer to as cyber-physical system security assessment (CPSSA).
This repository contains the source code and full documentation (requirements, technical specifications, user manual, test case specifications and test reports) of C5-DEC CAD, exemplifying the C5-DEC method, which relies on storing, interlinking and processing all software development life cycle (SDLC) artifacts in a unified manner.
The overall goal of the C5-DEC method is to bring together and contextualize SSDLC and CPSSA within the Common Criteria framework. This means tackling the problem of building secure systems, while ensuring full traceability between system artifacts spanning the entire DLC and incorporating threat modelling and system security risk assessment into the design process, all in the context of the Common Criteria framework.
To this end, C5-DEC CAD is aimed at assisting both system/software designers/developers as well as system security analysts with creating and evaluating secure software systems. For instance, it can be used by evaluation laboratories for the execution of impartial assessments of the security of computer systems and software according to the Common Criteria (CC), a set of internationally recognized standards (ISO/IEC 15408), and the complementary ISO/IEC 18045, dealing with a common methodology for computer security evaluation (CEM). CC certification gives users the assurance that a product satisfies the security guarantees and properties it claims to possess.
C5-DEC consists of two key elements that complement each other to form a coherent ensemble: a software component (C5-DEC CAD) and a knowledge base consisting of SSDLC and CPSSA methodologies as well as a wiki of key CC concepts.