The objectives of the RT&ES Thursday sessions were as follows:
Present The Open Group proposal for an Independent Evaluation and Certification Scheme for MILS Components and Systems, so participants could better understand the rationale and objectives of such a program. (MILS is an approach to architecting Multiple Independent Layers of Security.)
Present the current Common Criteria approach, structure, processes, and policies, and current trends in the Common Criteria Community in order to understand better where The Open Group approach is different or the same and whether alignment and/or integration is possible.
Follow the presentations (above) with an interactive discussion to explore issues and ideas on moving forward with The Open Group approach to certification in this area.
Provide an overview of the technical aspect of the MILS standardization effort to increase awareness of approach and milestones for this effort, so participants can report back to their companies on the significant progress and hopefully gain even further commit to participate in the MILS API working group.
Participation in the afternoon Cloud Working Group sessions to explore how real-time issues of high assurance and dependability are being addressed in the Cloud.
Summary
This was a great session with valuable give-and-take from all those in the room. The session started off with Rance DeLong, from LynuxWorks and Chair of the MILS API Working Group, who provided a good look at the value and benefit of the MILS architectural approach and why The Open Group approach to evaluation and certification of MILS technology was timely and necessary. Olaf Tettero, from BrightSight, added to the landscape by offering excellent insight into the structure, the policies, and the politics of the Common Criteria Community.
The interactive discussion that ensued was very engaging and valuable. The lively give-and-take lead to the identification of important business, political, and technical issues that, if addressed properly, will increase the chances of a successful implementation and global adoption of The Open Group proposal for Independent Evaluation and Certification Scheme for MILS Components and Systems.
Outputs
The participants walked away with a much better understanding of the issues and the significant potential for The Open Group proposed approach. By the end of the session the participants also had a very good appreciation of each other’s subject matter expertise in this area, and strengthened their relationships to work together on the business and technical development of the proposal.
With respect to the MILS APIs, the group increased their understanding from a technical perspective, and better understood the essence and value of the MILS approach to high assurance solutions. They also felt there was a good chance of getting their companies more involved in the MILS API Working Group.
Next Steps
The next steps are to refine and distribute The Open Group proposal more broadly and to produce a business development plan to address some of the major issues that were identified in this session. And to utilize the global business relationships that were formed during this meeting to help define and vet the plan as it progresses.
Continue the periodic/monthly web conferences of the MILS API Working Group to achieve the standardization milestones on schedule.