6th ICCC 2005

Wed., Sept. 28th, 2005

10:00 - 10:15

Opening Plenary

Organizer Address:

　　Information-technology Promotion Agency, Japan Chairman Buheita Fujiwara

Honored guest Address:

　　Ministry of Economy, Trade and Industry (METI)

10:15 - 11:15

Keynote Speech

"Information Security Policy in Government of Japan - Establishment of NISC -"
　　Dr. Suguru Yamaguchi　
　　Advisor on Information Security National Information Security Center, Cabinet Secretariat

"Significance of the Security Evaluation As the Business Strategy"
　　Mr. Yoshiaki Ibuchi　
　　Sharp Corporation, Corporate Executive Director
　　and Group General Manager of Digital Document Systems Group

11:30 - 18:00

Conference Tracks

Track A:		"Security Evaluation Practice and Business Value" - Significance of IT security evaluation on the business strategy - Chair: Dr. Michael J Nash (Gamma Secure Systems Ltd., U.K.) Vice Chair: Hiroyuki Kaneko (Mizuho Information & Research Institute, Inc., Japan)
Track B:		"Marketing" - New market for Common Criteria evaluation - Chair: May-Lis Farnes (Trust2You AB, Sweden) Vice Chair: Maria Oldegård (SWEDAC, Sweden)
Track C:		"Common Criteria Version 3.0" - Introduction and discussion of new Common Criteria as they undergo major revision - Chair: Miguel Bañón (Representing Centro Criptologico Nacional, Spain) Vice Chair: Akira Shinozaki (Information Technology Promotion Agency, Japan)

19:00 - 21:00

Gala Dinner

Welcome Ceremony for new CCRA Signatories
Awards of CC certificates

* Wed., Sept. 28th, 2005 Conference Tracks

Track A

Track B

Track C

Business Value of Security Evaluation

Introduction of CCRA
and ISO activities

Benefits of CC V3

11:30-12:00
A1-01

The Challenge of Raising Business Value through Objective Evaluation of IT Security, & Japan’s IT Security Policy.

Takefumi Tanabe
(Ministry of Economy, Trade and Industry, Japan)

11:30-12:00
B1-01

Overview of the Common Criteria Recognition Arrangement(CCRA)

Frits Taal
Chairman of CCRA Management Committee
(Netherlands National Communications Security Agency(NLNCSA), Netherlands)

11:30-12:00
C1-01

CC v3.0 Update

David Martin
(CESG, U.K.)

12:00-12:30
A1-02

Business value of the operational system security evaluation for the integrator and the service provider

Hiroyuki Kaneko
(Center for Evaluation of Information Security, Mizuho Information & Research Institute, Inc., Japan)

12:00-12:30
B1-02

International standardization activities in SC 27 regarding Security Assurance and Evaluation

Mats Ohlin
(Swedish Defence Materiel Administration(FMV) & ISO/IEC JTC 1/SC27/WG 3, Sweden)

12:00-12:30
C1-02

CC v3.0 The New Conceptual Framework

Dr. Dirk-Jan Out
(TNO-ITSEF, Netherlands)

12:30-13:00
A1-03

Linux achieves CAPP/EAL4+ Can it achieve EAL5?

K.S. (Doc) Shankar
(IBM Corporation, U.S.A.)
Helmut Kurth
(atsec information security, U.S.A.)

Challenge in CCRA nations

12:30-13:00
C1-03

ASE/APE for CC 3.0

Dr. Dirk-Jan Out
(TNO-ITSEF, Netherlands)

12:30-13:00
B1-03

Canadian Common Criteria Scheme (CCS) Update

Robert B. Morey
(CSE, Canada)

The Italian Certification Body for Commercial IT Systems/Products

Luisa Franchina
(Organismo di Certificazione della Sicurezza Informatica, Italy)

13:00-14:30

Lunch

Security Evaluation Practice

14:30-15:00
B1-04

U.S. Common Criteria Evaluation & Validation Scheme Update

Audrey M. Dale
(U.S. NIAP CCEVS Validation Body & National Security Agency(NSA), U.S.A.)

Common Criteria in Austria - Overview and Experiences

Herbert Leitold
(Secure Information Technology Center Austria (A-SIT), Austria)

Trial use and CC V3 Part2

14:30-15:00
A1-04

Copier & MFD under ISO 15408 scheme

Takashi Ito
(Konicaminolta Business Technologies, INC, Japan)

14:30-15:00
C1-04

Trial use experiences with ASE and APE for the new CC EAL1 concept

Thomas Borsch
(Bundesant für Sicherheit in der Informationstechnik(BSI), Germany)

15:00-15:30
A1-05

Microsoft Exchange Server 2003 Efficient high level certification for a big product

Michael Grimm
(Microsoft Corporation, U.S.A.)
Wolfgang Peter
(TÜV Informationstechnik GmbH, Germany)

15:00-15:30
B1-05

French evaluation and certification Scheme

Thomas Bousson
(DCSSI - French Certification Body, France)

Netherlands scheme for Certification in the area of IT security (NSCIB)

Rob T.M. Huisman
(Netherlands National Communications Security Agency, Netherlands)

15:00-16:00
C1-05

CC v3.0 The New Part 2

Dr. Dirk-Jan Out
(TNO-ITSEF, Netherlands)

15:30-16:00
A1-06

How to tackle the IT security evaluation in Canon

Nobuhiro Tagashira
(Canon Inc., Japan)

15:30-16:00
B1-06

Introduction of Japanese Scheme

Hideji Suzuki
(Information-technology Promotion Agency, Japan (IPA),Japan)

Australasian Information Security Evaluation Program

Paul Herrick
(Defence Signals Directorate, Australia)

16:00-16:30

break

Security Evaluation
for Composite Products

16:30-17:00
B1-07

The BSI Certification Scheme and Recent Developments in The German IT Security Market

Irmela Ruhrmann
(Bundesamt für Sicherheit in der Informationstechnik(BSI), Germany)

The Norwegian Certification Scheme - An overview

Kjell W. Bergan
(Norwegian National Security Authority(NONSA) / SERTIT, Norway)

CC V3 ADV and
Composition Issues

16:30-17:00
A1-07

East meets west:
Evaluation experiences of a Japanese company by a Dutch evaluation lab under the German scheme

Noriki Iwasaki
(SHARP, Japan)

Wouter Slegers
(TNO-ITSEF BV, Netherlands)

16:30-17:30
C1-06

ADV - v3.0

Ronald Bottomly
(U.S. Common Criteria Evaluation and Validation Scheme, U.S.A.)

17:00-17:30
A1-08

Success of a smartcard composite TOE evaluation performed by NTTDATA

Naohisa Ichihara
(NTTDATA Corporation, Japan)

17:00-17:30
B1-08

Common Criteria Certification in the UK

Nigel H Jones
(CESG, U.K.)

The Spanish Evaluation and Certification Scheme

Luis Jimenez
(Centro Criptologico Nacional, Spain)

17:30-18:00
A1-09

Deriving Security for Mixed IT System Architectures from Evaluated Products

David Ochel
(atsec information security, U.S.A.)

17:30-18:00
B1-09

Swedish Certification Body for IT Security & the Swedish Common Criteria Evaluation and Certification Scheme.
SWEDAC is a public authority under the Ministry for Foreign Affairs and Ministry of Trade.

Maria Oldegård
(SWEDAC, Sweden)
Dag Ströman
(FMV/CSEC, Sweden)

Korea IT Security Evaluation and Certification Scheme

Dae Ho Lee
(National Intelligence Service/ IT Security Certification Center(NIS/ITSCC), Korea)

17:30-18:00
C1-07

ACO Composition in v3.0
AVA updates in v3.0

David Martin
(CESG, U.K.)

▲ top

Thu., Sept. 29th, 2005

9:00 - 17:00

Conference Tracks

Track A:		"Security Evaluation Practice and Business Value" - Significance of IT security evaluation on the business strategy - Chair: Dr. Michael J Nash (Gamma Secure Systems Ltd., U.K.) Vice Chair: Hiroyuki Kaneko (Mizuho Information & Research Institute, Inc., Japan)
Track B:		"Marketing" - New market for Common Criteria evaluation - Chair: May-Lis Farnes (Trust2You AB, Sweden) Vice Chair: Maria Oldegård (SWEDAC, Sweden)
Track C:		"Common Criteria Version 3.0" - Introduction and discussion of new Common Criteria as they undergo major revision - Chair: Miguel Bañón (Representing Centro Criptologico Nacional, Spain) Vice Chair: Akira Shinozaki (Information Technology Promotion Agency, Japan)

17:30 - 18:00

Closing Plenary

Closing Address:	Yusaku Nakata
	(Executive Director, Information-technology Promotion Agency, Japan)
Invitation to the next ICCC

*Thu., Sept.29th, 2005 Conference Tracks

Track A

Track B

Track C

Developers’ view on Security Evaluation

Challenge for Smartcard Evaluation

CC V3 ALC/AGD and CEM

09:00-09:30
A2-01

Software component evaluation

Albert Dorofeev
(Sony Secure Communications Europe, Belgium)

09:00-09:30
B2-01

Overview of Common Criteria Smart Card Evaluation Activities

Dr. Bertolt Krüger
(SRC Security Research and Consulting GmbH, Germany)

09:00-09:30
C2-01

ALC- & AGD-Revision

Dr. Frank Sonnenberg
(Bundesant für Sicherheit in der Informationstechnik(BSI), Germany)

09:30-10:00
A2-02

Application of the Common Criteria to a Terminal for Banking Services

Yukio Izumi
(Mitsubishi Electric Corporation, Japan)

09:30-10:00
B2-02

Smart Card Evaluation and Certification in France

Thomas Bousson
(DCSSI - French Certification Body, France)

09:30-10:00
C2-02

The Common Evaluation Methodology

Miguel Bañón
(Representing Centro Criptológico Nacional, Spain)

10:00-10:30
A2-03

Fully Utilizing the Threat Model

Adam O’Brien
(Corsec Security, Inc., U.S.A.)

10:00-10:30
B2-03

Smart card CC evaluation - Paradigm, issues, what is at stake

Philippe Bouchet
(Axalto & Head of French Delegation at ISO/SC27, France)

10:00-10:30
C2-03

Porting ST and PP to CC 3.0: Problems and some answers

Axel Boness
(ITSEF of CEA-LETI, France)

10:30-11:00

break

Support for Security Evaluation

Challenge for Crypto and Biometrics Evaluation

Impact of CC V3

11:00-11:30
A2-04

Lowering Developer Costs Through Developer Certification

Anthony Hall
(CSC Australia, Australia)

11:00-11:30
B2-04

FIPS-US Cryptographic Testing Standard

Nithya Rachamadugu
(CygnaCom Solutions, U.S.A.)

11:00-11:30
C2-04

CC V3.0 How it affects Smart Card evaluation

Hans-Gerd Albertsen
(ISCI-WG1)
Tyrone Stodart
(ISCI-WG1)

11:30-12:00
A2-05

Analysis of SOF(Strength of Function) and vulnerability on Fingerprint Authentication System

Jun Woo Park
(Korea Information Security Agency (KISA)、Korea)

11:30-12:00
B2-05

A FIPS 140-2 evaluation could authorize CC-like tests

Axel Boness
(ITSEF of CEA-LETI, France)

11:30-12:00
C2-05

Reference Monitor Concept in the CC

Kristina C. Rogers
(CygnaCom Solutions, U.S.A.)

12:00-12:30
A2-06

Development of Informal Security Policy Models

Erin Connor
(EWA-Canada, Canada)

12:00-12:30
B2-06

Introduction of Security Profile for staff verification by Token based biometoric authentication.

Takashi Shirakata
(NTT DATA Corporation, Japan)

12:00-12:30
C2-06

Writing and Updating of Protection Profiles conform to CC Version 3.0

Wolfgang Killmann
(T-Systems GEI GmbH, Germany)

12:30-14:00

Lunch

Production of PP/ST

Expanding the CC market - Market experiences and market needs

Challenge for Next

14:00-14:30
A2-07

Designing ST of Passport Application Examination System

Yoshifumi Asai
(Fujitsu Hokuriku Systems Limited, Japan)

14:00-14:30
B2-07

Does Common Criteria need marketing?

Maria Oldegård
(SWEDAC, Sweden)
May-Lis Farnes
(Trust2You AB, Sweden)

14:00-14:30
C2-07

ISMS Aspects in Common Criteria Certificates for Development Sites

Dr. Bertolt Krüger
(SRC Security Research and Consulting GmbH, Germany)

14:30-15:00
A2-08

Cultural Issues and their impact on Evaluations

Simon Milford
(LogicaCMG UK Limited, U.K.)

14:30-14:50
B2-08

Lessons Learned in Market Adoption of the Common Criteria

Steven B. Lipner
(Microsoft Corporation, U.S.A.)

14:30-15:00
C2-08

A Note on High Robustness Requirements for Separation Kernels

Thuy D. Nguyen
(Department of Computer Science, Naval Postgraduate School, U.S.A.)

15:00-15:30
A2-09

Vendors and Government Cooperate to Produce a Practical Protection Profile

Roger French
(Microsoft Corporation, U.S.A.)
Shaun Lee
(Oracle Corporation, U.S.A)
John Kendrick
(Sybase, Inc., U.S.A.)

14:50-15:10
B2-09

Challenges of CC Evaluations

Soheila Amiri
(CyberGuard Corporation, U.S.A.)

15:00-15:30
C2-09

Evaluation of application systems by ISO/IEC TR 19791

Hirohisa Nakamura
(Japan Electronics and Information Technology Industries Association (JEITA), Japan)

15:10-15:30
B2-10

Is the Common Criteria the only way?

Dr. David Brewer
(Gamma Secure Systems Limited, U.K.)

15:30-16:00

break

Guidance/Tools for Security Evaluation

Panel discussion

Next CC?

16:00-16:30
A2-10

The ISO PPST Guide - Tool or Irrelevance?

Dr. Michael J Nash
(Gamma Secure Systems Ltd., U.K.)

16:00-17:00
B2-11

Welcome to the panel discussion on Marketing

Chair: May-Lis Farnes(Trust2You AB, Sweden)
Panelist:
Steven B. Lipner (Microsoft Corporation, U.S.A.),
Soheila Amiri (CyberGuard Corporation, U.S.A.),
Dr. David Brewer (Gamma Secure Systems Limited, U.K.),
Maria Oldegård (SWEDAC, Sweden)

16:00-16:30
C2-10

First Results from the Site Certification / ALC-Reusability-Project

Dr.Frank Sonnenberg
(Bundesant für Sicherheit in der Informationstechnik(BSI), Germany)

16:30-17:00
A2-11

Guidance for the Production of Evaluation Evidence

Yune Gie Sung
(Korea Information Security Agency (KISA), Korea)

16:30-17:00
C2-11

Common Criteria- Where next?

David Martin
(CESG, U.K.)

▲ top