UPM Institutional Repository

A unified trust model for common criteria recognition arrangement for product acceptance


Mat Isa, Mohd Anuar (2018) A unified trust model for common criteria recognition arrangement for product acceptance. Doctoral thesis, Universiti Putra Malaysia.


Common Criteria (CC) is introduced as an international body for product testing, verification and certification. It is used for unifying existing international standards that involved users, vendors, manufacturers (industries) and governments. The purpose of the CC evaluation is to establish a one-time assessment without the need for a series of repetitive testing and verification processes for Common Criteria Recognition Arrangement (CCRA) participant nations. The trust problem arises between CC Authorizers and Consumers because the Consumers need to trust the Authorizer nation’s laboratory testing and verification of products. There are leading nations among the CCRA’s arrangement signatories (e.g. the USA) that want to reduce the mutual recognition level because the nations do not trust foreign nation’s laboratory testing and verification. To overcome the trust problem, J. Kallberg proposed a hypothesis; which is to abandon the global approach of CCRA participants and replace it with well-established groups (e.g. EU, NATO). Secondly, the thesis has improved the J. Kallberg suggestion by introducing intersection members (nations) among the well-established groups that can serve as bridges to spread trust boundaries. A nation that a member of more than one group has a wider coverage of transitive trust. Then, the nation will act as a bridging nation between different groups. Thirdly, in order to minimize the trust gap between CCRA participant nations, choosing a nation that has good international relations with many nations as a candidate for the authorizing nation. This will minimize the trust problem if one chooses a nation that is good international relations as the authorizing nation compared to a nation has historical controversy which may lead to doubtful perception. In this work, the thesis has modeled and verified the proposed solutions in minimizing the trust problem using a process of relation algebra and formal methods. Precedent methods such as Bayes probability, Dempster-Shaffer theory and subjective logic are referred to. The modeling steps as follows, selecting requirements and formal specifications; implement and verify the models using Event-B and Atelier theorem prover. The verified models were simulated using ProB simulator for finding trustable CC authorizing nations using case studies from the period 1999 until 2014. The performance measurement of the proposed models was evaluated based on trust relations of the CC authorizing nations with other CCRA nations; and the trust relations metrics were displayed as a list of CC authorizing nations ranking. From the simulation results, the ranking has shown that the USA, NLD, ESP, ITA, FRA and DEU dominated as the trustable authorizing nations. The thesis has suggested that the CCRA participant nations should choose the authorizing nation with the highest ranking because it is more trustable compared to lower ranking authorizing nations. As the conclusion, choosing the highest ranking authorizing nation can minimize the trust problem between the CCRA participant nations.

Download File

FSKTM 2018 18 IR.pdf

Download (2MB) | Preview

Additional Metadata

Item Type: Thesis (Doctoral)
Subject: Product safety
Subject: Industrial safety
Subject: Security systems
Call Number: FSKTM 2018 18
Chairman Supervisor: Ramlan Mahmod, PhD
Divisions: Faculty of Computer Science and Information Technology
Depositing User: Ms. Nur Faseha Mohd Kadim
Date Deposited: 31 May 2019 03:25
Last Modified: 31 May 2019 03:25
URI: http://psasir.upm.edu.my/id/eprint/68790
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item