| name |
L4Re Secure Separation Kernel, Version CC 1.0.2 |
MultiApp V5.1 JCSConfiguration 1 : 5.1 revision B version 2 (0x3055) et filter set 0x00,configuration 2 : 5.1 revision C version 2 (0x3055) et filter set 0x10,configuration 3 : 5.1 revision B version 2 (0x3055) et filter set 0x14,configuration 4 : 5.1 revision C version 2 (0x3055) et filter set 0x24(ANSSI-CC-2025/55) |
| category |
Operating Systems |
ICs, Smart Cards and Smart Card-Related Devices and Systems |
| scheme |
DE |
FR |
| status |
active |
active |
| not_valid_after |
15.04.2031 |
04.02.2031 |
| not_valid_before |
16.04.2026 |
04.02.2026 |
| cert_link |
https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/EUCC-3087-2026-04-0003%20Certificate.pdf |
https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/ANSSI-CC-2025-55-certificat.pdf |
| report_link |
https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/EUCC-3087-2026-04-0003%20Report.pdf |
https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/ANSSI-CC-2025-55-rapport.pdf |
| st_link |
https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/EUCC-3087-2026-04-0003%20Security%20Target.pdf |
https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/ANSSI-CC-2025-55-cible.pdf |
| manufacturer |
Kernkonzept GmbH |
THALES DIS FRANCE SA |
| manufacturer_web |
https://kernkonzept.com |
https://www.thalesgroup.com/en/europe/france |
| security_level |
EAL4+, ALC_FLR.3 |
ALC_FLR.2, EAL6+ |
| dgst |
2177f30fc1028d8d |
2317867e9472732a |
| heuristics/cert_id |
BSI-DSZ-CC-1177-V2-2026 |
ANSSI-CC-2025/55 |
| heuristics/cert_lab |
BSI |
[] |
| heuristics/cpe_matches |
{} |
{} |
| heuristics/verified_cpe_matches |
{} |
{} |
| heuristics/related_cves |
{} |
{} |
| heuristics/direct_transitive_cves |
{} |
{} |
| heuristics/indirect_transitive_cves |
{} |
{} |
| heuristics/extracted_sars |
ALC_DEL.1, ATE_FUN.1, ASE_INT.1, ALC_LCD.1, ADV_FSP.4, ADV_TDS.3, AGD_OPE.1, ASE_CCL.1, ADV_ARC.1, ATE_COV.2, ASE_SPD.1, AVA_VAN.3, ATE_IND.2, ALC_CMC.4, ALC_TAT.1, ATE_DPT.1, ASE_ECD.1, AGD_PRE.1, ALC_DVS.1, ASE_TSS.1, ADV_IMP.1, ASE_REQ.2, ALC_FLR.3, ALC_CMS.4, ASE_OBJ.2 |
ALC_DEL.1, ADV_INT.3, AVA_VAN.5, ASE_INT.1, ADV_SPM.1, ATE_DPT.3, ADV_TDS.5, AGD_OPE.1, ASE_CCL.1, ALC_CMS.5, ADV_ARC.1, ATE_FUN.2, ALC_TAT.3, ADV_FSP.5, ASE_TSS.2, ASE_SPD.1, ATE_IND.2, ATE_COV.3, ALC_CMC.5, ASE_ECD.1, AGD_PRE.1, ALC_FLR.2, ALC_DVS.2, ASE_REQ.2, ADV_IMP.2, ALC_LCD.1, ASE_OBJ.2 |
| heuristics/extracted_versions |
1.0.2 |
5.1 |
| heuristics/prev_certificates |
{} |
{} |
| heuristics/next_certificates |
{} |
{} |
| heuristics/report_references/directly_referenced_by |
{} |
ANSSI-CC-2025/58, ANSSI-CC-2026/02 |
| heuristics/report_references/directly_referencing |
BSI-DSZ-CC-1177-2025 |
ANSSI-CC-2023/01-R01 |
| heuristics/report_references/indirectly_referenced_by |
{} |
ANSSI-CC-2025/58, ANSSI-CC-2026/02 |
| heuristics/report_references/indirectly_referencing |
BSI-DSZ-CC-1177-2025 |
ANSSI-CC-2023/01-R01 |
| heuristics/scheme_data |
- category: Operating systems
- cert_id: EUCC-3087-2026-04-0003
- certification_date: 16.04.2026
- enhanced:
- applicant: Kernkonzept GmbH Buchenstraße 16 b 01097 Dresden Deutschland
- assurance_level: EAL4+,ALC_FLR.3
- certification_date: 16.04.2026
- description: The TOE is the L4Re Secure Separation Kernel CC 1.0.1 (L4Re SSK). L4Re SSK is a distribution of the open-source L4Re Operating System Framework. As such it is based on the L4Re Microkernel. The L4Re Microkernel is a 3rd-generation microkernel with a state-of-the-art capability-based mandatory access control security model. It allows the separation of applications into different security domains, information flow control, and, subject to access control, dynamic assignment of resources and communication channels. Further the L4Re Microkernel supports static workloads alongside dynamic workloads, which allows to start, restart and shutdown applications during runtime. L4Re SSK is configured to act as a separation kernel, to provide the security features claimed by the ST. The TOE supports native applications as well as virtual machines (VMs). Access to every resource including but not limited to memory, hardware devices and CPU cores is protected by capabilities. Applications and VMs can only access a resource if they possess a capability with suitable permissions for that resource.
- entries: [frozendict({'id': 'EUCC', 'description': 'L4Re SSK is configured to act as a separation kernel, to provide the security features claimed by the ST. The TOE supports native applications as well as virtual machines (VMs). Access to every resource including but not limited to memory, hardware devices and CPU cores is protected by capabilities. Applications and VMs can only access a resource if they possess a capability with suitable permissions for that resource.'}), frozendict({'id': 'BSI', 'description': 'Certificate'})]
- evaluation_facility: atsec information security GmbH
- expiration_date: 15.04.2031
- product: L4Re Secure Separation Kernel, Version CC 1.0.2
- product: L4Re Secure Separation Kernel, Version CC 1.0.2
- url: https://www.bsi.bund.de/SharedDocs/Zertifikate_CC/CC/Betriebssysteme/1177_1177V2.html
- vendor: Kernkonzept GmbH
|
|
| heuristics/st_references/directly_referenced_by |
{} |
{} |
| heuristics/st_references/directly_referencing |
{} |
ANSSI-CC-2023/01-R01 |
| heuristics/st_references/indirectly_referenced_by |
{} |
{} |
| heuristics/st_references/indirectly_referencing |
{} |
ANSSI-CC-2023/01-R01 |
| heuristics/protection_profiles |
{} |
7f886b64878b68c1 |
| maintenance_updates |
|
|
| protection_profiles |
|
|
| protection_profile_links |
{} |
https://www.commoncriteriaportal.org/nfs/ccpfiles/files/ppfiles/pp0099V2b_pdf.pdf |
| pdf_data/cert_filename |
EUCC-3087-2026-04-0003 Certificate.pdf |
ANSSI-CC-2025-55-certificat.pdf |
| pdf_data/cert_frontpage |
|
|
| pdf_data/cert_keywords/cc_cert_id |
- DE:
- BSI-DSZ-CC-1177-V2-2026: 1
- EUCC-3087-2026-04-0003: 1
|
|
| pdf_data/cert_keywords/cc_protection_profile_id |
|
|
| pdf_data/cert_keywords/cc_security_level |
|
|
| pdf_data/cert_keywords/cc_sar |
|
|
| pdf_data/cert_keywords/cc_sfr |
|
|
| pdf_data/cert_keywords/cc_claims |
|
|
| pdf_data/cert_keywords/vendor |
|
|
| pdf_data/cert_keywords/eval_facility |
|
|
| pdf_data/cert_keywords/symmetric_crypto |
|
|
| pdf_data/cert_keywords/asymmetric_crypto |
|
|
| pdf_data/cert_keywords/pq_crypto |
|
|
| pdf_data/cert_keywords/hash_function |
|
|
| pdf_data/cert_keywords/crypto_scheme |
|
|
| pdf_data/cert_keywords/crypto_protocol |
|
|
| pdf_data/cert_keywords/randomness |
|
|
| pdf_data/cert_keywords/cipher_mode |
|
|
| pdf_data/cert_keywords/ecc_curve |
|
|
| pdf_data/cert_keywords/crypto_engine |
|
|
| pdf_data/cert_keywords/tls_cipher_suite |
|
|
| pdf_data/cert_keywords/crypto_library |
|
|
| pdf_data/cert_keywords/vulnerability |
|
|
| pdf_data/cert_keywords/side_channel_analysis |
|
|
| pdf_data/cert_keywords/technical_report_id |
|
|
| pdf_data/cert_keywords/device_model |
|
|
| pdf_data/cert_keywords/tee_name |
|
|
| pdf_data/cert_keywords/os_name |
|
|
| pdf_data/cert_keywords/cplc_data |
|
|
| pdf_data/cert_keywords/ic_data_group |
|
|
| pdf_data/cert_keywords/standard_id |
- ISO:
- ISO/IEC 15408: 2
- ISO/IEC 18045: 2
|
|
| pdf_data/cert_keywords/javacard_version |
|
|
| pdf_data/cert_keywords/javacard_api_const |
|
|
| pdf_data/cert_keywords/javacard_packages |
|
|
| pdf_data/cert_keywords/certification_process |
|
|
| pdf_data/cert_metadata |
|
|
| pdf_data/report_filename |
EUCC-3087-2026-04-0003 Report.pdf |
ANSSI-CC-2025-55-rapport.pdf |
| pdf_data/report_frontpage |
- FR:
- DE:
- cert_id: BSI-DSZ-CC-1177-V2-2026
- cert_item: L4Re Secure Separation Kernel, Version CC 1.0.2
- cert_lab: BSI
- developer: Kernkonzept GmbH
- match_rules: ['(BSI-DSZ-CC-.+?) (?:for|For) (.+?) from (.*)']
|
|
| pdf_data/report_keywords/cc_cert_id |
- DE:
- BSI-DSZ-CC-1177-: 1
- BSI-DSZ-CC-1177-2025: 2
- BSI-DSZ-CC-1177-V2-2026: 18
- EUCC-3087-2026-04-0003: 18
|
- FR:
- ANSSI-CC-2023/01-R01: 2
- ANSSI-CC-2025/55: 3
|
| pdf_data/report_keywords/cc_protection_profile_id |
|
- BSI:
- BSI-CC-PP-0099-V2-2020: 2
|
| pdf_data/report_keywords/cc_security_level |
|
|
| pdf_data/report_keywords/cc_sar |
|
|
| pdf_data/report_keywords/cc_sfr |
|
|
| pdf_data/report_keywords/cc_claims |
- OE:
- OE.HARDWARE: 1
- OE.NOEVIL: 1
- OE.PHYSICAL: 1
|
|
| pdf_data/report_keywords/vendor |
|
|
| pdf_data/report_keywords/eval_facility |
|
|
| pdf_data/report_keywords/symmetric_crypto |
|
|
| pdf_data/report_keywords/asymmetric_crypto |
|
|
| pdf_data/report_keywords/pq_crypto |
|
|
| pdf_data/report_keywords/hash_function |
|
|
| pdf_data/report_keywords/crypto_scheme |
|
|
| pdf_data/report_keywords/crypto_protocol |
|
|
| pdf_data/report_keywords/randomness |
|
|
| pdf_data/report_keywords/cipher_mode |
|
|
| pdf_data/report_keywords/ecc_curve |
|
|
| pdf_data/report_keywords/crypto_engine |
|
|
| pdf_data/report_keywords/tls_cipher_suite |
|
|
| pdf_data/report_keywords/crypto_library |
|
|
| pdf_data/report_keywords/vulnerability |
|
|
| pdf_data/report_keywords/side_channel_analysis |
|
|
| pdf_data/report_keywords/technical_report_id |
|
|
| pdf_data/report_keywords/device_model |
|
|
| pdf_data/report_keywords/tee_name |
|
|
| pdf_data/report_keywords/os_name |
|
|
| pdf_data/report_keywords/cplc_data |
|
|
| pdf_data/report_keywords/ic_data_group |
|
|
| pdf_data/report_keywords/standard_id |
- BSI:
- AIS 1: 1
- AIS 14: 1
- AIS 17: 1
- AIS 19: 1
- AIS 23: 1
- AIS 32: 1
- AIS 38: 1
- ISO:
- ISO/IEC 15408: 2
- ISO/IEC 17065: 2
- ISO/IEC 18045: 2
|
- CC:
- CCMB-2017-04-001: 1
- CCMB-2017-04-002: 1
- CCMB-2017-04-003: 1
- CCMB-2017-04-004: 1
|
| pdf_data/report_keywords/javacard_version |
|
|
| pdf_data/report_keywords/javacard_api_const |
|
|
| pdf_data/report_keywords/javacard_packages |
|
|
| pdf_data/report_keywords/certification_process |
- ConfidentialDocument:
- ETR] Final Evaluation Technical Report, Version 1.1, 24.03.2026, atsec information security GmbH, (confidential document) [ConfList] L4Re Secure Separation Kernel CC 1.0.2 Konfigurationsliste, Version 1.2, 2026-01-26: 1
- GmbH (confidential document) [ConfGuide] L4Re Configuration Guidance, Version 15, 2025-11-28, Kernkonzept GmbH [DevGuide: 1
|
|
| pdf_data/report_metadata |
- /CreationDate: D:20260420085327+02'00'
- /Creator: Writer
- /Keywords: Common Criteria, Certification, Zertifizierung, L4Re, Kernkonzept, Mikrokernel
- /Producer: LibreOffice 5.3
- /Title: Certification Report EUCC-3087-2026-04-0003 ;BSI-DSZ-CC-1177-V2-2026
- pdf_file_size_bytes: 343571
- pdf_hyperlinks: https://www.bsi.bund.de/zertifizierung, https://www.kernkonzept.com/cybersecurity-information/, https://www.commoncriteriaportal.org/, http://www.commoncriteriaportal.org/, https://www.bsi.bund.de/zertifizierungsreporte, https://certification.enisa.europa.eu/publications/eucc-state-art-documents_en, https://euvd.enisa.europa.eu/, https://www.bsi.bund.de/AIS, https://eur-lex.europa.eu/eli/reg_impl/2025/2462/oj
- pdf_is_encrypted: False
- pdf_number_of_pages: 18
|
|
| pdf_data/st_filename |
EUCC-3087-2026-04-0003 Security Target.pdf |
ANSSI-CC-2025-55-cible.pdf |
| pdf_data/st_frontpage |
|
|
| pdf_data/st_keywords/cc_cert_id |
- DE:
- BSI-DSZ-CC-1177-v2-2026: 2
|
|
| pdf_data/st_keywords/cc_protection_profile_id |
|
- BSI:
- BSI-CC-PP-0068-V2-2011-MA-01: 1
- BSI-CC-PP-0084-2014: 1
- BSI-CC-PP-0099-V2-2020: 1
- BSI-PP-0055-2009: 1
- BSI-PP-0056-V2-MA-2012: 1
|
| pdf_data/st_keywords/cc_security_level |
|
- EAL:
- EAL 6+: 1
- EAL6: 34
- EAL6 augmented: 1
- EAL6+: 3
|
| pdf_data/st_keywords/cc_sar |
- ADV:
- ADV_ARC.1: 1
- ADV_FSP.4: 1
- ADV_IMP.1: 1
- ADV_TDS.3: 1
- AGD:
- AGD_OPE.1: 1
- AGD_PRE.1: 1
- ALC:
- ALC_CMC.4: 1
- ALC_CMS.4: 1
- ALC_DEL.1: 1
- ALC_DVS.1: 1
- ALC_FLR.3: 6
- ALC_LCD.1: 1
- ALC_TAT.1: 1
- ASE:
- ASE_CCL.1: 1
- ASE_ECD.1: 1
- ASE_INT.1: 1
- ASE_OBJ.2: 1
- ASE_REQ.2: 1
- ASE_SPD.1: 1
- ASE_TSS.1: 1
- ATE:
- ATE_COV.2: 1
- ATE_DPT.1: 1
- ATE_FUN.1: 1
- ATE_IND.2: 1
- AVA:
|
- ADV:
- ADV_ARC: 1
- ADV_ARC.1: 10
- ADV_FSP.1: 1
- ADV_FSP.2: 2
- ADV_FSP.4: 2
- ADV_FSP.5: 8
- ADV_IMP.1: 5
- ADV_IMP.2: 4
- ADV_INT.2: 2
- ADV_INT.3: 2
- ADV_SPM.1: 9
- ADV_TDS.1: 2
- ADV_TDS.3: 3
- ADV_TDS.4: 2
- ADV_TDS.5: 6
- AGD:
- AGD_OPE: 1
- AGD_OPE.1: 9
- AGD_PRE: 2
- AGD_PRE.1: 7
- ALC:
- ALC_CMC.4: 2
- ALC_CMC.5: 4
- ALC_CMS.5: 3
- ALC_DEL.1: 4
- ALC_DVS.2: 6
- ALC_FLR.2: 7
- ALC_LCD.1: 6
- ALC_TAT.1: 2
- ALC_TAT.2: 2
- ALC_TAT.3: 4
- ASE:
- ASE_CCL.1: 1
- ASE_ECD.1: 1
- ASE_INT.1: 1
- ASE_OBJ.2: 1
- ASE_REQ.2: 1
- ASE_SPD.1: 1
- ASE_TSS.1: 1
- ASE_TSS.2: 1
- ATE:
- ATE_COV.1: 2
- ATE_COV.2: 3
- ATE_COV.3: 2
- ATE_DPT.1: 1
- ATE_DPT.3: 4
- ATE_FUN.1: 6
- ATE_FUN.2: 4
- ATE_IND.2: 5
- AVA:
|
| pdf_data/st_keywords/cc_sfr |
- FDP:
- FDP_ACC: 30
- FDP_ACC.1: 4
- FDP_ACC.2: 8
- FDP_ACF: 30
- FDP_ACF.1: 20
- FDP_IFC.2: 7
- FDP_IFC.2.1: 1
- FDP_IFC.2.2: 1
- FDP_IFF.1: 6
- FDP_IFF.1.1: 1
- FDP_IFF.1.2: 1
- FDP_IFF.1.3: 1
- FDP_IFF.1.4: 1
- FDP_IFF.1.5: 1
- FDP_RIP.1: 5
- FDP_RIP.1.1: 1
- FIA:
- FIA_UID.2: 6
- FIA_UID.2.1: 1
- FMT:
- FMT_MSA: 39
- FMT_MSA.1: 5
- FMT_MSA.3: 15
- FMT_MTD: 5
- FMT_MTD.1: 1
- FMT_SMF: 1
- FMT_SMF.1: 5
- FMT_SMF.1.1: 1
- FMT_SMR: 6
- FMT_SMR.1: 6
- FPR:
- FPR_UNO.1: 5
- FPR_UNO.1.1: 1
|
- FAU:
- FAU_ARP.1: 16
- FAU_ARP.1.1: 1
- FAU_SAA.1: 2
- FAU_SAS.1: 2
- FCO:
- FCS:
- FCS_CKM: 53
- FCS_CKM.1: 30
- FCS_CKM.1.1: 3
- FCS_CKM.2: 11
- FCS_CKM.2.1: 1
- FCS_CKM.3: 6
- FCS_CKM.3.1: 1
- FCS_CKM.4: 30
- FCS_CKM.4.1: 2
- FCS_CMK.4: 1
- FCS_COP: 57
- FCS_COP.1: 25
- FCS_COP.1.1: 5
- FCS_RNG: 21
- FCS_RNG.1: 12
- FCS_RNG.1.1: 3
- FCS_RNG.1.2: 3
- FDP:
- FDP_ACC: 52
- FDP_ACC.1: 19
- FDP_ACC.2: 6
- FDP_ACF: 47
- FDP_ACF.1: 24
- FDP_IFC: 27
- FDP_IFC.1: 14
- FDP_IFC.2: 2
- FDP_IFF: 17
- FDP_IFF.1: 14
- FDP_ITC: 14
- FDP_ITC.1: 15
- FDP_ITC.2: 20
- FDP_ITT.1: 2
- FDP_RIP: 107
- FDP_RIP.1: 11
- FDP_RIP.1.1: 1
- FDP_ROL: 14
- FDP_ROL.1: 5
- FDP_SDC.1: 2
- FDP_SDI: 9
- FDP_SDI.2: 4
- FDP_UCT.1: 2
- FDP_UIT: 7
- FDP_UIT.1: 4
- FIA:
- FIA_AFL: 27
- FIA_AFL.1.1: 2
- FIA_AFL.1.2: 2
- FIA_API.1: 2
- FIA_ATD: 14
- FIA_ATD.1: 3
- FIA_UAU: 75
- FIA_UAU.1: 6
- FIA_UAU.1.1: 2
- FIA_UAU.1.2: 2
- FIA_UAU.4: 1
- FIA_UAU.4.1: 1
- FIA_UAU.5.1: 1
- FIA_UAU.5.2: 1
- FIA_UAU.6.1: 1
- FIA_UID: 44
- FIA_UID.1: 19
- FIA_UID.1.1: 2
- FIA_UID.1.2: 2
- FIA_UID.2: 1
- FIA_USB: 7
- FIA_USB.1: 3
- FMT:
- FMT_LIM: 42
- FMT_LIM.1: 18
- FMT_LIM.1.1: 2
- FMT_LIM.2: 17
- FMT_LIM.2.1: 2
- FMT_MSA: 114
- FMT_MSA.1: 15
- FMT_MSA.2: 2
- FMT_MSA.3: 22
- FMT_MTD: 69
- FMT_MTD.1: 13
- FMT_MTD.3: 1
- FMT_SMF: 83
- FMT_SMF.1: 29
- FMT_SMF.1.1: 2
- FMT_SMR: 94
- FMT_SMR.1: 35
- FMT_SMR.1.1: 2
- FMT_SMR.1.2: 2
- FPR:
- FPR_UNO: 6
- FPR_UNO.1: 9
- FPR_UNO.1.1: 1
- FPT:
- FPT_EMS: 4
- FPT_EMS.1: 16
- FPT_EMS.1.1: 3
- FPT_EMS.1.2: 3
- FPT_FLS: 54
- FPT_FLS.1: 18
- FPT_FLS.1.1: 2
- FPT_ITT: 7
- FPT_ITT.1: 2
- FPT_PHP: 8
- FPT_PHP.3: 19
- FPT_PHP.3.1: 1
- FPT_RCV: 15
- FPT_RCV.3: 4
- FPT_RCV.4: 1
- FPT_TDC.1: 8
- FPT_TDC.1.1: 1
- FPT_TDC.1.2: 1
- FPT_TST: 9
- FPT_TST.1: 16
- FPT_TST.1.1: 1
- FPT_TST.1.2: 1
- FPT_TST.1.3: 1
- FRU:
- FTP:
- FTP_ITC: 20
- FTP_ITC.1: 7
- FTP_ITC.1.1: 1
- FTP_ITC.1.2: 1
- FTP_ITC.1.3: 1
- FTP_TRP: 6
- FTP_TRP.1: 7
|
| pdf_data/st_keywords/cc_claims |
- A:
- A.ENVIRONMENT: 2
- A.NOEVIL: 2
- A.PHYSICAL: 2
- O:
- O.AVAILABILITY: 11
- O.CONFIDENTIALITY: 19
- O.INTEGRITY: 5
- OE:
- OE.HARDWARE: 2
- OE.NOEVIL: 2
- OE.PHYSICAL: 2
- T:
- T.DEPLETION: 2
- T.DISCLOSURE: 2
- T.MODIFICATION: 2
|
- A:
- A.CAP_FILE: 4
- A.DELETION: 4
- A.OS-UPDATE-EVIDENCE: 3
- A.SECURE_ACODE_MANAGEMENT: 3
- A.VERIFICATION: 3
- D:
- D.API_DATA: 3
- D.APP_CODE: 6
- D.APP_C_DATA: 3
- D.APP_I_DATA: 5
- D.APP_KEYS: 1
- D.CRYPTO: 5
- D.JCS_CODE: 6
- D.JCS_DATA: 8
- D.OS-: 1
- D.OS-UPDATE-CODE-ID: 3
- D.OS-UPDATE_ADDITIONALCODE: 5
- D.OS-UPDATE_DEC-KEY: 2
- D.OS-UPDATE_SGNVER-KEY: 2
- D.PIN: 4
- D.SEC_DATA: 7
- O:
- O.ALARM: 15
- O.APPLET: 28
- O.ARRAY_VIEWS_CONFID: 7
- O.ARRAY_VIEWS_INTEG: 3
- O.CARD-MANAGEMENT: 21
- O.CIPHER: 11
- O.CODE_CAP_FILE: 23
- O.CONFID-OS-UPDATE: 4
- O.DELETION: 4
- O.FIREWALL: 12
- O.GLOBAL_ARRAYS_CONFID: 9
- O.GLOBAL_ARRAYS_INTEG: 5
- O.INSTALL: 7
- O.JAVAOBJECT: 68
- O.KEY-MNGT: 6
- O.LOAD: 11
- O.NATIVE: 12
- O.OBJ-DELETION: 4
- O.OBJ_DELETION: 4
- O.OPERATE: 15
- O.PIN-MNGT: 6
- O.PIN_MNGT: 4
- O.REALLOCATION: 5
- O.RESOURCES: 9
- O.RND: 1
- O.RNG: 11
- O.SCP: 39
- O.SECURE_AC_ACTIVATION: 5
- O.SECURE_LOAD_ACODE: 9
- O.SID: 13
- O.TOE_IDENTIFICATION: 7
- O.TRANSACTION: 6
- OE:
- OE.CAP_FILE: 5
- OE.CARD-MANAGEMENT: 1
- OE.CODE-EVIDENCE: 11
- OE.NATIVE: 1
- OE.OS-UPDATE-ENCRYPTION: 6
- OE.OS-UPDATE-EVIDENCE: 3
- OE.SCP: 6
- OE.SECURE_ACODE_MANAGEMENT: 3
- OE.VERIFICATION: 25
- OP:
- OP.ARRAY_AASTORE: 3
- OP.ARRAY_ACCESS: 7
- OP.ARRAY_LENGTH: 3
- OP.ARRAY_T_ALOAD: 3
- OP.ARRAY_T_ASTORE: 3
- OP.CREATE: 11
- OP.DELETE_APPLET: 6
- OP.DELETE_CAP_FILE: 4
- OP.DELETE_CAP_FILE_APPLET: 4
- OP.INSTANCE_FIELD: 6
- OP.INVK_INTERFACE: 10
- OP.INVK_VIRTUAL: 8
- OP.JAVA: 8
- OP.PUT: 8
- OP.PUTFIELD: 1
- OP.PUTSTATIC: 1
- OP.THROW: 7
- OP.TYPE_ACCESS: 7
- OSP:
- OSP.ADDITIONAL_CODE_ENCRYPTION: 3
- OSP.ADDITIONAL_CODE_SIGNING: 3
- OSP.ATOMIC_ACTIVATION: 3
- OSP.RNG: 3
- OSP.TOE_IDENTIFICATION: 3
- OSP.VERIFICATION: 3
- OT:
- R:
- T:
- T.CONFID-APPLI-DATA: 3
- T.CONFID-JCS-CODE: 3
- T.CONFID-JCS-DATA: 3
- T.CONFID-OS-UPDATE_LOAD: 3
- T.DELETION: 3
- T.EXE-CODE: 6
- T.FAKE-SGNVER-KEY: 3
- T.INSTALL: 3
- T.INTEG-APPLI-CODE: 6
- T.INTEG-APPLI-DATA: 6
- T.INTEG-JCS-CODE: 3
- T.INTEG-JCS-DATA: 3
- T.INTEG-OS-UPDATE_LOAD: 3
- T.NATIVE: 3
- T.OBJ-DELETION: 3
- T.PHYSICAL: 3
- T.RESOURCES: 3
- T.SID: 6
- T.UNAUTHORIZED_TOE_CODE_UPDATE: 3
- T.WRONG-UPDATE-STATE: 3
|
| pdf_data/st_keywords/vendor |
|
|
| pdf_data/st_keywords/eval_facility |
|
|
| pdf_data/st_keywords/symmetric_crypto |
|
- AES_competition:
- DES:
- 3DES:
- 3DES: 2
- TDEA: 1
- TDES: 12
- Triple-DES: 3
- DES:
- constructions:
|
| pdf_data/st_keywords/asymmetric_crypto |
|
|
| pdf_data/st_keywords/pq_crypto |
|
|
| pdf_data/st_keywords/hash_function |
|
- SHA:
- SHA1:
- SHA2:
- SHA-224: 1
- SHA-256: 2
- SHA-384: 1
- SHA-512: 2
- SHA2: 1
- SHA224: 1
- SHA3:
- SHA3: 2
- SHA3-384: 1
- SHA3-512: 1
|
| pdf_data/st_keywords/crypto_scheme |
|
- KA:
- Key Agreement: 6
- Key agreement: 2
- MAC:
|
| pdf_data/st_keywords/crypto_protocol |
|
|
| pdf_data/st_keywords/randomness |
|
|
| pdf_data/st_keywords/cipher_mode |
|
|
| pdf_data/st_keywords/ecc_curve |
|
|
| pdf_data/st_keywords/crypto_engine |
|
|
| pdf_data/st_keywords/tls_cipher_suite |
|
|
| pdf_data/st_keywords/crypto_library |
|
|
| pdf_data/st_keywords/vulnerability |
|
|
| pdf_data/st_keywords/side_channel_analysis |
|
- FI:
- Malfunction: 6
- Physical Tampering: 3
- fault induction: 2
- malfunction: 9
- physical tampering: 1
- SCA:
- DPA: 2
- Leak-Inherent: 3
- SPA: 1
- physical probing: 7
- timing attacks: 1
|
| pdf_data/st_keywords/technical_report_id |
|
|
| pdf_data/st_keywords/device_model |
|
|
| pdf_data/st_keywords/tee_name |
|
|
| pdf_data/st_keywords/os_name |
|
|
| pdf_data/st_keywords/cplc_data |
|
|
| pdf_data/st_keywords/ic_data_group |
|
- EF:
- EF.DG1: 4
- EF.DG16: 4
- EF.DG3: 1
- EF.DG4: 1
|
| pdf_data/st_keywords/standard_id |
|
- BSI:
- AIS20: 1
- AIS31: 6
- BSI-AIS31: 1
- CC:
- CCMB-2017-04-001: 1
- CCMB-2017-04-002: 1
- CCMB-2017-04-003: 1
- FIPS:
- FIPS 197: 1
- FIPS180-4: 2
- FIPS197: 5
- FIPS202: 2
- ICAO:
- NIST:
- PKCS:
- SCP:
- SCP01: 4
- SCP02: 4
- SCP03: 5
|
| pdf_data/st_keywords/javacard_version |
|
|
| pdf_data/st_keywords/javacard_api_const |
|
|
| pdf_data/st_keywords/javacard_packages |
|
- com:
- com.gemalto.belpic: 1
- com.gemalto.javacard.eid: 1
- com.gemalto.javacard.fido.ctap: 1
- com.gemalto.javacard.iasclassic: 1
- com.gemalto.javacard.mspnp: 1
- com.gemalto.javacardx.gdp: 1
- com.gemalto.moc.client: 1
- com.gemalto.moc.server: 1
- com.gemalto.mpcos: 1
- com.gemalto.puredi: 1
- com.gemalto.tacho: 1
- java:
- javacard:
- javacard.eid: 1
- javacard.fido.ctap: 1
- javacard.framework: 3
- javacard.iasclassic: 1
- javacard.mspnp: 1
- javacardx:
|
| pdf_data/st_keywords/certification_process |
|
- OutOfScope:
- • The DELETE and INSTALL APDU commands are out of scope of this SPM: 1
- 1 : MultiApp v5.1 Rev. B with biometry features but forbidden to use without patch (biometry is out of scope of the TOE) 2. Config 2 : MultiApp v5.1 Rev. C with biometry features but forbidden to use without: 1
- 1, are out of the scope of the SPM as they are linked to the applet loading or deletion that is out of scope of the SPM boundaries limited to VM opcodes The SFR FMT_MTD.3/JCRE is out of scope of the SPM: 1
- Context, the Selected Applet Context, and the Active Applets Note: the Selected Applet context is out of scope of the VM functionalities. It is a process that occurs prior to VM start The initial setting of: 1
- a timeout policy that prevent them from being blocked should a card fails to answer. That point is out of scope of this Security Target, though. Finally, the objectives O.SCP.RECOVERY and O.SCP.SUPPORT are: 1
- and deletion; see #.DELETION and #.INSTALL). • The DELETE and INSTALL APDU commands are out of scope of this SPM. The list of registred applets’ AIDs is proven to be not modified during the execution: 1
- as a null reference. Such a mechanism is implementation-dependent. The deletion of applets is out of scope of this SPM scope. In the case of an array type, fields are components of the array ([JVM], §2.14: 1
- because AID registry is created during loading phase, which is also out of scope of the SPM (Hypothesis 2 of the SPM document [MAV51_SPM]). MultiApp V5.1: JCS Security Target ST: 1
- biometry is out of scope of the TOE: 2
- biometry is out of scope of the TOE) 3. Config 3 : MultiApp v5.1 Rev. B with biometry features included in the TOE (Upgraded: 1
- filter set = 0x00 and 0x10) no patch is loaded and Biometry feature is out of scope of the TOE: 1
- for 2 others configurations (filter set = 0x00 and 0x10) no patch is loaded and Biometry feature is out of scope of the TOE. If another patch is required in the future, it would require at least a maintenance of: 1
- in §1.3, Filter set field = 0X00 Rev. C with patch or 0X10 Rev. C with patch), we consider BioPIN out of scope of the TOE: 1
- in §1.3, Filter set field = 0X00 Rev. C with patch or 0X10 Rev. C with patch), we consider BioPIN out of scope of the TOE. 2.4 TOE DESCRIPTION 2.4.1 Architecture The MultiApp V5.1 platform is an operating: 1
- is also out of scope (Hypothesis 4 of the SPM document [MAV51_SPM]).. 3) S.CAP_FILE performing OP.ARRAY_AASTORE of the: 1
- out of scope: 13
- the active context is not the same as the Selected Applet Context. Application note: This rule is out of scope of the SPM modelisation because CLEAR_ON_DESELECT objects can be created exclusively in the API: 1
|
| pdf_data/st_metadata |
- /Author: Kernkonzept GmbH
- /CreationDate: D:20260126154027+01'00'
- /Creator: Writer
- /Keywords: L4Re Operating System Framework, L4Re Hypervisor, Microkernel, Operating system
- /Producer: LibreOffice 25.8.4.2 (X86_64) / LibreOffice Community
- /Subject: L4Re SSK
- /Title: Security Target for L4Re Secure Separation Kernel CC 1.0.2
- pdf_file_size_bytes: 1209582
- pdf_hyperlinks: https://l4re.org/doc/group__l4__icu__api.html
- pdf_is_encrypted: False
- pdf_number_of_pages: 61
|
- /CreationDate: D:20251211164905+01'00'
- /Creator: Microsoft® Word for Microsoft 365
- /MSIP_Label_c6c1d335-5221-4a6a-889f-c684b2c8474c_ActionId: f58ac3a4-cc4c-4041-89a2-6ca192dcfb3a
- /MSIP_Label_c6c1d335-5221-4a6a-889f-c684b2c8474c_ContentBits: 3
- /MSIP_Label_c6c1d335-5221-4a6a-889f-c684b2c8474c_Enabled: true
- /MSIP_Label_c6c1d335-5221-4a6a-889f-c684b2c8474c_Method: Privileged
- /MSIP_Label_c6c1d335-5221-4a6a-889f-c684b2c8474c_Name: DIS Limited Distribution Scope
- /MSIP_Label_c6c1d335-5221-4a6a-889f-c684b2c8474c_SetDate: 2025-09-18T16:02:23Z
- /MSIP_Label_c6c1d335-5221-4a6a-889f-c684b2c8474c_SiteId: 6e603289-5e46-4e26-ac7c-03a85420a9a5
- /ModDate: D:20251211164905+01'00'
- /Producer: Microsoft® Word for Microsoft 365
- pdf_file_size_bytes: 4460503
- pdf_hyperlinks: https://www.ssi.gouv.fr/uploads/2021/03/anssi-guide-mecanismes_crypto-2.04.pdf
- pdf_is_encrypted: False
- pdf_number_of_pages: 156
|
| state/cert/convert_garbage |
None |
None |
| state/cert/convert_ok |
True |
True |
| state/cert/download_ok |
True |
True |
| state/cert/extract_ok |
False |
False |
| state/cert/pdf_hash |
Different |
Different |
| state/cert/txt_hash |
Different |
Different |
| state/report/convert_garbage |
None |
None |
| state/report/convert_ok |
True |
True |
| state/report/download_ok |
True |
True |
| state/report/extract_ok |
True |
True |
| state/report/pdf_hash |
Different |
Different |
| state/report/txt_hash |
Different |
Different |
| state/st/convert_garbage |
None |
None |
| state/st/convert_ok |
True |
True |
| state/st/download_ok |
True |
True |
| state/st/extract_ok |
True |
True |
| state/st/pdf_hash |
Different |
Different |
| state/st/txt_hash |
Different |
Different |