Structuring Modular Safety Software Certification by Using Common Criteria Concepts

Safety and security certification are time and money consuming tasks. Changes to certified systems usually require re-certification of the whole product. Modular certification approaches applied to the safety and security domain aim at reducing these costs. In this paper, modular certification concepts with focus on IEC 61508 safety certification are analyzed and an approach for structuring the modular certification process by providing detailed requirements is suggested. We gather requirements from the security domain in order to fulfill objectives which have to be reached to enable modular safety certification. Functional requirements are taken from the Common Criteria Separation Kernel Protection Profile and assurance requirements are taken from a Common Criteria class responsible for compositional security certification.