Application of attack potential to hardware devices with security boxes

This state-of-the-art document supporting the EUCC scheme interprets the Common Criteria Methodology (CEM), based on evaluation experience in the technical domain “Hardware Devices with Security Boxes” and input from the related industry through the JIL Embedded Devices Subgroup (JEDS) of the SOG-IS1. 

It provides guidance metrics to calculate the attack potential required by an attacker to effect an attack on ICT products of the technical domain “Hardware Devices with Security Boxes”. The underlying objective is to aid in expressing the total effort required to mount a successful attack. This should be applied to the operational behaviour of such ICT product as defined in a related Security Target of the product under evaluation.