sec-certs

Tool for analysis of security certificates and their security targets (Common Criteria, NIST FIPS140-2...).

https://github.com/crocs-muni/sec-certs

Science Score: 57.0%

This score indicates how likely this project is to be science-related based on various indicators:

✓
CITATION.cff file
Found CITATION.cff file
✓
codemeta.json file
Found codemeta.json file
✓
.zenodo.json file
Found .zenodo.json file
✓
DOI references
Found 6 DOI reference(s) in README
○
Academic publication links
○
Academic email domains
○
Institutional organization owner
○
JOSS paper metadata
○
Scientific vocabulary similarity
Low similarity (12.8%) to scientific vocabulary

Keywords

cc common-criteria data-science fips-140 python security-certificates

Last synced: 6 months ago · JSON representation ·

Repository

Tool for analysis of security certificates and their security targets (Common Criteria, NIST FIPS140-2...).

Basic Info

Host: GitHub
Owner: crocs-muni
License: mit
Language: Jupyter Notebook
Default Branch: main
Homepage: https://sec-certs.org
Size: 66.1 MB

Statistics

Stars: 19
Watchers: 7
Forks: 9
Open Issues: 26
Releases: 16

Topics

cc common-criteria data-science fips-140 python security-certificates

Created over 6 years ago · Last pushed 7 months ago

Metadata Files

Readme Contributing License Code of conduct Citation

Sec-certs

A tool for data scraping and analysis of security certificates from Common Criteria and FIPS 140-2/3 frameworks.

Papers

Three publications accompany this project:

[!NOTE] - Janovsky, A., Jancar, J., Svenda, P., Chmielewski, Ł., Michalik, J., & Matyas, V. (2024). sec-certs: Examining the security certification practice for better vulnerability mitigation. Computers & Security, 143. https://doi.org/10.1016/j.cose.2024.103895 - Janovsky, A., Chmielewski, Ł., Svenda, P., Jancar, J., Matyas, V. (2024). Chain of Trust: Unraveling References Among Common Criteria Certified Products. In: Pitropakis, N., Katsikas, S., Furnell, S., Markantonakis, K. (eds) ICT Systems Security and Privacy Protection. SEC 2024. IFIP Advances in Information and Communication Technology, vol 710. Springer, Cham. https://doi.org/10.1007/978-3-031-65175-5_14 - Janovsky, A., Chmielewski, Ł., Svenda, P., Jancar, J., Matyas, V. (2025) Revisiting the analysis of references among Common Criteria certified products. Computers & Security, 152. https://doi.org/10.1016/j.cose.2025.104362

Installation

Use Docker with docker pull seccerts/sec-certs or just pip install -U sec-certs && python -m spacy download en_core_web_sm. For more elaborate description, see docs.

Usage

There are two main steps in exploring the world of security certificates:

Data scraping and data processing all the certificates
Exploring and analysing the processed data

For the first step, we currently provide CLI. For the second step, we provide simple API that can be used directly inside our Jupyter notebook or locally, together with a fully processed datasets that can be downloaded.

More elaborate usage is described in docs/quickstart. Also, see example notebooks either at GitHub or at docs. From docs, you can also run our notebooks in Binder.

If you are looking for the sources of the web-page at sec-certs.org look into the page branch of this repository.

Data scraping

Run sec-certs cc all for Common Criteria processing, sec-certs fips all for FIPS 140 processing.

Data analysis

Most probably, you don't want to fully process the certification artifacts by yourself. Instead, you can use our results and explore them as a data structure. An example snippet follows. For more, see example notebooks. Tip: these can be run with Binder from our docs.

```python from sec_certs.dataset import CCDataset

dset = CCDataset.fromweb() # now you can inspect the object, certificates are held in dset.certs df = dset.topandas() # Or you can transform the object into Pandas dataframe dset.tojson( './latestccsnapshot.json') # You may want to store the snapshot as json, so that you don't have to download it again dset = CCDataset.fromjson('./latestccsnapshot.json') # you can now load your stored dataset again

Get certificates with some CVE

vulnerablecerts = [x for x in dset if x.heuristics.relatedcves] dfvulnerable = df.loc[~df.relatedcves.isna()]

Show CVE ids of some vulnerable certificate

print(f"{vulnerablecerts[0].heuristics.relatedcves=}")

Get certificates from 2015 and newer

df2015andnewer = df.loc[df.yearfrom > 2014]

Plot distribution of years of certification

df.yearfrom.valuecounts().sort_index().plot.line() ```

Authors

This work is being done at CRoCS MUNI by Adam Janovsky, Jan Jancar, Petr Svenda, Jiri Michalik, Lukasz Chmielewski and other contributors. This work was supported by the Internal grant agency of Masaryk University, CZ.02.2.69/0.0/0.0/19_073/0016943.

Owner

Name: CRoCS
Login: crocs-muni
Kind: organization
Location: Faculty of Informatics, Masaryk University, Brno

Website: https://crocs.fi.muni.cz
Repositories: 95
Profile: https://github.com/crocs-muni

Centre for Research on Cryptography and Security

Citation (CITATION.bib)

@article{sec-certs,
	title = {sec-certs: Examining the security certification practice for better vulnerability mitigation},
	journal = {Computers & Security},
	volume = {143},
	year = {2024},
	issn = {0167-4048},
	doi = {https://doi.org/10.1016/j.cose.2024.103895},
	url = {https://www.sciencedirect.com/science/article/pii/S0167404824001974},
	author = {Adam Janovsky and Jan Jancar and Petr Svenda and Łukasz Chmielewski and Jiri Michalik and Vashek Matyas},
	keywords = {Security certification, Common criteria, Vulnerability assessment, Data analysis, Smartcards}
}

GitHub Events

Total

Create event: 43
Commit comment event: 5
Release event: 2
Issues event: 25
Watch event: 7
Delete event: 33
Member event: 1
Issue comment event: 110
Push event: 310
Pull request review comment event: 73
Pull request review event: 72
Pull request event: 86

Last Year

Create event: 43
Commit comment event: 5
Release event: 2
Issues event: 25
Watch event: 7
Delete event: 33
Member event: 1
Issue comment event: 110
Push event: 310
Pull request review comment event: 73
Pull request review event: 72
Pull request event: 86

Issues and Pull Requests

Last synced: 6 months ago

All Time

Total issues: 14
Total pull requests: 39
Average time to close issues: about 1 year
Average time to close pull requests: about 1 month
Total issue authors: 3
Total pull request authors: 8
Average comments per issue: 0.86
Average comments per pull request: 1.26
Merged pull requests: 22
Bot issues: 0
Bot pull requests: 13

Past Year

Issues: 11
Pull requests: 37
Average time to close issues: about 1 month
Average time to close pull requests: 5 days
Issue authors: 3
Pull request authors: 6
Average comments per issue: 0.55
Average comments per pull request: 1.08
Merged pull requests: 22
Bot issues: 0
Bot pull requests: 13

View more stats

Top Authors

Issue Authors

J08nY (16)
adamjanovsky (9)
fedorst (3)
petrs (1)

Pull Request Authors

J08nY (40)
dependabot[bot] (36)
adamjanovsky (14)
hofin34 (2)
petrs (2)
xvalec01 (2)
xmoravec (1)
yasirdemircan (1)
Julik24 (1)
fedorst (1)
mukrop (1)
GeorgeFI (1)

Top Labels

Issue Labels

cc (10) bug (8) enhancement (7) refactoring (3) web (3) fips (2) cve (2) cpe (2) pp (2) help wanted (2) good first issue (1) dependencies (1) CI/CD (1)

Pull Request Labels

dependencies (36) python (13) enhancement (9) web (7) cc (5) bug (5) refactoring (4) pp (2) fips (2) github_actions (1)

Packages

Total packages: 1
Total downloads:
- pypi 25 last-month

Total dependent packages: 0
Total dependent repositories: 1
Total versions: 16
Total maintainers: 1

pypi.org: sec-certs

A tool for data scraping and analysis of security certificates from Common Criteria and FIPS 140-2/3 frameworks

Homepage: https://sec-certs.org
Documentation: https://sec-certs.org/docs
License: MIT
Latest release: 0.3.2
published about 1 year ago

Versions: 16
Dependent Packages: 0
Dependent Repositories: 1
Downloads: 25 Last month

Rankings

Dependent packages count: 10.0%

Dependent repos count: 21.7%

Average: 27.2%

Downloads: 50.0%

Maintainers (1)

seccerts