[SOLUTION] Please describe your proposed solution.
Common Criteria is a language for security requirements for software products.
The developer provides security target with their product.
The security target is used by an independent auditor to evaluate the product and issue a certificate.
The certificate is mutually recognized by countries who signed the agreement.
Common Criteria is the basis for Certification standard on Cardano as described by CIP 96
[IMPACT] Please define the positive impact your project will have on the wider Cardano community.
Newly introduced CIP’s 96 and 72 on dApp certification and registration regulate dApp security on Cardano.
In order to issue a certificate, an audit must be performed by one of trusted companies.
In order to submit their dApp to an audit the developer must provide a Security Target which describes security features and the processes that need to be maintained for the product to retain its security guarantees.
We will provide an example of such document, which will save time and money for developers who choose Helios as their tool
[CAPABILITY & FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?
This work will be carried out under supervision from experts Certification Working Group which includes members of trusted auditors, such as MLabs, IOG and Tweag.
[Project Milestones] What are the key milestones you need to achieve in order to complete your project successfully?
This milestone covers the finalized source code for potential-robot, a simple architecture example of a dApp component in Helios using vesting smart contract as an example.
To verify that the milestone is complete source code files for transactions that correspond to vesting validator must exist in the repository and the tests that validate correctness of the transactions must pass
This milestone covers the Security Target.
The security target is a document.
To verify that the milestone has been achieved a vote must pass in the Certification working group and the group itself must be quorate.
The conditions for passing a vote are described in the working group documentation repository.
The final milestone covers both the source code for the component and its security target.
The Security Target must be accepted by the members of Certification Working Group, and the software must pass the tests described in the Security Target.
[RESOURCES] Who is in the project team and what are their roles?
Aleksei Seregin is a programmer and an enthusiast in the Cardano Ecosystem.
https://www.linkedin.com/in/alex-seregin/
Certification Working Group is a community working group. The list of members of Certification working group can be found in the Working Groups discord server, link to which can be found in the working groups github repository, which is linked in this proposal.
[BUDGET & COSTS] Please provide a cost breakdown of the proposed work and resources.
The work is projected to take 200 hours to complete.
50 hours is the software development work needed to finalize the software, and 150 hours is the projected time needed to analyze the existing documentation and produce the document that is the output of this proposal.
[VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?
To the best of our ability we calculate our hourly rate to be close to average across the ecosystem.