A Security Requirement Management Database Based on ISO/IEC 15408

Morimoto, Shoichi; Horie, Daisuke; Cheng, Jingde

doi:10.1007/11751595_129

Cited by 7 publications

(7 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Specifications verified in the verification process can be considered to be certified by ISO/IEC 15408. We are publishing the formalized criteria, and a database supporting the verification, on our web site [7,14].…”

Section: Discussionmentioning

confidence: 99%

Formal verification of security specifications with common criteria

Morimoto¹,

Shigematsu

Goto

et al. 2007

Proceedings of the 2007 ACM Symposium on Applied Computing

Self Cite

View full text Add to dashboard Cite

This paper proposes a formalization and verification technique for security specifications, based on common criteria. Generally, it is difficult to define reliable security properties that should be applied to validate an information system. Therefore, we have applied security functional requirements that are defined in the ISO/IEC 15408 common criteria to the formal verification of security specifications. We formalized the security criteria of ISO/IEC 15408 and developed a process, using Z notation, for verifying security specifications. We also demonstrate some examples of the verification instances using the theorem prover Z/EVES. In the verification process, one can verify strictly whether specifications satisfy the security criteria defined in ISO/IEC 15408.

show abstract

Section: Discussionmentioning

confidence: 99%

Formal verification of security specifications with common criteria

Morimoto¹,

Shigematsu

Goto

et al. 2007

Proceedings of the 2007 ACM Symposium on Applied Computing

Self Cite

View full text Add to dashboard Cite

show abstract

“…There are existing tools used for managing and querying data sets for domains similar to ICPS. For instance, in [10] authors discuss an approach to store information related to security standards in relational databases and Structured Query Language (SQL) is used for data retrieval. In [11], authors have discussed an approach to store security requirements in a schema less XML database.…”

Section: Introductionmentioning

confidence: 99%

“…In [14], authors have proposed an approach based on graph databases for genome sequencing. The approaches discussed so far, except [10] use graph theory concepts to handle and inquiry data. In this paper, we present a tool that uses a graph database to store the P2660.1 data set and, automates the analysis of existing interfacing practices on user-defined selection criteria.…”

Section: Introductionmentioning

confidence: 99%

IASelect: Finding Best-fit Agent Practices in Industrial CPS Using Graph Databases

Sharma

Sinha

Leitão

2019

2019 IEEE 17th International Conference on Industrial Informatics (INDIN)

View full text Add to dashboard Cite

The ongoing fourth Industrial Revolution depends mainly on robust Industrial Cyber-Physical Systems (ICPS). ICPS includes computing (software and hardware) abilities to control complex physical processes in distributed industrial environments. Industrial agents, originating from the well-established multi-agent systems field, provide complex and cooperative control mechanisms at the software level, allowing us to develop larger and more feature-rich ICPS. The IEEE P2660.1 standardisation project, "Recommended Practices on Industrial Agents: Integration of Software Agents and Low Level Automation Functions" focuses on identifying Industrial Agent practices that can benefit ICPS systems of the future. A key problem within this project is identifying the best-fit industrial agent practices for a given ICPS. This paper reports on the design and development of a tool to address this challenge. This tool, called IASelect, is built using graph databases and provides the ability to flexibly and visually query a growing repository of industrial agent practices relevant to ICPS. IASelect includes a frontend that allows industry practitioners to interactively identify best-fit practices without having to write manual queries.

show abstract

“…The security requirement management database, named ISEDS, can manage data of specifications which are designed in conformity to ISO/IEC 15408 common criteria [1,4]. The criteria define security functional requirements which should be applied to validate an information system [2].…”

Section: The Security Requirement Management Databasementioning

confidence: 99%

“…Thus, we have developed a security requirement management database with a relational database, which supports development of secure information systems [1,4]. Users of the database can effectively manage and reuse security requirements in security specifications.…”

Section: Introductionmentioning

confidence: 99%

A Security Specification Library with a Schemaless Database

Morimoto

Cheng

2007

Computational Science – ICCS 2007

Self Cite

View full text Add to dashboard Cite

Abstract. In order to develop highly secure information systems, it is important to make a security specification of the systems, although it requires heavy labor. Thus database technologies have been applied to software engineering and information security engineering for practical reuse of security specifications. However, because the specifications do not have fixed layout, it is difficult to develop a flexible and useful library for the documents with conventional database technologies. Therefore, this paper proposes a security specification library with a schemaless native XML database. Users of the library can directly store and manage security specifications with any layout. Consequently, the library mitigates the labor for making security specifications.

show abstract

A Security Requirement Management Database Based on ISO/IEC 15408

Cited by 7 publications

References 0 publications

Formal verification of security specifications with common criteria

Formal verification of security specifications with common criteria

IASelect: Finding Best-fit Agent Practices in Industrial CPS Using Graph Databases

A Security Specification Library with a Schemaless Database

Contact Info

Product

Resources

About