A security specification verification technique based on the international standard ISO/IEC 15408

Morimoto, Shoichi; Shigematsu, Shinjiro; Goto, Yuichi; Cheng, Jingde

doi:10.1145/1141277.1141701

Cited by 4 publications

(1 citation statement)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For using these approaches, we formalized all 251 security functional requirements as formal criteria. We have already proposed a security specification verification technique using them [18,19]. Since the formal criteria have been defined as templates for flexibility, they must be instantiated in order to fit into a target specification.…”

Section: The Formal Verification Of the Examplementioning

confidence: 99%

Patterning Protection Profiles by UML for Security Specifications

Morimoto

Cheng

International Conference on Computational Intelligence for Modelling, Control and Automation and International Conference on In

View full text Add to dashboard Cite

A protection profile is a security specification template that defines an implementation-independent set of IT security requirements for a category of information systems. The protection profiles have also been certified to satisfy the international standard ISO/IEC 15408 security criteria. However, because the protection profiles are complicated and their classifications are not clear, they are not widely used. This paper proposes an approach to model protection profiles as UML patterns. By using the patterns, designers and developers can easily specify security issues of target systems to satisfy ISO/IEC 15408 criteria. The paper also shows how to verify specifications with the patterns by theorem-proving and model-checking technologies.

show abstract

Section: The Formal Verification Of the Examplementioning

confidence: 99%