Applying the common criteria in systems engineering

Keblawi, Feisal; Sullivan, Dick

doi:10.1109/msp.2006.35

Cited by 23 publications

(14 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Common Criteria [11] is mature and well used SE principal that is ISO certified. A previous study has examine Common Criteria from an Agile perspective and identified activities similarly to ours [12].…”

Section: Common Criteriamentioning

confidence: 99%

Agile development with security engineering activities

Baca

Carlsson

2011

Proceedings of the 2011 International Conference on Software and Systems Process

View full text Add to dashboard Cite

Agile software development has been used by industry to create a more flexible and lean software development process, i.e making it possible to develop software at a faster rate and with more agility during development. There are however concerns that the higher development pace and lack of documentation are creating less secure software. We have therefore looked at three known Security Engineering processes, Microsoft SDL, Cigatel touchpoints and Common Criteria and identified what specific security activities they performed. We then compared these activities with an Agile development process that is used in industry. Developers, from a large telecommunication manufacturer, were interviewed to learn their impressions on using these security activities in an agile development process. We produced a security enhanced Agile development process that we present in this paper. This new Agile process use activities from already established security engineering processes that provide the benefit the developers wanted but did not hinder or obstruct the Agile process in a significant way.

show abstract

Section: Common Criteriamentioning

confidence: 99%

Agile development with security engineering activities

Baca

Carlsson

2011

Proceedings of the 2011 International Conference on Software and Systems Process

View full text Add to dashboard Cite

show abstract

“…to comply with the stringent documentation requirements of, e.g., the Common Criteria [24], several authors have argued that agility and security need not be inversely proportional measures. Beznosov [25] opines that the agile XP methodology can provide "good enough" security, while Wäyrynen et al [26] claim that the solution to achieving security in an XP development is simply to add a security engineer to the team.…”

Section: Discussionmentioning

confidence: 99%

The Road to Hell is Paved with Good Intentions: A Story of (In)secure Software Development

Sasson

Jaatun

Jensen

2010

2010 International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Abstract-In this paper, we present the results of a security assessment performed on a home care system based on SOA, realised as web services. The security design concepts of this platform were specifically tailored to meet new security challenges and to be compliant with legal frameworks applicable to the healthcare domain. This security design was fed as input to the development team, which implemented the system. However, our assessment revealed a software platform with severe security weaknesses and vulnerabilities, demonstrating dangers that are, or should be, well known.Our experience illustrates that security must be built as an intrinsic software property and emphasises the need for security awareness throughout the whole software development lifecycle.

show abstract

“…The analysis is performed using the Security Quality Requirements Engineering (SQUARE) [35] and Security Requirements Engineering Process (SREP) [36] methods, and total of 72 systems security requirements, 76 threats, and 32 vulnerabilities are elicited and specified. SQUARE method facilitates the exploration of securityrelated issues in the early system development stages to reduce costs and increase efficiency.…”

Section: Sg Systems Security Analysismentioning

confidence: 99%