Formal verification of security specifications with common criteria

Morimoto, Shoichi; Shigematsu, Shinjiro; Goto, Yuichi; Cheng, Jingde

doi:10.1145/1244002.1244325

Cited by 15 publications

(4 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The specifications which are described with the database can be considered to be the security specification certified by ISO/IEC 15408. This fact is verifiable by our formal verification technique [3,5].…”

Section: Discussionmentioning

confidence: 63%

A Security Specification Library with a Schemaless Database

Morimoto

Cheng

2007

Computational Science – ICCS 2007

Self Cite

View full text Add to dashboard Cite

Abstract. In order to develop highly secure information systems, it is important to make a security specification of the systems, although it requires heavy labor. Thus database technologies have been applied to software engineering and information security engineering for practical reuse of security specifications. However, because the specifications do not have fixed layout, it is difficult to develop a flexible and useful library for the documents with conventional database technologies. Therefore, this paper proposes a security specification library with a schemaless native XML database. Users of the library can directly store and manage security specifications with any layout. Consequently, the library mitigates the labor for making security specifications.

show abstract

Section: Discussionmentioning

confidence: 63%

A Security Specification Library with a Schemaless Database

Morimoto

Cheng

2007

Computational Science – ICCS 2007

Self Cite

View full text Add to dashboard Cite

show abstract

“…Furthermore, some tools have been developed to fulfill security requirements. For example, Morimoto et al [149] proposed a process that makes the security specifications with the CC formalized in a mathematics manner. In addition, Teri et al [150] introduced a model called B method that can formally model security specifications of the Java Card.…”

Section: Future Directionsmentioning

confidence: 99%

Defining Security Requirements With the Common Criteria: Applications, Adoptions, and Challenges

Sun

Chan

et al. 2022

IEEE Access

View full text Add to dashboard Cite

Advances in emerging Information and Communications Technology (ICT) technologies push the boundaries of what is possible and open up new markets for innovative ICT products and services.The adoption of ICT products and systems with security properties depends on consumers' confidence and markets' trust in the security functionalities and whether the assurance measures applied to these products meet the inherent security requirements. Such confidence and trust are primarily gained through the rigorous development of security requirements, validation criteria, evaluation, and certification. The Common Criteria for Information Technology Security Evaluation (often referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for cyber security. Motivated by encouraging the adoption of the CC that is used for ICT security evaluation and certification, in this paper, we conduct a systematic review of the CC standard and its adoptions. Adoption barriers of the CC are investigated based on the analysis of current trends in cyber security evaluation. In addition, we share the experiences and lessons gained through the recent Development of Australian Cyber Criteria Assessment (DACCA) project on the development of the Protection Profile that defines security requirements with the CC. Best practices, challenges, and future directions on defining security requirements for trusted cyber security advancement are presented.

show abstract

“…In [23,13] concepts for the application of formal methods to a secure software implementation flow are presented. Some of the presented techniques can also be applied to hardware certification, but abstraction is a challenge concerning RTL descriptions.…”

Section: High-level Verification For the Security Domainmentioning

confidence: 99%

Automatized high-level evaluation of security properties for RTL hardware designs

Höller

Preschern

Steger

et al. 2013

Proceedings of the Workshop on Embedded Systems Security

View full text Add to dashboard Cite

The ever increasing integration of embedded systems into our every lives created a strong demand for trustable software and hardware implementations. To provide such trust between manufacturer and customer of integrated systems, regulatory rules like the Common Criteria have been defined. While this international standard clearly prescribes the usage of formal methods at high assurance level, formal verification at code-level is not widespread in practice. This work introduces a novel approach to verify the correct functionality of security critical hardware implementations under fault conditions. Generality is enabled by high-level evaluation using state machines extracted in an automatized way.

show abstract

Formal verification of security specifications with common criteria

Cited by 15 publications

References 14 publications

A Security Specification Library with a Schemaless Database

A Security Specification Library with a Schemaless Database

Defining Security Requirements With the Common Criteria: Applications, Adoptions, and Challenges

Automatized high-level evaluation of security properties for RTL hardware designs

Contact Info

Product

Resources

About