Secure systems development based on the common criteria

Vetterling, Monika; Wimmel, Guido; Wisspeintner, Alexander

doi:10.1145/605466.605486

Cited by 12 publications

(13 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Vetterling et al [56] propose an approach for developing secure systems evaluated under the Common Criteria. In their approach, tests covering security requirements are created manually and represented as sequence diagrams.…”

Section: Resultsmentioning

confidence: 99%

A systematic classification of security regression testing approaches

Felderer

Fourneret

2015

Int J Softw Tools Technol Transfer

View full text Add to dashboard Cite

The openness of modern IT systems and their permanent change make it challenging to keep these systems secure. A combination of regression and security testing called security regression testing, which ensures that changes made to a system do not harm its security, are therefore of high significance and the interest in such approaches has steadily increased. In this article we present a systematic classification of available security regression testing approaches based on a solid study of background and related work to sketch which parts of the research area seem to be well understood and evaluated, and which ones require further research. For this purpose we extract approaches relevant to security regression testing from computer science digital libraries based on a rigorous search and selection strategy. Then, we provide a classification of these according to security regression approach criteria: abstraction level, security issue, regression testing techniques, and tool support, as well as evaluation criteria, for instance evaluated system, maturity of the system, and evaluation measures. From the resulting classification we derive observations with regard to the abstraction level, regression testing techniques, tool support as well as evaluation, and finally identify several potential directions of future research.

show abstract

Section: Resultsmentioning

confidence: 99%

A systematic classification of security regression testing approaches

Felderer

Fourneret

2015

Int J Softw Tools Technol Transfer

View full text Add to dashboard Cite

show abstract

“…Common Criteria [7,11,12] (CC) is emerging as an international standard and CC inspired security engineering frameworks have been proposed [13][14][15][16]. Proposed frameworks, however, focus on security engineering processes and fail to provide tools for developers to construct CC compliant assurance evidence.…”

Section: Experiments Setup and Justificationmentioning

confidence: 99%

A technique for expressing IT security objectives

Leiwo

Kwok

Maskell

et al. 2006

Information and Software Technology

View full text Add to dashboard Cite

“…The aim of ST is to describe the TOE itself and its security environment, security objectives, the claimed EAL, and related threats. In fact, the ST is the core document of system development based on the CC [13]. Most of the time, STs are produced by TOE developers themselves, nevertheless sometimes the CC evaluation laboratory, which is to evaluate the TOE, may help the developers through the ST preparation process.…”

Section: Overviewmentioning

confidence: 99%

“…So far, there have been a lot of efforts to make the CC more practical, comfortable, and cost effective to use. Vetterling et al in [13] show how to integrate security aspects into the software engineering process based on CC. In [10], Lee et al…”

Section: Introductionmentioning

confidence: 99%

“…The CC describes the relevant terms and their interpretation in an abstract way. Therefore, the CC leaves too much room for ambiguities and it is often difficult to find the right meaning of the security requirements [ 13]. Furthermore, the other problem of evaluation process based on the CC is that it is a time consuming process, so it eventually makes the process a costly one.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Common Criteria Security Evaluation: A Time and Cost Effective Approach

Razzazi

Jafari²,

Moradi³

et al.

2006 2nd International Conference on Information &Amp; Communication Technologies

View full text Add to dashboard Cite

Security is one of the most important concerns for both developers and consumers in the Information Technology (IT) world. Developing secure IT products demands some standards to assure the security level of the products. Common Criteria (CC) standard is formed to achieve this goal. But like other standards, CC has its own problems. In this paper, we address two of these problems. abstraction and time problems. Abstraction in the context of Common Criteria evaluation methodology is one of the most significant problems in the IT product evaluation process. Furthermore, the other problem of evaluation process based on Common Criteria is that it is a time consuming process, so it eventually makes the process a costly one. To solve these two problems, we decompose the tasks mentioned in the CC standard into finer ones. Moreover, we propose various expertises and task parallelism for performing aforementionedfiner tasks.

show abstract

Secure systems development based on the common criteria

Cited by 12 publications

References 19 publications

A systematic classification of security regression testing approaches

A systematic classification of security regression testing approaches

A technique for expressing IT security objectives

Common Criteria Security Evaluation: A Time and Cost Effective Approach

Contact Info

Product

Resources

About