Modelling Security Requirements for Software Development with Common Criteria
Designing software needs to address the issues of adaptation and evaluation in terms of object-oriented concepts to prevent the loss of resources in terms of system failure. System security assessments are common practice and system certification according to a standard requires submitting relevant software security information to applicable authorities. Many security-related standards exist for the development of various security-critical systems however Common Criteria (ISO/IEC 15408) is an International de-facto standard which provides assurance for specification, implementation, and evaluation of an IT security product. This research will provide aid in better communication and enhanced collaboration among different stakeholders especially between software and security engineers by proposing a model of security-related concepts in de-facto standard Unified Modeling Language (UML). In this paper, we present a Usage Scenario and a Conceptual Model by extracting key security-related concepts from Common Criteria. The effectiveness is illustrated by a case study on Facebook Meta-Model, which is built for the evaluation purpose of Common Criteria models.
KeywordsSecurity requirement engineering Security evaluation Software modelling UML profile Common Criteria (ISO/IEC 15408)
The first author would like to thank her parents for their generous support. This work is fully supported by Nanjing University of Aeronautics and Astronautics under China Government Scholarship.
- 1.Mellado, D., Fernández-Medina, E., Piattini, M.: A common criteria based security requirements engineering process for the development of secure information systems. Comput. Stand. Interfaces 29(2), 243–253 (2017)Google Scholar
- 3.Tarique, M.D., Jama, A., Dhirendra, P., Mamdouh, A.: STORE: security threat oriented requirements engineering methodology. J. King Saud Univ. Comput. Inf. Sci. (2018)Google Scholar
- 4.Nancy, R., Ted, S.: Security quality requirements engineering (SQUARE) methodology. In: SESS 2005 Proceedings of the 2015 Workshop on Software Engineering for Secure Systems–Building Trustworthy Applications, pp. 1–7. ACM SIGSOFT Software Engineering Notes, New York (2015). https://doi.org/10.1145/1082983.1083214CrossRefGoogle Scholar
- 5.Cyber Security Standards. https://en.wikipedia.org/wiki/Cyber-security-standards. Accessed 2 Mar 2018
- 6.Common Criteria. https://www.commoncriteriaportal.org/. Accessed 5 Jan 2018
- 10.Mohammad, U., Shams, T.: TSSR: a proposed tool for secure software requirement management. Int. J. Inf. Technol. Comput. Sci. (IJITCS) 7(1), 1–11 (2014)Google Scholar
- 13.Common Criteria: Common Criteria for Information Technology Security Evaluation - Part 1: Introduction and general model. ISO/IEC (2017)Google Scholar
- 14.Grady, B., James, R., Ivar, J.: The Unified Modeling Language User Guide, 2nd edn. Addison Wesley Professional, Boston (2005)Google Scholar
- 16.Maylawat, D.S., Darmalaksana, W., Ramdhani, M.A.: Systematic design of expert system using unified modelling language. In: IOP Conference Series: Materials Science and Engineering. IOP (2018)Google Scholar