Skip to main content
SpringerLink
Log in

SRS-Tool: A Security Functional Requirement Specification Development Tool for Application Information System of Organization

  • Conference paper
Computational Science and Its Applications – ICCSA 2005 (ICCSA 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3481))

Included in the following conference series:

Abstract

An application information system (IS) of public or private organization should be developed securely and cost-effectively by using security engineering and software engineering technologies, as well as a security requirement specification (SRS). We present a SRS-Process that is a development process for SRS of IS, and a SRS-Tool that is a development tool for SRS in accordance with the SRS-Process. Our approach is based on the paradigm of Common Criteria (ISO/IEC 15408), that is an international evaluation criteria for information security products, and PP which is a common security functional requirement specification for specific types of information security product.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Web site of CMVP, http://csrc.nist.gov/cryptval/

  2. Web site of CCEVS, http://niap.nist.go/cc-scheme/index.html

  3. CC, Common Criteria for Information Technology Security Evaluation, CCIMB- 2004-03, Version 2.2 (January 2004)

    Google Scholar 

  4. CEM, Common Methodology for Information Technology Security Evaluation (CEM), CCIMB-2004-01-04, Version 2.2 (January 2004)

    Google Scholar 

  5. ISO/IEC 17799, ISO/IEC 17799: 2000 - Code of Practice for Information Security Management, ISO17799/BS7799 (December 2000)

    Google Scholar 

  6. ISO/IEC TR 13335, Guidelines for the Management of IT Security (1998)

    Google Scholar 

  7. ISO/IEC PDTR 15446, Information technology - Security techniques - Guide for the production of protection profiles and security targets, Draft (April 2000)

    Google Scholar 

  8. Web site of FISMA project, http://csrc.nist.gov/sec-cert/

  9. Barker, W.C.: NIST SP-800-60, Guide for Mapping Types of Information and information Systems to Security Categories (March 2004)

    Google Scholar 

  10. Ross, R., et al.: NIST SP-800-53, Recommended Security Controls for Federal Information Systems (October 2003)

    Google Scholar 

  11. NIAP, CC Toolbox Reference Manual, Version 6.0f (2000), http://niap.nist.gov/tools/cctool.html

  12. NIAP List of Threat, Attack, Policy, Assumption, and Environment Statement Attribute, CC Profiling Knowledge base Report (2002)

    Google Scholar 

  13. Web site of KISA, http://www.kisa.or.kr/

  14. Web site of FAA, http://www.faa.gov/SciefSci/

  15. UK IT Security Evaluation and Certification Scheme, SYSn Assurance Packages Framework, Issue 1.0 (September 2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. of Computer Science, Hannam University, Daejon, 306-791, Korea

    Sang-soo Choi & Gang-soo Lee

  2. National Security Research Institute, Daejon, 305-718, Korea

    Soo-young Chae

Authors
  1. Sang-soo Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Soo-young Chae
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gang-soo Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy

    Osvaldo Gervasi

  2. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  3. William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA

    Vipin Kumar

  4. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, P.O. Box, I-06123, Perugia, Italy

    Antonio Laganà

  5. Institute of High Performance Computing, IHCP, 1 Science Park Road, 01-01 The Capricorn, Singapore Science Park II, 117528, Singapore

    Heow Pueh Lee

  6. School of Computing, Soongsil University, Seoul, Korea

    Youngsong Mun

  7. Clayton School of IT, Monash University, 3800, Clayton, Australia

    David Taniar

  8. OptimaNumerics Ltd, P.O. Box, Belfast, United Kingdom

    Chih Jeng Kenneth Tan

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Choi, Ss., Chae, Sy., Lee, Gs. (2005). SRS-Tool: A Security Functional Requirement Specification Development Tool for Application Information System of Organization. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2005. ICCSA 2005. Lecture Notes in Computer Science, vol 3481. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11424826_48

Download citation

  • DOI: https://doi.org/10.1007/11424826_48

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-25861-2

  • Online ISBN: 978-3-540-32044-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation