Skip to main content
SpringerLink
Log in

A Problem-Oriented Approach to Common Criteria Certification

  • Conference paper
  • First Online:
Computer Safety, Reliability and Security (SAFECOMP 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2434))

Included in the following conference series:

Abstract

There is an increasing demand to certify the security of systems according to the Common Criteria (CC). The CC distinguish several evaluation assurance levels (EALs), level EAL7 being the highest and requiring the application of formal techniques. We present a method for requirements engineering and (semi-formal and formal) modeling of systems to be certified according to the higher evaluation assurance levels of the CC. The method is problem oriented, i.e. it is driven by the environment in which the system will operate and by a mission statement. We illustrate our approach by an industrial case study, namely an electronic purse card (EPC) to be implemented on a Java Smart Card. As a novelty, we treat the mutual asymmetric authentication of the card and the terminal into which the card is inserted.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Common criteria. See http://www.commoncriteria.org/.

  2. F. Belina and D. Hogrefe. The CCITT Specification and Description Language SDL. Computer Networks and ISDN Systems, 16(4):311–341, March 1989.

    Article  Google Scholar 

  3. B. Blanchard and W. Fabrycky. Systems Engeneering and Analysis. Prentice Hall, 1980.

    Google Scholar 

  4. M. Heisel. Agendas — a concept to guide software development activites. In R.N. Horspool, editor, Proc. Systems Implementation 2000, pages 19–32. Chapman & Hall London, 1998.

    Google Scholar 

  5. ITU-TS. ITU-TS Recommendation Z.120anb: Formal Semantics of Message Sequence Charts. Technical report, ITU-TS, Geneva, 1998.

    Google Scholar 

  6. M. Jackson. Problem Frames. Analyzing and structuring software development problems. Addison-Wesley, 2001.

    Google Scholar 

  7. K. Jensen. Colored Petri nets. Lecture Notes Comp. Sci.: Advances in petri nets, 254:248–299, 1986.

    Google Scholar 

  8. K. Jensen. Colored Petri nets, Vol. II. Springer, 1995.

    Google Scholar 

  9. G. Kolonya and I. Sommerville. Requirements Engineering. Wiley, 1997.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. TÜViT GmbH, System- und Softwarequalität, Am Technologiepark 1, 45032, Essen, Germany

    Thomas Rottke & Denis Hatebur

  2. Institut für Praktische Informatik und Medieninformatik, Technische Universität Ilmenau, 98693, Ilmenau, Germany

    Maritta Heisel

  3. Institut für Informatik, Brandenburgische Technische Universität Cottbus, 03013, Cottbus, Germany

    Monika Heiner

Authors
  1. Thomas Rottke
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Denis Hatebur
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Maritta Heisel
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Monika Heiner
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. LFCS, Division of Informatics, The University of Edinburgh, Mayfield Road, EH9 3JZ, Edinburgh, UK

    Stuart Anderson  & Massimo Felici  & 

  2. ENEA CR Casaccia, Via Anguillarese, 301, 00060, Rome, Italy

    Sandro Bologna

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Rottke, T., Hatebur, D., Heisel, M., Heiner, M. (2002). A Problem-Oriented Approach to Common Criteria Certification. In: Anderson, S., Felici, M., Bologna, S. (eds) Computer Safety, Reliability and Security. SAFECOMP 2002. Lecture Notes in Computer Science, vol 2434. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45732-1_32

Download citation

  • DOI: https://doi.org/10.1007/3-540-45732-1_32

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-44157-1

  • Online ISBN: 978-3-540-45732-9

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation