Abstract
There is an increasing demand to certify the security of systems according to the Common Criteria (CC). The CC distinguish several evaluation assurance levels (EALs), level EAL7 being the highest and requiring the application of formal techniques. We present a method for requirements engineering and (semi-formal and formal) modeling of systems to be certified according to the higher evaluation assurance levels of the CC. The method is problem oriented, i.e. it is driven by the environment in which the system will operate and by a mission statement. We illustrate our approach by an industrial case study, namely an electronic purse card (EPC) to be implemented on a Java Smart Card. As a novelty, we treat the mutual asymmetric authentication of the card and the terminal into which the card is inserted.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Common criteria. See http://www.commoncriteria.org/.
F. Belina and D. Hogrefe. The CCITT Specification and Description Language SDL. Computer Networks and ISDN Systems, 16(4):311–341, March 1989.
B. Blanchard and W. Fabrycky. Systems Engeneering and Analysis. Prentice Hall, 1980.
M. Heisel. Agendas — a concept to guide software development activites. In R.N. Horspool, editor, Proc. Systems Implementation 2000, pages 19–32. Chapman & Hall London, 1998.
ITU-TS. ITU-TS Recommendation Z.120anb: Formal Semantics of Message Sequence Charts. Technical report, ITU-TS, Geneva, 1998.
M. Jackson. Problem Frames. Analyzing and structuring software development problems. Addison-Wesley, 2001.
K. Jensen. Colored Petri nets. Lecture Notes Comp. Sci.: Advances in petri nets, 254:248–299, 1986.
K. Jensen. Colored Petri nets, Vol. II. Springer, 1995.
G. Kolonya and I. Sommerville. Requirements Engineering. Wiley, 1997.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rottke, T., Hatebur, D., Heisel, M., Heiner, M. (2002). A Problem-Oriented Approach to Common Criteria Certification. In: Anderson, S., Felici, M., Bologna, S. (eds) Computer Safety, Reliability and Security. SAFECOMP 2002. Lecture Notes in Computer Science, vol 2434. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45732-1_32
Download citation
DOI: https://doi.org/10.1007/3-540-45732-1_32
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44157-1
Online ISBN: 978-3-540-45732-9
eBook Packages: Springer Book Archive