Structurization of the Common Criteria Vulnerability Assessment Process

Bialas, Andrzej

doi:10.1007/978-3-030-19501-4_4

Andrzej Bialas ORCID: orcid.org/0000-0002-5986-7886¹⁹

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 987))

Included in the following conference series:

International Conference on Dependability and Complex Systems

726 Accesses

Abstract

The paper deals with the Common Criteria Evaluation Methodology (CEM), especially with its part related to the vulnerability assessment. The aim of the paper is better structurization of the vulnerability assessment process, allowing its future automatization. The ontological approach will be applied to develop the models of processes and data. The elementary evaluation processes are defined on the basis of the analysis of the CEM vulnerability assessment. The process activities, input and output information, are identified and specified in a pseudocode. The process verification against CEM is performed. The conclusions summarize the verification and propose future works to build the ontology, knowledge base and the vulnerability assessment tool.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 129.00; Price excludes VAT (USA)

Softcover Book: USD 169.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Common Criteria for IT Security Evaluation. Part 1-3, version 3.1 rev. 5 (2017)
Google Scholar
CC Portal. https://www.commoncriteriaportal.org/. Accessed 7 Jan 2019
Common Methodology for IT Security Evaluation. version 3.1 rev. 5 (2017)
Google Scholar
Hermann, D.S.: Using the Common Criteria for IT Security Evaluation. CRC Press, Boca Raton (2003)
Google Scholar
Higaki, W.H.: Successful Common Criteria Evaluation. A Practical Guide for Vendors, Copyright 2010, Lexington, KY (2011)
Google Scholar
Bialas, A.: Common criteria related security design patterns for intelligent sensors—knowledge engineering-based implementation. Sensors 11, 8085–8114 (2011)
Article Google Scholar
Bialas, A.: Computer-aided sensor development focused on security issues. Sensors 16, 759 (2016)
Article Google Scholar
Bialas, A.: Software support of the common criteria vulnerability assessment. In: Zamojski, W., et al. (eds.) Advances in Intelligent Systems and Computing, vol. 582, pp. 26–38. Springer, Cham (2017)
Google Scholar
Bialas, A.: Common criteria IT security evaluation methodology – an ontological approach. In: Zamojski, W., et al. (eds.) Advances in Intelligent Systems and Computing, vol. 761, pp. 23–34. Springer, Cham (2019)
Google Scholar
Vulnerability assessment guide for developers. IPA (2013)
Google Scholar
Tallon Guerri, J.: Vulnerability analysis taxonomy achieving completeness in a systematic way. In: International Common Criteria Conference, Tromso (2009)
Google Scholar
CAPEC – Common Attack Pattern Enumeration and Classification. https://capec.mitre.org/. Accessed 7 Jan 2019
Turner, L.: Test Automation for CC. Best Practices (CCUF Test Automation WG). In: International Common Criteria Conference, Amsterdam (2018)
Google Scholar
Guerin, F.: Return from study period in ISO SC27 WG3 on patch management evaluation for common criteria. In: International Common Criteria Conference, Amsterdam (2018)
Google Scholar
de Franco Rosa, F., Jino, M.: A survey of security assessment ontologies. In: Rocha, Á., et al. (eds.) Recent Advances in Information Systems and Technologies. WorldCIST 2017. AISC, vol. 569. Springer, Cham (2017)
Google Scholar
Obrst, L., Chase, P., Markeloff, R.: Developing an Ontology of the Cyber Security Domain, The MITRE Corporation (2012)
Google Scholar
Takahashi, T., Kadobayashi, Y.: Reference Ontology for Cybersecurity Operational Information, The British Computer Society (2014). (open access article)
Google Scholar
Goertzel, K.M., Winograd, T. (contributor): Information Assurance Tools Report – Vulnerability Assessment, 6th edn. Information Assurance Technology Analysis Center (IATAC), USA (2011)
Google Scholar

Download references

Acknowledgement

The paper deals with the KSO3C (National scheme of the Common Criteria evaluation and certification) project, financed by the Polish National Centre for Research and Development as part of the second CyberSecIdent – Cybersecurity and e-Identity competition (CYBERSECIDENT/381282/II/NCBR/2018).

Author information

Authors and Affiliations

Institute of Innovative Technologies EMAG, Leopolda 31, 40-189, Katowice, Poland
Andrzej Bialas

Authors

Andrzej Bialas
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andrzej Bialas .

Editor information

Editors and Affiliations

Wrocław University of Science and Technology, Wroclaw, Poland
Wojciech Zamojski
Wrocław University of Science and Technology, Wroclaw, Poland
Jacek Mazurkiewicz
Wrocław University of Science and Technology, Wroclaw, Poland
Jarosław Sugier
Wrocław University of Science and Technology, Wroclaw, Poland
Tomasz Walkowiak
Systems Research Institute, Polish Academy of Sciences, Warsaw, Poland
Janusz Kacprzyk

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Bialas, A. (2020). Structurization of the Common Criteria Vulnerability Assessment Process. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Engineering in Dependability of Computer Systems and Networks. DepCoS-RELCOMEX 2019. Advances in Intelligent Systems and Computing, vol 987. Springer, Cham. https://doi.org/10.1007/978-3-030-19501-4_4

Download citation

DOI: https://doi.org/10.1007/978-3-030-19501-4_4
Published: 12 May 2019
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-19500-7
Online ISBN: 978-3-030-19501-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)

Publish with us

Policies and ethics