Abstract
The paper concerns the Common Criteria Evaluation Methodology (CEM) and is focused on the knowledge engineering application for vulnerability assessment. To enable automation of this complex process, better structurization of evaluation activities and data is required. The main finding of the paper is the development of ontology-based data models to be applied in the knowledgebase of a tool supporting the Common Criteria Vulnerability Assessment. The ontology use is exemplified on the vulnerability analysis of a simple firewall. The readers should have basic knowledge about Common Criteria and the ontology development.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Common Criteria for IT Security Evaluation. part 1-3, version 3.1 rev. 5 (2017)
CC Portal. https://www.commoncriteriaportal.org/. Accessed 09 Jan 2020
Common Methodology for IT Security Evaluation. version 3.1 rev. 5 (2017)
Hermann, D.S.: Using the Common Criteria for IT Security Evaluation. CRC Press, Boca Raton (2003)
Higaki, W.H.: Successful Common Criteria Evaluation. A Practical Guide for Vendors, Copyright 2010 by Wesley Hisao Higaki, Lexington, KY (2011)
Bialas, A.: Common criteria related security design patterns for intelligent sensors—knowledge engineering-based implementation. Sensors 11, 8085–8114 (2011)
Bialas, A.: Common criteria IT security evaluation methodology – an ontological approach. In: Zamojski, W., et al. (eds.) Advances in Intelligent Systems and Computing, vol. 761, pp. 23–34. Springer, Cham (2019)
Chang, S-C., Fan, C-F.: Construction of an ontology-based common criteria review tool. Proc. of the International Computer Symposium (ICS 2010), IEEE Xplore (2010)
Ekelhart, A., et al.: Ontological mapping of common criteria’s security assurance requirements. In: Venter, H., et al. (eds.) New Approaches for Security, Privacy and Trust in Complex Environments, pp. 85–95. Springer, Boston (2007)
CCMODE. http://commoncriteria.pl/index.php/en/. Accessed 09 Jan 2020
de Franco Rosa, F., Jino, M.: A survey of security assessment ontologies. In: Rocha, Á., et al. (eds.) Recent Advances in Information Systems and Technologies. WorldCIST 2017. AISC, vol. 569. Springer, Cham (2017)
Białas, A.: Ontology based model of the common criteria evaluation evidences. Theoret. Appl. Inform. 25(2), 69–92 (2013)
Musen, M.A.: The Protégé project: A look back and a look forward. AI Matters 1(4), 4–12 (2015). Association of Computing Machinery Specific Interest Group in Artif. Intelligence
Protégé, https://protege.stanford.edu/. Accessed 21 Nov 2016
Bialas, A.: Software support of the common criteria vulnerability assessment. In: Zamojski, W., et al. (eds.) Advances in Intelligent Systems and Computing, vol. 582, pp. 26–38. Springer, Cham (2017)
Booth, H., Turner, Ch.: Vulnerability Description Ontology (VDO). Draft NISTIR 8138, NIST, Gaithersburg (2016)
CWE, CVE. http://cwe.mitre.org/. Accessed 08 Jan 2020
NVD. https://nvd.nist.gov/general. Accessed 07 Jan 2020
CPE. https://nvd.nist.gov/products/cpe/search. Accessed 05 Jan 2020
CAPEC. https://capec.mitre.org/. Accessed 03 Jan 2020
OWASP. https://www.owasp.org/index.php/Category:Vulnerability. Accessed 03 Jan 2020
CVSS. https://www.first.org/cvss/specification-document. Accessed 05 Jan 2020
Bialas, A.: Vulnerability assessment of sensor systems. Sensors 19, 2518. https://www.mdpi.com/1424-8220/19/11/2518. Accessed 05 Jan 2020
Acknowledgements
1. This work was supported by the Polish National Centre for Research and Development within the programme CyberSecIdent. Grant No. 381282/II/NCBR/2018.
2. This work was conducted using the Protégé resource, which is supported by grant GM10331601 from the National Institute of General Medical Sciences of the United States National Institutes of Health.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Bialas, A. (2020). Common Criteria Vulnerability Assessment Ontology. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Theory and Applications of Dependable Computer Systems. DepCoS-RELCOMEX 2020. Advances in Intelligent Systems and Computing, vol 1173. Springer, Cham. https://doi.org/10.1007/978-3-030-48256-5_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-48256-5_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-48255-8
Online ISBN: 978-3-030-48256-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)