Abstract
The paper deals with the Common Criteria assurance methodology, particularly with the IT security evaluation process specified by the Common Criteria Evaluation Methodology (CEM). To better organize this very complex evaluation process the ontological approach is proposed. The previously developed ontology focused on the IT product development according to Common Criteria is extended by evaluation issues. Ontology classes, properties and individuals are elaborated to express the IT security evaluation according to CEM. The ontology use is exemplified on the vulnerability analysis of a simple firewall. The paper points out the need to extend this ontology to the full vulnerability analysis of different IT products and assurance levels. The readers should have basic knowledge about Common Criteria and the ontology development.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Common Criteria for IT Security Evaluation, part 1–3, version 3.1 rev. 5 (2017). http://www.commoncriteriaportal.org/. Accessed 24 Jan 2018
CC Portal. http://www.commoncriteriaportal.org/. Accessed 10 Jan 2018
Common Methodology for Information Technology Security Evaluation, version 3.1 rev. 5, (2017). http://www.commoncriteriaportal.org/. Accessed 15 Jan 2018
Hermann, D.S.: Using the Common Criteria for IT Security Evaluation. CRC Press, Boca Raton (2003)
Higaki, W.H.: Successful Common Criteria Evaluation. A Practical Guide for Vendors. Wesley Hisao Higaki, Lexington (2011)
CCMODE: Common Criteria compliant, Modular, Open IT security Development Environment. http://www.commoncriteria.pl/. Accessed 24 Jan 2018
BSI. Guidelines for Developer Documentation according to Common Criteria, version 3.1 (2007)
Bialas, A.: Common criteria related security design patterns—validation on the intelligent sensor example designed for mine environment. Sensors 10, 4456–4496 (2010)
Bialas, A.: Common criteria related security design patterns for intelligent sensors—knowledge engineering-based implementation. Sensors 11, 8085–8114 (2011)
Bialas, A.: Computer-aided sensor development focused on security issues. Sensors 16, 759 (2016)
Ontology. https://en.wikipedia.org/wiki/Ontology_(information_science). Accessed 11 Jan 2018
Protégé. https://protege.stanford.edu/. Accessed 3 Jan 2018
Musen, M.A.: The Protégé project: a look back and a look forward. AI Matters (Association of Computing Machinery Specific Interest Group in Artificial Intelligence) 1(4) (2015). https://doi.org/10.1145/2557001.25757003
de Franco Rosa, F., Jino, M.: A survey of security assessment ontologies. In: Rocha, Á., Correia, A., Adeli, H., Reis, L., Costanzo, S. (eds.) Recent Advances in Information Systems and Technologies, WorldCIST 2017. Advances in Intelligent Systems and Computing, vol. 569. Springer, Cham (2017)
Beckers, B.: Pattern and Security Requirements: Engineering-Based Establishment of Security Standards. Springer, Cham (2015)
Chang S.-C., Fan C.-F.: Construction of an ontology-based common criteria review tool. In: Proceedings of the International Computer Symposium (ICS 2010). IEEE Xplore (2010)
Ekelhart, A., Fenz, S., Goluch, G., Weippl, E.: Ontological mapping of common criteria’s security assurance requirements. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) New Approaches for Security, Privacy and Trust in Complex Environments, pp. 85–95. Springer, Boston (2007)
Yavagal, D.S., Lee, S.W., Ahn, G.-J., Gandhi, R.A.: Common criteria requirements modeling and its uses for quality of information assurance. In: Proceedings of the 43rd Annual ACM Southeast Conference, Kennesaw, GA, USA, 18–20 March 2005, vol. 2, pp. 130–135 (2005)
Białas, A.: Ontology based model of the common criteria evaluation evidences. Theor. Appl. Inform. 25(2), 69–92 (2013)
Białas, A.: Validation of the ontology based model of the common criteria evaluation evidences. Theor. Appl. Inform. 25(3), 201–223 (2013)
Bialas, A.: Software support of the common criteria vulnerability assessment, In: Zamojski, W., et al. (eds.) Advances in Intelligent Systems and Computing, vol. 582, pp. 26–38. Springer, Cham (2017)
Acknowledgement
“This work was conducted using the Protégé resource, which is supported by grant GM10331601 from the National Institute of General Medical Sciences of the United States National Institutes of Health.” The paper results will be used in the R&D project focused on the CEM implementation.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Bialas, A. (2019). Common Criteria IT Security Evaluation Methodology – An Ontological Approach. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Contemporary Complex Systems and Their Dependability. DepCoS-RELCOMEX 2018. Advances in Intelligent Systems and Computing, vol 761. Springer, Cham. https://doi.org/10.1007/978-3-319-91446-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-91446-6_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-91445-9
Online ISBN: 978-3-319-91446-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)