Reliability Assurance in Development Process for TOE on the Common Criteria

  • Haeng-Kon Kim
  • Tai-Hoon Kim
  • Jae-Sung Kim
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3026)


Security begins with good software code and high quality testing of the code, and it continues with the process used to identify corrected and patch security vulnerabilities and with their auditing based on recognized standards. Security is an important aspect of software systems, especially for distributed security- sensitive systems. The Common Criteria (CC) is the standard requirements catalogue for the evaluation of security critical systems. Using the CC, a large number of security requirements on the system itself and on the system development can be defined. However, the CC does not give methodological process support. In this paper, we show how integrate security aspects into the software engineering process. In addition, we also introduce our work on ensuring the reliability assurance in development process for Network Management System as TOE. The activities and documents from the Common Criteria are tightly intertwined with the system development, which improves the quality of the developed system and reduces the additional cost and effort due to high security requirements.

For modeling and verification of critical parts of CBD(Component Based Development) system, we use formal description techniques and model checker, which increases both the understanding of the system specification and the system’s reliability. We demonstrate our ideas by means of a case study, the CBD-NMS project.


Target of evaluation Security Engineering Common Criteria Development Process Software Engineering Requirements Engineering Component Based Development 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Common Criteria Project/ISO. Common Criteria for Information Technology Security Evaluation Version 2.1 (ISO/IEC 15408) (1999),
  2. 2.
    Information Technology-Software Life Cycle Process, (ISO/IEC 12207) (1997),
  3. 3.
    Prieto-Diaz, R.: The Common Criteria Evaluation Process. Common wealth Information Security Center Technical Report (2002)Google Scholar
  4. 4.
    Kim, H.K.: Object modeling and pattern definition for the integrated network management based on CORBA. In: Proceeding of the Korea Multimedia Society, vol. 2(2) (1999)Google Scholar
  5. 5.
    Kim, H.K.: A Study on the next generation Internet/Intranet Networking System Development. Technical Report (2001)Google Scholar
  6. 6.
    Vetterling, M., Wimmel, G., Wisspeintner, A.: Requirements analysis: Secure systems development based on the common criteria: the PalME project. In: Proceeding sof the tenth ACM SIGSOFT symposium on Foundations of software engineering, November 2002, pp. 129–138 (2002)Google Scholar
  7. 7.
    CC on Information Security System. KISA MIC, Korea (2002)Google Scholar
  8. 8.
    Kim, H.K.: A Component Specification and Prototyping of Operator Interface System Construction for Network Management. In: SETC 2001. KIPS, vol. 5(1) (2001)Google Scholar
  9. 9.
    Han, J.: A comprehensive interface definition framework for software components. In: Proceeding of the 1998 Asia Pacific Software Engineering Conference, Taipei, Taiwan, pp. 110–117. IEEE Computer Society, Los Alamitos (1998)CrossRefGoogle Scholar
  10. 10.
    Stephenson, J.: Web Services Architectures for Sec urity, CBDi Journal (February 2003),
  11. 11.
    Common Criteria Project/ISO, Common Criteria for Information Technology Security Evaluation Version 2.1 (ISO/IEC 15408) (1999),
  12. 12.
    Information Technology-Software Life cycle Process, (ISO/IEC 12207) (1998),

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Haeng-Kon Kim
    • 1
  • Tai-Hoon Kim
    • 2
  • Jae-Sung Kim
    • 2
  1. 1.Department of Computer Information & Communication EngineeringCatholic University of DaeguSouth Korea
  2. 2.IT Security Evaluation & Certification AuthorityKorea Information Security AgencySeoulSouth Korea

Personalised recommendations