Skip to main content
SpringerLink
Log in

Common Criteria Based Security Scenario Verification

  • Conference paper
Software and Data Technologies (ICSOFT 2008)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 47))

Included in the following conference series:

  • 272 Accesses

Abstract

Software is required to comply with the laws and standards of software security. However, stakeholders with less concern regarding security can neither describe the behaviour of the system with regard to security nor validate the system’s behaviour when the security function conflicts with usability. Scenarios or use-case specifications are common in requirements elicitation and are useful to analyze the usability of the system from a behavioural point of view. In this paper, the authors propose both (1) a scenario language based on a simple case grammar and (2) a method to verify a scenario with rules based on security evaluation criteria.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alexander, I.F., Maiden, N.: Scenarios, Stories, Use Cases - Through the Systems Development Life-Cycle. John Wiley & Sons, Chichester (2004)

    Google Scholar 

  2. Araujo, J., Whittle, J., Kim, D.: Modeling and Composing Scenario-Based Requirements with Aspects. In: 12th International Requirements Engineering Conference (RE 2004), pp. 58–67 (2004)

    Google Scholar 

  3. Barish, R.: ACM Conference Committee Job Description, Conference Manual, Section No. 6.1.1 (1997), http://www.acm.org/sig_volunteer_info/conference_manual/6-1-1PC.HTM

  4. Carroll, J.M.: Making Use: Scenario-based Design of Human Computer Interactions. MIT Press, Cambridge (2000)

    Google Scholar 

  5. Cockburn, A.: Writing Effective Use Cases. Addison Wesley, USA (2001)

    Google Scholar 

  6. Fillmore, C.J.: The Case for Case, Universals in Linguistic Theory. Bach & Harms, Holt, Rinehart and Winston Publishing, Chicago (1968)

    Google Scholar 

  7. IEEE Std. 830-1998, IEEE Recommended Practice for Software Requirements Specifications (1998)

    Google Scholar 

  8. ISO/IEC 15408 common criteria (2005)

    Google Scholar 

  9. McDermott, J., Fox, C.: Using Abuse Case Models for Security Requirements Analysis. In: Proceedings of the 15th IEEE Annual Computer Security Applications Conference (ACSAC 1999), pp. 55–65 (1999)

    Google Scholar 

  10. Ohnishi, A.: Software requirements specification database based on requirements frame model. In: Proceedings of the Second IEEE International Conference on Requirements Engineering (ICRE 1996), pp. 221–228 (1996)

    Google Scholar 

  11. Ohnishi, A., Potts, C.: Grounding Scenarios in Frame-Based Action Semantics. In: Proc. of 7th International Workshop on Requirements Engineering: Foundation of Software Quality (REFSQ 2001), June 4-5, pp. 177–182. Interlaken, Switzerland (2001)

    Google Scholar 

  12. Railway Information System Co., Ltd., JR System (2001), http://www.jrs.co.jp/keiki/en/index_main.html

  13. Schneier, B.: Secrets & Lies Digital Security in a Networked World. John Wiley & Sons, Chichester (2001)

    Google Scholar 

  14. Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Engineering 10, 34–44 (2005)

    Article  Google Scholar 

  15. Sutcliffe, A.G., Maiden, N.A.M., Minocha, S., Manuel, D.: Supporting Scenario-Based Requirements Engineering. IEEE Trans. Software Engineering 24(12), 1072–1088 (1998)

    Article  Google Scholar 

  16. Toval, A., Nicolaus, J., Moros, B., Gracia, F.: Requirements Reuse for Improving Information Systems Security: A Practitioner’s Approach. Requirements Engineering 6(4), 205–219 (2002)

    Article  MATH  Google Scholar 

  17. Toyama, T., Ohnishi, A.: Rule-based Verification of Scenarios with Pre-conditions and Post-conditions. In: Proc. Of the 13th IEEE International Conference on Requirements Engineering (RE 2005), Paris, France, pp. 319–328 (2005)

    Google Scholar 

  18. Weidenhaupt, K., Pohl, K., Jarke, M., Haumer, P.: Scenarios in System Development: Current Practice. IEEE Software 15(2), 34–45 (1998)

    Article  Google Scholar 

  19. Whittle, J., Araujo, J.: Scenario modeling with aspects. IEE Proceedings Software Special Issue 151(4), 157–172 (2004)

    Google Scholar 

  20. Zhang, H., Ohnishi, A.: Transformation between Scenarios from Different Viewpoints. IEICE Transactions on Information and Systems E87-D(4), 801–810 (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Ritsumeikan University, Japan

    Atsushi Ohnishi

Authors
  1. Atsushi Ohnishi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Control and Communication (INSTICC), Institute for Systems and Technologies of Information,, Rua do Vale de Chaves, Estefanilha, 2910-761, Setúbal, Portugal

    José Cordeiro

  2. Interdisciplinary Institute for Collaboration and Research on Enterprise Systems and Technology – IICREST, P.O. Box 104, 1618, Sofia, Bulgaria

    Boris Shishkov

  3. INSTICC, Avenida D. Manuel I, 2910, Setúbal, Portugal

    AlpeshKumar Ranchordas

  4. School of Computing, Dublin City University, Dublin 9, Ireland

    Markus Helfert

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ohnishi, A. (2009). Common Criteria Based Security Scenario Verification. In: Cordeiro, J., Shishkov, B., Ranchordas, A., Helfert, M. (eds) Software and Data Technologies. ICSOFT 2008. Communications in Computer and Information Science, vol 47. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-05201-9_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-05201-9_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-05200-2

  • Online ISBN: 978-3-642-05201-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation