Abstract
The chapter concerns the project of the methodology used to create and manage development environments of IT security-enhanced products and systems for the purposes of their future Common Criteria certification. The key issues of the patterns-based project are discussed: how to develop the set of patterns for different kinds of evidences to be delivered with the IT product or system for independent evaluation. The author characterizes the IT security development process and the elaborated evidences, and presents analyses provided to develop such patterns. The patterns usage is shown by a few examples which are part of a more complex case study. Such patterns facilitate and speed up the IT security development process, improve the quality of evaluation evidences, as they are more consistent and include all details required by the considered assurance components, facilitate the computer support of the IT security development process. The chapter concludes the methodology with respect to the achieved and planned project results.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bialas, A.: Common Criteria Related Security Design PatternsâValidation on the Intelligent Sensor Example Designed for Mine Environment. Sensors 10, 4456â4496 (2010)
Bialas, A.: Intelligent Sensors Security. Sensors 10, 822â859 (2010)
Bialas, A.: IT security development â computer-aided tool supporting design and evaluation. In: Kowalik, J., GĂłrski, J., Sachenko, A. (eds.) Cyberspace Security and Defense: Research Issues, NATO Science Series II, vol. 196, pp. 3â23. Springer, Heidelberg (2005)
Bialas, A.: Ontological approach to the IT security development process. In: Tkacz, E., Kapczynski, A. (eds.) Internet â Technical Development and Applications Series: Advances in Intelligent and Soft Computing, pp. 261â270. Springer, Heidelberg (2009)
Bialas, A.: Ontological approach to the motion sensor security development. Electrical Review (PrzeglkÄ d Elektrotechniczny)Â 85(R.85), 36â44 (2009)
Bialas, A.: Security-related design patterns for intelligent sensors requiring measurable assurance. Electrical Review (PrzeglkÄ d Elektrotechniczny)Â 85(R.85), 92â99 (2009)
Bialas, A.: Ontology-Based Security Problem Definition and Solution for the Common Criteria Compliant Development Process. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T. (eds.) Proc. of Int. Conf. on Dependability of Computer Systems (DepCoS-RELCOMEX 2009, pp. 3â10. IEEE Computer Society, Washington (2009)
Bialas, A.: Semiformal Approach to the IT Security Development. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T. (eds.) Proc. of the Int. Conf. on Dependability of Computer Systems (DepCoS-RELCOMEX 2007), pp. 3â11. IEEE Computer Society, Washington (2007)
Bialas, A.: Semiformal Common Criteria Compliant IT Security Development Framework. In: Stud. Inf., vol. 292,2B(77). Silesian University of Technology Press, Gliwice (2008), http://www.znsi.aei.polsl.pl/ ( accessed on January 2, 2011 )
Bialas, A.: Semiformal Framework for ICT Security Development. In: Presentation on the 8th International Common Criteria Conference, Rome, Italy, September 25â27 (2007)
Bialas, A.: Patterns-based development of IT security evaluation evidences. In: The 11th Int. Common Criteria Conf., Antalya, http://www.11iccc.org.tr/ (accessed 3 January 3, 2011)
Bialas, A.: Validation of the Specification Means Ontology on the Simple Firewall Case. In: Proc. of the Int. Conf. on Security and Management, Las Vegas, vol. 1, pp. 278â284 (2009)
CCMODE project home page, http://ccmode.emag.pl/ (accessed January 3, 2011)
Common Criteria for IT Security Evaluation version 3.1, part 1-3 (2009), http://www.commoncriteriaportal.org/ (accessed January 3, 2011)
Common Criteria Portal home page, http://www.commoncriteriaportal.org/ (accessed January 3, 2011)
Common Evaluation Methodology for Information Technology Security version 3.1 (2009), http://www.commoncriteriaportal.org/ (accessed January 3, 2011)
Guidelines for Developer Documentation according to Common Criteria version 3.1, Bundesamt fĂŒr Sicherheit in der Informationstechnik (2007)
Hermann, D.S.: Using the Common Criteria for IT Security Evaluation. CRC Press, Boca Raton (2003)
Juerjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)
Nowak, P.: Oprogramowanie do wspomagania konstruowania zabezpieczeĆ teleinformatycznych wykonane zgodnie z metodykÄ Common Criteria w technologii Java/XML. Instytut Informatyki Politechniki ĆlÄ skiej, Gliwice (the master thesis) (2009)
Noy, N F., McGuiness, D L.: Ontology Development 101: A Guide to Creating Your First Ontology, Knowledge Systems Laboratory (2011), http://www-ksl.stanford.edu/people/dl/papers/ontology-tutorial-noy-mcguinness-abstract.html (accessed January 2, 2011)
Protégé Ontology Editor and Knowledge Acquisition System, Stanford University, http://protege.stanford.edu/ (accessed January 2, 2011)
Schumacher, M., Fernancez-Buglioni, E., Hybertson, D., Buschmann, F., Sommerland, P.: Security Patterns: Integrating Security and Systems Engineering. John Wiley and Sons, Chichester (2006)
Site Certification. Supporting Document Guidance (2007) version 1.0, revision 1 (CCDB-2007-11-001), http://www.commoncriteriaportal.org/ (accessed January 2, 2011)
Yoshioka, N., Washikazi, H., Maruyama, K.: A survey on security patterns. Progress in Informatics 5, 35â47 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
BiaĆas, A. (2011). Patterns Improving the Common Criteria Compliant IT Security Development Process. In: Zamojski, W., Kacprzyk, J., Mazurkiewicz, J., Sugier, J., Walkowiak, T. (eds) Dependable Computer Systems. Advances in Intelligent and Soft Computing, vol 97. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21393-9_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-21393-9_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21392-2
Online ISBN: 978-3-642-21393-9
eBook Packages: EngineeringEngineering (R0)