Skip to main content
SpringerLink
Log in

Patterns Improving the Common Criteria Compliant IT Security Development Process

  • Conference paper
Dependable Computer Systems

Part of the book series: Advances in Intelligent and Soft Computing ((AINSC,volume 97))

Abstract

The chapter concerns the project of the methodology used to create and manage development environments of IT security-enhanced products and systems for the purposes of their future Common Criteria certification. The key issues of the patterns-based project are discussed: how to develop the set of patterns for different kinds of evidences to be delivered with the IT product or system for independent evaluation. The author characterizes the IT security development process and the elaborated evidences, and presents analyses provided to develop such patterns. The patterns usage is shown by a few examples which are part of a more complex case study. Such patterns facilitate and speed up the IT security development process, improve the quality of evaluation evidences, as they are more consistent and include all details required by the considered assurance components, facilitate the computer support of the IT security development process. The chapter concludes the methodology with respect to the achieved and planned project results.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bialas, A.: Common Criteria Related Security Design Patterns—Validation on the Intelligent Sensor Example Designed for Mine Environment. Sensors 10, 4456–4496 (2010)

    Article  Google Scholar 

  2. Bialas, A.: Intelligent Sensors Security. Sensors 10, 822–859 (2010)

    Article  Google Scholar 

  3. Bialas, A.: IT security development – computer-aided tool supporting design and evaluation. In: Kowalik, J., Górski, J., Sachenko, A. (eds.) Cyberspace Security and Defense: Research Issues, NATO Science Series II, vol. 196, pp. 3–23. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  4. Bialas, A.: Ontological approach to the IT security development process. In: Tkacz, E., Kapczynski, A. (eds.) Internet – Technical Development and Applications Series: Advances in Intelligent and Soft Computing, pp. 261–270. Springer, Heidelberg (2009)

    Google Scholar 

  5. Bialas, A.: Ontological approach to the motion sensor security development. Electrical Review (Przeglkąd Elektrotechniczny) 85(R.85), 36–44 (2009)

    Google Scholar 

  6. Bialas, A.: Security-related design patterns for intelligent sensors requiring measurable assurance. Electrical Review (Przeglkąd Elektrotechniczny) 85(R.85), 92–99 (2009)

    Google Scholar 

  7. Bialas, A.: Ontology-Based Security Problem Definition and Solution for the Common Criteria Compliant Development Process. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T. (eds.) Proc. of Int. Conf. on Dependability of Computer Systems (DepCoS-RELCOMEX 2009, pp. 3–10. IEEE Computer Society, Washington (2009)

    Google Scholar 

  8. Bialas, A.: Semiformal Approach to the IT Security Development. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T. (eds.) Proc. of the Int. Conf. on Dependability of Computer Systems (DepCoS-RELCOMEX 2007), pp. 3–11. IEEE Computer Society, Washington (2007)

    Chapter  Google Scholar 

  9. Bialas, A.: Semiformal Common Criteria Compliant IT Security Development Framework. In: Stud. Inf., vol. 292,2B(77). Silesian University of Technology Press, Gliwice (2008), http://www.znsi.aei.polsl.pl/ ( accessed on January 2, 2011 )

    Google Scholar 

  10. Bialas, A.: Semiformal Framework for ICT Security Development. In: Presentation on the 8th International Common Criteria Conference, Rome, Italy, September 25–27 (2007)

    Google Scholar 

  11. Bialas, A.: Patterns-based development of IT security evaluation evidences. In: The 11th Int. Common Criteria Conf., Antalya, http://www.11iccc.org.tr/ (accessed 3 January 3, 2011)

  12. Bialas, A.: Validation of the Specification Means Ontology on the Simple Firewall Case. In: Proc. of the Int. Conf. on Security and Management, Las Vegas, vol. 1, pp. 278–284 (2009)

    Google Scholar 

  13. CCMODE project home page, http://ccmode.emag.pl/ (accessed January 3, 2011)

  14. Common Criteria for IT Security Evaluation version 3.1, part 1-3 (2009), http://www.commoncriteriaportal.org/ (accessed January 3, 2011)

  15. Common Criteria Portal home page, http://www.commoncriteriaportal.org/ (accessed January 3, 2011)

  16. Common Evaluation Methodology for Information Technology Security version 3.1 (2009), http://www.commoncriteriaportal.org/ (accessed January 3, 2011)

  17. Guidelines for Developer Documentation according to Common Criteria version 3.1, Bundesamt fĂŒr Sicherheit in der Informationstechnik (2007)

    Google Scholar 

  18. Hermann, D.S.: Using the Common Criteria for IT Security Evaluation. CRC Press, Boca Raton (2003)

    Google Scholar 

  19. Juerjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)

    MATH  Google Scholar 

  20. Nowak, P.: Oprogramowanie do wspomagania konstruowania zabezpieczeƄ teleinformatycznych wykonane zgodnie z metodyką Common Criteria w technologii Java/XML. Instytut Informatyki Politechniki ƚląskiej, Gliwice (the master thesis) (2009)

    Google Scholar 

  21. Noy, N F., McGuiness, D L.: Ontology Development 101: A Guide to Creating Your First Ontology, Knowledge Systems Laboratory (2011), http://www-ksl.stanford.edu/people/dl/papers/ontology-tutorial-noy-mcguinness-abstract.html (accessed January 2, 2011)

  22. Protégé Ontology Editor and Knowledge Acquisition System, Stanford University, http://protege.stanford.edu/ (accessed January 2, 2011)

  23. Schumacher, M., Fernancez-Buglioni, E., Hybertson, D., Buschmann, F., Sommerland, P.: Security Patterns: Integrating Security and Systems Engineering. John Wiley and Sons, Chichester (2006)

    Google Scholar 

  24. Site Certification. Supporting Document Guidance (2007) version 1.0, revision 1 (CCDB-2007-11-001), http://www.commoncriteriaportal.org/ (accessed January 2, 2011)

  25. Yoshioka, N., Washikazi, H., Maruyama, K.: A survey on security patterns. Progress in Informatics 5, 35–47 (2008)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Innovative Technologies EMAG, 40-189 Katowice, Leopolda, 31, Poland

    Andrzej BiaƂas

Authors
  1. Andrzej BiaƂas
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Computer Engineering, Control and Robotics, WrocƂaw University of Technology, ul. Janiszewskiego 11/17, 50-372, WrocƂaw, Poland

    Wojciech Zamojski , Jacek Mazurkiewicz , JarosƂaw Sugier  & Tomasz Walkowiak , ,  & 

  2. Systems Research Institute, Polish Academy of Sciences, ul. Newelska 6, 01-447, Warszawa, Poland

    Janusz Kacprzyk

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

BiaƂas, A. (2011). Patterns Improving the Common Criteria Compliant IT Security Development Process. In: Zamojski, W., Kacprzyk, J., Mazurkiewicz, J., Sugier, J., Walkowiak, T. (eds) Dependable Computer Systems. Advances in Intelligent and Soft Computing, vol 97. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21393-9_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-21393-9_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-21392-2

  • Online ISBN: 978-3-642-21393-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation