Abstract
The work presents a methodology for building development environments of secure and reliable IT products or systems according to the newest approach called Site Certification. The methodology is based on design patterns worked out in the CCMODE project (Common Criteria compliant, Modular, Open IT security Development Environment) carried out by the Institute of Innovative Technologies EMAG. The design patterns help developers to write proper documents (evidences) according to the Site Certification requirements. This approach allows to gain a certificate for a development environment. Next, the certificate can also be used to diminish the costs of the product evaluation according to the Common Criteria standard. The work shows by examples how to accomplish the final document by using its pattern.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
ISO/IEC 15408-1, v3.1, Information technology – Security techniques – Introduction and general model (Common Criteria Part 1) (2009)
ISO/IEC 15408-2, v3.1, Information technology – Security techniques – Security functional requirements (Common Criteria Part 2) (2009)
ISO/IEC 15408-3, v3.1, Information technology – Security techniques – Security assurance requirements (Common Criteria Part 3) (2009)
Białas, A. (pod redakcją): Zastosowanie wzorców projektowych w konstruowaniu zabezpieczeń informatycznych zgodnych ze standardem Common Criteria. Wydawnictwo Instytutu Technik Innowacyjnych EMAG, sfinansowano ze środków UE POIG 1.3.1, Katowice (English title: Application of design patterns in the development of IT security compliant with Common Criteria) (2011)
Białas, A.: Patterns Improving the Common Criteria Compliant IT Security Development Process. In: Zamojski, W., Kacprzyk, J., Mazurkiewicz, J., Sugier, J., Walkowiak, T. (eds.) Dependable Computer Systems. AISC, vol. 97, pp. 1–16. Springer, Heidelberg (2011)
Bialas, A.: Patterns-based development of IT security evaluation evidences. In: The 11th International Common Criteria Conference, Antalya (2010), http://www.11iccc.org.tr/presentations.asp
Białas, A.: Security-related design patterns for intelligent sensors requiring measurable assurance. Electrical Review (Przegląd Elektrotechniczny) 85(R.85)(7), 92–99 (2009) ISSN 0033-2097
CCDB, Supporting Document Guidance, Site Certification. Version 1.0 Revision 1, CCDB-2007-11-001 (2007)
The Common Criteria portal, http://www.commoncriteriaportal.org (accessed January 2012)
Sonnenberg, F.: Site Certification Process. In: 7th ICCC, Lanzarote, Spain (2006)
Borch, T.: First Trial-Use-Results of the Site Certification Process. In: 7th ICCC, Lanzarote, Spain (2006)
Albertsen, H., Noller, J.: Good News & Guidelines. In: 10th ICCC, Tromso, Norway (2009)
BSI, Site Security Target Lite for the Inlay Production of HID Global GmbH in Erfurt. Certification ID: BSI-DSZ-CC-S-0001, version 1.1 (2009)
BSI, Guidance for Site Certification. Version 1.0 (2010)
BSI, Security IC Platform Protection Profile. Version 1.0, BSI-PP-0035 (2007)
BSI, Details for the structure and content of the ETR for Site Certification, ver. 1.0 (2010)
BSI, Single Evaluation Report of the Assurance Class AST (Site Security Target evaluation). Version 1.0, 16th, BSI – Template_ETR-Part_AST_v1_0.doc (2010)
BSI, Single Evaluation Report of the Assurance Class ALC (Life-Cycle Support). Version 1.0, 16th, BSI – Template_ETR-Part_ALC_v1_0.doc (2010)
Site Security Target Lite of HID Global Ireland Teoranta in Galway Ireland. Certification ID: BSI-DSZ-CC-S-0004
Site Security Target for SMT1 Smartrack Technology Ltd., Certification ID: BSI-DSZ-CC-S-0002, version 1.51 lite, September 30 (2009)
BSI website, http://www.bsi-fuer-buerger.de/EN/Topics/Certification/CertificationReports/certificationreports_node.html (accessed on January 2012)
The CCMODE project portal, http://commoncriteria.pl (accessed on January 2012)
BSI, Guidelines for Developer Documentation according to Common Criteria Version 3.1, Bundesamt für Sicherheit in der Informationstechnik (2007)
BSI, Guidelines for Evaluation Reports according to Common Criteria Version 3.1, Bundesamt für Sicherheit in der Informationstechnik ,Version 2.00 for CCv3.1 rev. 3 (2010)
Nowak, P., Rogowski, D., Styczeń, I.: Certyfikacja lokalnego środowiska rozwojowego (Site Certification) jako innowacyjne podejście do oceny produktów według standardu Common Criteria. MIAG, Katowice (English title: Site Certification as innovative approach to products evaluation according Common Criteria standard) (2011)
CCMB, Common Methodology for Information Technology Security Evaluation (CEM), Evaluation methodology. Version 3.1, Revision 3, CCMB-2009-07-004 (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rogowski, D., Nowak, P. (2013). Pattern Based Support for Site Certification. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Complex Systems and Dependability. Advances in Intelligent and Soft Computing, vol 170. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30662-4_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-30662-4_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30661-7
Online ISBN: 978-3-642-30662-4
eBook Packages: EngineeringEngineering (R0)