Abstract
Security requirement analysis based on Common Criteria (CC) plays an important role in security of software. However, there are no efficient methods for establishing a precise relationship between security requirement levels and CC security functional components. This paper presents a screening method based on fuzzy to solve this problem. We establish the screening mechanism of security functional components, acquire accurate membership values of security functional components in four security requirement levels and precisely determine security requirement levels to which these components belong. Finally, a specific example is given. Experimental results show that the method improves the accuracy of screening security functional components, and optimizes security requirement analysis process.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Mead, N.R.: SQUARE Process. Software Engineering Institute (January 2006)
Mellado, D., Fernandez-Medina, E., Piattini, M.: A common criteria based security requirements engineering process for the development of secure information systems. Computer Standards & Interfaces 29, 244–253 (2007)
Moffett, J.D., Haley, C.B., Nuseibeh, B.: Security Requirements Engineering: A Framework for Representation and Analysis. IEEE Transactions on Software Engineering (2008)
Gregoire, B., De Win, S., Joosen, W.: On the Secure Software Development Process: CLASP and SDL Compared. Software Engineering for Secure Systems (2007)
Bertrand, P., Darimont, R., Delor, E., Massonet, P., van Lamsweerde, A.: GRAIL/KAOS: an environment for goal driven requirements engineering. In: 20th International Conference on Software Engineering, ICSE 1998 (1998)
Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., Mylopoulos, J.: Tropos: an agent-oriented software development methodology. Auton. Agent Multi Agent Syst. 8(3), 203–236 (2004)
Giorgini, P., Susi, A., Perini, A., Mylopoulos, J.: The tropos metamodel and its use. Inf. J. 29, 401–408 (2005)
Fuxman, A., Liu, L., Mylopoulos, J., Pistore, M., Roveri, M., Traverso, P.: Specifying and analyzing early requirements in tropos. Requir. Eng. J. 9(2), 132–150 (2004)
ISO/IEC JTC1/SC27, Information technology-Security techniques-Evaluation criteria for IT security, ISO/IEC 15408: 2009 (Common Criteria v3.1) (2009)
Mellado, D., Fernandez-Medina, E., Piattini, M.: A Comparison of the Common Criteria with Proposal of Information Systems Security Requirements. In: HASE 2004 (2004)
Liu, F.: Level driven security requirement analysis method based on CC. Tianjin University, Tianjin (2011)
Yang, L., Gao, Y.: Principle and application of fuzzy mathematics—3th version. South China University of Technology Press, Guangzhou (2001)
Common Criteria Portal (April 5, 2012), http://www.commoncriteriaportal.org/
Gollmann, D.: Computer Security. John Wiley & Sons Ltd. (1999)
GB/T 17859-1999, Computer information system security level dividing guidelines
GB/T 24856-2009, Information security technology–Technical requirements of security design for information system classified protection
Bai, X., Zhao, S.: Methods of determining weithts based on fuzzy analysis theory. Dongbei University of Finance and Economics, Jiangsu Statistics Journal (1998)
Lu, G., Chen, Z., He, X., Li, J.: A Method of Security Evaluation Based on Fuzzy Mathematics. In: ICACIA (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Liu, Y., Du, Z., Shi, H., Li, X. (2012). A Screening Method of Security Functional Components Based on Fuzzy. In: Khachidze, V., Wang, T., Siddiqui, S., Liu, V., Cappuccio, S., Lim, A. (eds) Contemporary Research on E-business Technology and Strategy. iCETS 2012. Communications in Computer and Information Science, vol 332. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34447-3_27
Download citation
DOI: https://doi.org/10.1007/978-3-642-34447-3_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34446-6
Online ISBN: 978-3-642-34447-3
eBook Packages: Computer ScienceComputer Science (R0)