Skip to main content
SpringerLink
Log in

A Screening Method of Security Functional Components Based on Fuzzy

  • Conference paper
Contemporary Research on E-business Technology and Strategy (iCETS 2012)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 332))

Included in the following conference series:

  • 2703 Accesses

Abstract

Security requirement analysis based on Common Criteria (CC) plays an important role in security of software. However, there are no efficient methods for establishing a precise relationship between security requirement levels and CC security functional components. This paper presents a screening method based on fuzzy to solve this problem. We establish the screening mechanism of security functional components, acquire accurate membership values of security functional components in four security requirement levels and precisely determine security requirement levels to which these components belong. Finally, a specific example is given. Experimental results show that the method improves the accuracy of screening security functional components, and optimizes security requirement analysis process.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Mead, N.R.: SQUARE Process. Software Engineering Institute (January 2006)

    Google Scholar 

  2. Mellado, D., Fernandez-Medina, E., Piattini, M.: A common criteria based security requirements engineering process for the development of secure information systems. Computer Standards & Interfaces 29, 244–253 (2007)

    Article  Google Scholar 

  3. Moffett, J.D., Haley, C.B., Nuseibeh, B.: Security Requirements Engineering: A Framework for Representation and Analysis. IEEE Transactions on Software Engineering (2008)

    Google Scholar 

  4. Gregoire, B., De Win, S., Joosen, W.: On the Secure Software Development Process: CLASP and SDL Compared. Software Engineering for Secure Systems (2007)

    Google Scholar 

  5. Bertrand, P., Darimont, R., Delor, E., Massonet, P., van Lamsweerde, A.: GRAIL/KAOS: an environment for goal driven requirements engineering. In: 20th International Conference on Software Engineering, ICSE 1998 (1998)

    Google Scholar 

  6. Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., Mylopoulos, J.: Tropos: an agent-oriented software development methodology. Auton. Agent Multi Agent Syst. 8(3), 203–236 (2004)

    Article  Google Scholar 

  7. Giorgini, P., Susi, A., Perini, A., Mylopoulos, J.: The tropos metamodel and its use. Inf. J. 29, 401–408 (2005)

    Google Scholar 

  8. Fuxman, A., Liu, L., Mylopoulos, J., Pistore, M., Roveri, M., Traverso, P.: Specifying and analyzing early requirements in tropos. Requir. Eng. J. 9(2), 132–150 (2004)

    Article  Google Scholar 

  9. ISO/IEC JTC1/SC27, Information technology-Security techniques-Evaluation criteria for IT security, ISO/IEC 15408: 2009 (Common Criteria v3.1) (2009)

    Google Scholar 

  10. Mellado, D., Fernandez-Medina, E., Piattini, M.: A Comparison of the Common Criteria with Proposal of Information Systems Security Requirements. In: HASE 2004 (2004)

    Google Scholar 

  11. Liu, F.: Level driven security requirement analysis method based on CC. Tianjin University, Tianjin (2011)

    Google Scholar 

  12. Yang, L., Gao, Y.: Principle and application of fuzzy mathematics—3th version. South China University of Technology Press, Guangzhou (2001)

    Google Scholar 

  13. Common Criteria Portal (April 5, 2012), http://www.commoncriteriaportal.org/

  14. Gollmann, D.: Computer Security. John Wiley & Sons Ltd. (1999)

    Google Scholar 

  15. GB/T 17859-1999, Computer information system security level dividing guidelines

    Google Scholar 

  16. GB/T 24856-2009, Information security technology–Technical requirements of security design for information system classified protection

    Google Scholar 

  17. Bai, X., Zhao, S.: Methods of determining weithts based on fuzzy analysis theory. Dongbei University of Finance and Economics, Jiangsu Statistics Journal (1998)

    Google Scholar 

  18. Lu, G., Chen, Z., He, X., Li, J.: A Method of Security Evaluation Based on Fuzzy Mathematics. In: ICACIA (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and e Technology, Tianjin University, Tianjin, 300072, China

    Yizhen Liu, Zhijie Du, Hong Shi & Xiaohong Li

Authors
  1. Yizhen Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhijie Du
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hong Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xiaohong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. CeBA Canada, Ottawa, ON, Canada

    Vasil Khachidze

  2. ITSB, PWGSC, Ottawa, ON, Canada

    Tim Wang

  3. Algonquin College, Woodroffe Campus, Ottawa, ON, Canada

    Sohail Siddiqui

  4. Macau University of Science and Technology, Taipa, Macau

    Vincent Liu

  5. Nationan Research Council, Ottawa, ON, Canada

    Sergio Cappuccio

  6. Carleton University, Ottawa, ON, Canda

    Alicia Lim

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Liu, Y., Du, Z., Shi, H., Li, X. (2012). A Screening Method of Security Functional Components Based on Fuzzy. In: Khachidze, V., Wang, T., Siddiqui, S., Liu, V., Cappuccio, S., Lim, A. (eds) Contemporary Research on E-business Technology and Strategy. iCETS 2012. Communications in Computer and Information Science, vol 332. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34447-3_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-34447-3_27

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-34446-6

  • Online ISBN: 978-3-642-34447-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation