Abstract
It is important to assure the security of systems in the course of development. However, lack of requirements analysis method to integrate security functional requirements analysis and validation in upper process often gives a crucial influence to the system dependability. For security requirements, even if extraction of menaces was completely carried out, insufficient countermeasures do not satisfy the security requirements of customers.
In this paper, we propose a method to describe security cases based on the security structures and threat analysis. The security structure of the method is decomposed by the Common Criteria (ISO/IEC15408).
Chapter PDF
Similar content being viewed by others
References
Kelly, T., Weaver, R.: The Goal Structuring Notation – A Safety Argument Notation. In: Proceedings of the Dependable Systems and Networks 2004 Workshop on Assurance Cases (2004)
ISO/IEC15026-2-2011,Systems and Software engineering-Part2: Assurance case
OMG, ARM, http://www.omg.org/spec/ARM/1.0/Beta1/
OMG, SAEM, http://www.omg.org/spec/SAEM/1.0/Beta1/
Common Criteria for Information Technology Security Evaluation, http://www.commoncriteriaportal.org/cc/
Goodenough, J., Lipson, H., Weinstock, C.: Arguing Security - Creating Security Assurance Cases (2007), https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/assurance/643-BSI.html
Alexander, T., Hawkins, R., Kelly, T.: Security Assurance Cases: Motivation and the State of the Art, CESG/TR/2011 (2011)
Kaneko, T., Yamamoto, S., Tanaka, H., Proposal on Countermeasure Decision Method Using Assurance Case And Common Criteria. In: ProMAC 2012 (2012)
Kaneko, T., Yamamoto, S., Tanaka, H.: SARM – a spiral review method for security requirements based on Actor Relationship Matrix. In: ProMAC 2010, 1227–1238 (2010)
Kaneko, T., Yamamoto, S., Tanaka, H.: Specification of Whole Steps for the Security Requirements Analysis Method (SARM)- From Requirement Analysis to Countermeasure Decision. In: ProMAC 2011 (2011)
Kelly, T., McDermid, J.A.: Safety Case Construction and Reuse using Patterns. In: Proceedings of 16th International Conference on Computer Safety, Reliability and Security. In: SAFECOMP 1997. Springer (September 1997)
Saeki, M., Kaiya, H.: Security Requirements Elicitation Using Method Weaving and Common Criteria. In: Chaudron, M.R.V. (ed.) MODELS 2008. LNCS, vol. 5421, pp. 185–196. Springer, Heidelberg (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yamamoto, S., Kaneko, T., Tanaka, H. (2013). A Proposal on Security Case Based on Common Criteria. In: Mustofa, K., Neuhold, E.J., Tjoa, A.M., Weippl, E., You, I. (eds) Information and Communication Technology. ICT-EurAsia 2013. Lecture Notes in Computer Science, vol 7804. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36818-9_36
Download citation
DOI: https://doi.org/10.1007/978-3-642-36818-9_36
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-36817-2
Online ISBN: 978-3-642-36818-9
eBook Packages: Computer ScienceComputer Science (R0)