Abstract
The paper presents a prototype of the software tool for IT (Information Technology) security development and evaluation according to Common Criteria (ISO/IEC 15408) family of standards. The main goal of developing the tool is to make these activities easier. The tool is based on the enhanced concept of generics, advanced functionality, compliant to ISO/IEC DTR 15446 and the recent information security management standards, and on the risk analysis as well.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ISO/IEC 15408-1, Information Technology—Security techniques—Introduction and general model (Common Criteria Part 1).
ISO/IEC 15408-2, Information Technology—Security techniques—Security functional requirements (Common Criteria Part 2).
ISO/IEC 15408-3, Information Technology—Security techniques—Security assurance requirements (Common Criteria Part 3).
Common Evaluation Methodology for Information Technology Security, Part 1: Introduction and General Model, CEM-97/017, v.0.6, 1997.
Common Evaluation Methodology for Information Technology Security, Part 2: Evaluation Methodology, CEM-99/045, v.1.0, August 1999.
ISO/IEC DTR 15446, Information Technology—Security Techniques—Guide for the Production of Protection Profiles and Security Targets.
CCToolbox: http://cc-control.sparta.com/
POZIT: Białas A. Praca zbiorowa pod red.: Metodyka prowadzenia bada i oceny rodków teleinformatycznych, Projekt celowy KBN pt. System wspomagania projektowania i oceny zabezpiecze teleinformatycznych, Instytut Systemów Sterowania, Chorzów, 2002–2004 (target project reports: „IT Security Development and Evaluation,” in Polish).
TL SET: http://trusted-logic.fr
B-METHOD/TOOLS: http://www.b-core.com
AUTOFOCUS: http://autofocus.informatik.tu-muenchen.de
Chapman R.: SPARK—a state-of-the-practice approach to the common criteria implementation requirements, 2nd International CC Conference, Brighton, July 2001.
Lavatelli C.: EDEN: A formal framework for high level security CC evaluations, e-Smart' 2004, Sophia Antipolis 2004.
TL FIT: http://trusted-logic.fr
Jürjens J.: UMLsec: Extending UML for Secure Systems Development, UML 2002, Dresden, LNCS, Springer-Verlag, 2002.
AGTER: Hwa-Jong S.: Development and utilization of automatic generation tool for evaluation report, 5th International CC Conference, Berlin, September 2004.
Naaman N.: A unified framework for information assurance, 5th International CC Conference, Berlin, September 2004.
Melton R.: Integration of risk management with the Common Criteria (ISO/IEC15408:1999), 5th International CC Conference, Berlin, September 2004.
Nash M.: Simpler security targets, 5th International CC Conference, Berlin, September 2004.
Pattinson F.: BS 7799-2 and Common Criteria-Supporting the business of software development, 5th International CC Conference, Berlin, September 2004.
Krueger B.: Application of the Common Criteria to Information Security Management Systems—A study, 5th International CC Conference, Berlin, September 2004.
ARENA: Cakir M.: Evaluation of organizational information systems according to CC and ISO 17799, 5th International CC Conference, Berlin, September 2004.
Jung-Shian Li: Development of CC in Taiwan, 5th International CC Conference, Berlin, September 2004.
SecCert, SecOffice, SecFrame: http://www.iss.pl
Białas A.: Wprowadzenie do problematyki projektowania i oceny zabezpiecze teleinformatycznych, Studia Informatica vol. 22, Number 1(43), Silesian University of Technology Press, Gliwice 2001, pp. 263–287 („Introduction to IT Security Development and Evaluation,” in Polish).
Białas A.: Modelowanie i ocena zabezpiecze teleinformatycznych, Studia Informatica vol. 23, Number 2B(49), Silesian University of Technology Press, Gliwice 2002, pp. 219–232 („Security Modeling and Evaluation,” in Polish).
Białas A.: Sposób formalnego wyra ania własno ci bezpiecze stwa teleinformatycznego, Studia Informatica vol. 24, Number 2B(54), Silesian University of Technology Press, Gliwice 2003, pp. 265–278 („Formal Description of the Security Features,” in Polish).
Apted A.J., Carthigaser M., Lowe Ch.: Common Problems with the Common Criteria, Proceedings of the 3rd International Common Criteria Conference, May 2002. http://www.expotrack.com/iccc/english/proceedings.asp
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer
About this paper
Cite this paper
Białas, A. (2005). IT Security Development. In: Kowalik, J.S., Gorski, J., Sachenko, A. (eds) Cyberspace Security and Defense: Research Issues. NATO Science Series II: Mathematics, Physics and Chemistry, vol 196. Springer, Dordrecht. https://doi.org/10.1007/1-4020-3381-8_1
Download citation
DOI: https://doi.org/10.1007/1-4020-3381-8_1
Publisher Name: Springer, Dordrecht
Print ISBN: 978-1-4020-3379-7
Online ISBN: 978-1-4020-3381-0
eBook Packages: Computer ScienceComputer Science (R0)