Skip to main content
SpringerLink
Log in

IT Security Development

Computer-Aided Tool Supporting Design and Evaluation

  • Conference paper
Cyberspace Security and Defense: Research Issues

Part of the book series: NATO Science Series II: Mathematics, Physics and Chemistry ((NAII,volume 196))

Abstract

The paper presents a prototype of the software tool for IT (Information Technology) security development and evaluation according to Common Criteria (ISO/IEC 15408) family of standards. The main goal of developing the tool is to make these activities easier. The tool is based on the enhanced concept of generics, advanced functionality, compliant to ISO/IEC DTR 15446 and the recent information security management standards, and on the risk analysis as well.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ISO/IEC 15408-1, Information Technology—Security techniques—Introduction and general model (Common Criteria Part 1).

    Google Scholar 

  2. ISO/IEC 15408-2, Information Technology—Security techniques—Security functional requirements (Common Criteria Part 2).

    Google Scholar 

  3. ISO/IEC 15408-3, Information Technology—Security techniques—Security assurance requirements (Common Criteria Part 3).

    Google Scholar 

  4. Common Evaluation Methodology for Information Technology Security, Part 1: Introduction and General Model, CEM-97/017, v.0.6, 1997.

    Google Scholar 

  5. Common Evaluation Methodology for Information Technology Security, Part 2: Evaluation Methodology, CEM-99/045, v.1.0, August 1999.

    Google Scholar 

  6. ISO/IEC DTR 15446, Information Technology—Security Techniques—Guide for the Production of Protection Profiles and Security Targets.

    Google Scholar 

  7. CCToolbox: http://cc-control.sparta.com/

    Google Scholar 

  8. POZIT: Białas A. Praca zbiorowa pod red.: Metodyka prowadzenia bada i oceny rodków teleinformatycznych, Projekt celowy KBN pt. System wspomagania projektowania i oceny zabezpiecze teleinformatycznych, Instytut Systemów Sterowania, Chorzów, 2002–2004 (target project reports: „IT Security Development and Evaluation,” in Polish).

    Google Scholar 

  9. TL SET: http://trusted-logic.fr

    Google Scholar 

  10. B-METHOD/TOOLS: http://www.b-core.com

    Google Scholar 

  11. AUTOFOCUS: http://autofocus.informatik.tu-muenchen.de

    Google Scholar 

  12. Chapman R.: SPARK—a state-of-the-practice approach to the common criteria implementation requirements, 2nd International CC Conference, Brighton, July 2001.

    Google Scholar 

  13. Lavatelli C.: EDEN: A formal framework for high level security CC evaluations, e-Smart' 2004, Sophia Antipolis 2004.

    Google Scholar 

  14. TL FIT: http://trusted-logic.fr

    Google Scholar 

  15. Jürjens J.: UMLsec: Extending UML for Secure Systems Development, UML 2002, Dresden, LNCS, Springer-Verlag, 2002.

    Google Scholar 

  16. AGTER: Hwa-Jong S.: Development and utilization of automatic generation tool for evaluation report, 5th International CC Conference, Berlin, September 2004.

    Google Scholar 

  17. Naaman N.: A unified framework for information assurance, 5th International CC Conference, Berlin, September 2004.

    Google Scholar 

  18. Melton R.: Integration of risk management with the Common Criteria (ISO/IEC15408:1999), 5th International CC Conference, Berlin, September 2004.

    Google Scholar 

  19. Nash M.: Simpler security targets, 5th International CC Conference, Berlin, September 2004.

    Google Scholar 

  20. Pattinson F.: BS 7799-2 and Common Criteria-Supporting the business of software development, 5th International CC Conference, Berlin, September 2004.

    Google Scholar 

  21. Krueger B.: Application of the Common Criteria to Information Security Management Systems—A study, 5th International CC Conference, Berlin, September 2004.

    Google Scholar 

  22. ARENA: Cakir M.: Evaluation of organizational information systems according to CC and ISO 17799, 5th International CC Conference, Berlin, September 2004.

    Google Scholar 

  23. Jung-Shian Li: Development of CC in Taiwan, 5th International CC Conference, Berlin, September 2004.

    Google Scholar 

  24. SecCert, SecOffice, SecFrame: http://www.iss.pl

    Google Scholar 

  25. Białas A.: Wprowadzenie do problematyki projektowania i oceny zabezpiecze teleinformatycznych, Studia Informatica vol. 22, Number 1(43), Silesian University of Technology Press, Gliwice 2001, pp. 263–287 („Introduction to IT Security Development and Evaluation,” in Polish).

    Google Scholar 

  26. Białas A.: Modelowanie i ocena zabezpiecze teleinformatycznych, Studia Informatica vol. 23, Number 2B(49), Silesian University of Technology Press, Gliwice 2002, pp. 219–232 („Security Modeling and Evaluation,” in Polish).

    Google Scholar 

  27. Białas A.: Sposób formalnego wyra ania własno ci bezpiecze stwa teleinformatycznego, Studia Informatica vol. 24, Number 2B(54), Silesian University of Technology Press, Gliwice 2003, pp. 265–278 („Formal Description of the Security Features,” in Polish).

    Google Scholar 

  28. Apted A.J., Carthigaser M., Lowe Ch.: Common Problems with the Common Criteria, Proceedings of the 3rd International Common Criteria Conference, May 2002. http://www.expotrack.com/iccc/english/proceedings.asp

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Control Systems, 41-506, Chorzów, Długa 1-3, Poland

    Andrzej Białas

Authors
  1. Andrzej Białas
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Washington, Seattle, WA, USA

    Janusz S. Kowalik

  2. Gdansk University of Technologies, Gdansk, Poland

    Janusz Gorski

  3. Institute of Computer Information Technologies, Ternopil Academy of Economy, Ternopil, Ukraine

    Anatoly Sachenko

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer

About this paper

Cite this paper

Białas, A. (2005). IT Security Development. In: Kowalik, J.S., Gorski, J., Sachenko, A. (eds) Cyberspace Security and Defense: Research Issues. NATO Science Series II: Mathematics, Physics and Chemistry, vol 196. Springer, Dordrecht. https://doi.org/10.1007/1-4020-3381-8_1

Download citation

  • DOI: https://doi.org/10.1007/1-4020-3381-8_1

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-1-4020-3379-7

  • Online ISBN: 978-1-4020-3381-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation