Advertisement

A Security Requirement Management Database Based on ISO/IEC 15408

  • Shoichi Morimoto
  • Daisuke Horie
  • Jingde Cheng
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3982)

Abstract

With the scale-spreading and diversification of information systems, security requirements for the systems are being more and more complicated. It is desirable to apply database technologies to information security engineering in order to manage the security requirements in design and development of the systems. This paper proposes a security requirement management database based on the international standard ISO/IEC 15408 that defines security functional requirements which should be satisfied by various information systems. The database can aid design and development of information systems that require high security such that it enables to suitably refer to required data of security requirements.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Advanced Information Systems Engineering Laboratory, Saitama University.: ISEDS: Information Security Engineering Database System. http://www.aise.ics. saitama-u.ac.jp/Google Scholar
  2. 2.
    Bruce, T.A.: Designing Quality Databases with IDEF1X Information Models. Dorset House Publishing Company, New York (1991)Google Scholar
  3. 3.
    Common Criteria Portal Org.: Evaluated product files, http://www.commoncriteriaportal.org/public/files/epfiles/
  4. 4.
    Common Criteria Portal Org.: Protection profile files, http://www.commoncriteriaportal.org/public/files/ppfiles/
  5. 5.
    Dolan, K., Wright, P., Montequin, R., Mayer, B., Gilmore, L., Hall, C.: U.S. Department of Defense Traffic-Filter Firewall Protection Profile for Medium Robustness Environments. National Security Agency (2001)Google Scholar
  6. 6.
    International Software Benchmarking Standard Group.: Empirical Databases of Metrics Collected from Software Projects, http://www.isbsg.org/
  7. 7.
    ISO/IEC 15408 standard.: Information Technology - Security Techniques - Evaluation Criteria for IT Security (1999)Google Scholar
  8. 8.
    Jiao, J., Tseng, M.: A Requirement Management Database System for Product Definition. Journal of Integrated Manufacturing Systems 10(3), 146–154 (1999)CrossRefGoogle Scholar
  9. 9.
    Miyazawa, T., Sugawara, H.: Smart Folder 3 Security Target Version: 2.19. Hitachi Software Engineering Co., Ltd. (January 2004)Google Scholar
  10. 10.
    Morimoto, S., Cheng, J.: Patterning Protection Profiles by UML for Security Specifications. In: Proceedings of the IEEE 2005 International Conference on Intelligent Agents, Web Technology and Internet Commerce (IAWTIC 2005), Vienna, Austria, November 2005, vol. II, pp. 946–951 (2005)Google Scholar
  11. 11.
    Morimoto, S., Shigematsu, S., Goto, Y., Cheng, J.: A Security Specification Verification Technique Based on the International Standard ISO/IEC 15408. In: Proceedings of the 21st Annual ACM Symposium on Applied Computing (SAC 2006), Dijion, France (April 2006)Google Scholar
  12. 12.
    PostgreSQL Global Development Group.: PostgreSQL, http://www.postgresql.org/
  13. 13.
    Software Engineering Institute.: Software Engineering Information Repository, http://seir.sei.cmu.edu/

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Shoichi Morimoto
    • 1
  • Daisuke Horie
    • 2
  • Jingde Cheng
    • 2
  1. 1.Advanced Institute of Industrial TechnologyTokyoJapan
  2. 2.Department of Information and Computer SciencesSaitama UniversitySaitamaJapan

Personalised recommendations