Abstract
The paper deals with the Common Criteria Evaluation Methodology (CEM), especially with its part related to the vulnerability assessment. The aim of the paper is better structurization of the vulnerability assessment process, allowing its future automatization. The ontological approach will be applied to develop the models of processes and data. The elementary evaluation processes are defined on the basis of the analysis of the CEM vulnerability assessment. The process activities, input and output information, are identified and specified in a pseudocode. The process verification against CEM is performed. The conclusions summarize the verification and propose future works to build the ontology, knowledge base and the vulnerability assessment tool.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Common Criteria for IT Security Evaluation. Part 1-3, version 3.1 rev. 5 (2017)
CC Portal. https://www.commoncriteriaportal.org/. Accessed 7 Jan 2019
Common Methodology for IT Security Evaluation. version 3.1 rev. 5 (2017)
Hermann, D.S.: Using the Common Criteria for IT Security Evaluation. CRC Press, Boca Raton (2003)
Higaki, W.H.: Successful Common Criteria Evaluation. A Practical Guide for Vendors, Copyright 2010, Lexington, KY (2011)
Bialas, A.: Common criteria related security design patterns for intelligent sensors—knowledge engineering-based implementation. Sensors 11, 8085–8114 (2011)
Bialas, A.: Computer-aided sensor development focused on security issues. Sensors 16, 759 (2016)
Bialas, A.: Software support of the common criteria vulnerability assessment. In: Zamojski, W., et al. (eds.) Advances in Intelligent Systems and Computing, vol. 582, pp. 26–38. Springer, Cham (2017)
Bialas, A.: Common criteria IT security evaluation methodology – an ontological approach. In: Zamojski, W., et al. (eds.) Advances in Intelligent Systems and Computing, vol. 761, pp. 23–34. Springer, Cham (2019)
Vulnerability assessment guide for developers. IPA (2013)
Tallon Guerri, J.: Vulnerability analysis taxonomy achieving completeness in a systematic way. In: International Common Criteria Conference, Tromso (2009)
CAPEC – Common Attack Pattern Enumeration and Classification. https://capec.mitre.org/. Accessed 7 Jan 2019
Turner, L.: Test Automation for CC. Best Practices (CCUF Test Automation WG). In: International Common Criteria Conference, Amsterdam (2018)
Guerin, F.: Return from study period in ISO SC27 WG3 on patch management evaluation for common criteria. In: International Common Criteria Conference, Amsterdam (2018)
de Franco Rosa, F., Jino, M.: A survey of security assessment ontologies. In: Rocha, Á., et al. (eds.) Recent Advances in Information Systems and Technologies. WorldCIST 2017. AISC, vol. 569. Springer, Cham (2017)
Obrst, L., Chase, P., Markeloff, R.: Developing an Ontology of the Cyber Security Domain, The MITRE Corporation (2012)
Takahashi, T., Kadobayashi, Y.: Reference Ontology for Cybersecurity Operational Information, The British Computer Society (2014). (open access article)
Goertzel, K.M., Winograd, T. (contributor): Information Assurance Tools Report – Vulnerability Assessment, 6th edn. Information Assurance Technology Analysis Center (IATAC), USA (2011)
Acknowledgement
The paper deals with the KSO3C (National scheme of the Common Criteria evaluation and certification) project, financed by the Polish National Centre for Research and Development as part of the second CyberSecIdent – Cybersecurity and e-Identity competition (CYBERSECIDENT/381282/II/NCBR/2018).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Bialas, A. (2020). Structurization of the Common Criteria Vulnerability Assessment Process. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Engineering in Dependability of Computer Systems and Networks. DepCoS-RELCOMEX 2019. Advances in Intelligent Systems and Computing, vol 987. Springer, Cham. https://doi.org/10.1007/978-3-030-19501-4_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-19501-4_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-19500-7
Online ISBN: 978-3-030-19501-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)