Pattern Based Support for Site Certification

Conference paper
Part of the Advances in Intelligent and Soft Computing book series (AINSC, volume 170)

Abstract

The work presents a methodology for building development environments of secure and reliable IT products or systems according to the newest approach called Site Certification. The methodology is based on design patterns worked out in the CCMODE project (Common Criteria compliant, Modular, Open IT security Development Environment) carried out by the Institute of Innovative Technologies EMAG. The design patterns help developers to write proper documents (evidences) according to the Site Certification requirements. This approach allows to gain a certificate for a development environment. Next, the certificate can also be used to diminish the costs of the product evaluation according to the Common Criteria standard. The work shows by examples how to accomplish the final document by using its pattern.

Keywords

Smart Card Design Pattern Development Environment Common Criterion Site Evaluation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    ISO/IEC 15408-1, v3.1, Information technology – Security techniques – Introduction and general model (Common Criteria Part 1) (2009)Google Scholar
  2. 2.
    ISO/IEC 15408-2, v3.1, Information technology – Security techniques – Security functional requirements (Common Criteria Part 2) (2009)Google Scholar
  3. 3.
    ISO/IEC 15408-3, v3.1, Information technology – Security techniques – Security assurance requirements (Common Criteria Part 3) (2009)Google Scholar
  4. 4.
    Białas, A. (pod redakcją): Zastosowanie wzorców projektowych w konstruowaniu zabezpieczeń informatycznych zgodnych ze standardem Common Criteria. Wydawnictwo Instytutu Technik Innowacyjnych EMAG, sfinansowano ze środków UE POIG 1.3.1, Katowice (English title: Application of design patterns in the development of IT security compliant with Common Criteria) (2011)Google Scholar
  5. 5.
    Białas, A.: Patterns Improving the Common Criteria Compliant IT Security Development Process. In: Zamojski, W., Kacprzyk, J., Mazurkiewicz, J., Sugier, J., Walkowiak, T. (eds.) Dependable Computer Systems. AISC, vol. 97, pp. 1–16. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    Bialas, A.: Patterns-based development of IT security evaluation evidences. In: The 11th International Common Criteria Conference, Antalya (2010), http://www.11iccc.org.tr/presentations.asp
  7. 7.
    Białas, A.: Security-related design patterns for intelligent sensors requiring measurable assurance. Electrical Review (Przegląd Elektrotechniczny) 85(R.85)(7), 92–99 (2009) ISSN 0033-2097Google Scholar
  8. 8.
    CCDB, Supporting Document Guidance, Site Certification. Version 1.0 Revision 1, CCDB-2007-11-001 (2007)Google Scholar
  9. 9.
    The Common Criteria portal, http://www.commoncriteriaportal.org (accessed January 2012)
  10. 10.
    Sonnenberg, F.: Site Certification Process. In: 7th ICCC, Lanzarote, Spain (2006)Google Scholar
  11. 11.
    Borch, T.: First Trial-Use-Results of the Site Certification Process. In: 7th ICCC, Lanzarote, Spain (2006)Google Scholar
  12. 12.
    Albertsen, H., Noller, J.: Good News & Guidelines. In: 10th ICCC, Tromso, Norway (2009)Google Scholar
  13. 13.
    BSI, Site Security Target Lite for the Inlay Production of HID Global GmbH in Erfurt. Certification ID: BSI-DSZ-CC-S-0001, version 1.1 (2009)Google Scholar
  14. 14.
    BSI, Guidance for Site Certification. Version 1.0 (2010)Google Scholar
  15. 15.
    BSI, Security IC Platform Protection Profile. Version 1.0, BSI-PP-0035 (2007)Google Scholar
  16. 16.
    BSI, Details for the structure and content of the ETR for Site Certification, ver. 1.0 (2010)Google Scholar
  17. 17.
    BSI, Single Evaluation Report of the Assurance Class AST (Site Security Target evaluation). Version 1.0, 16th, BSI – Template_ETR-Part_AST_v1_0.doc (2010)Google Scholar
  18. 18.
    BSI, Single Evaluation Report of the Assurance Class ALC (Life-Cycle Support). Version 1.0, 16th, BSI – Template_ETR-Part_ALC_v1_0.doc (2010)Google Scholar
  19. 19.
    Site Security Target Lite of HID Global Ireland Teoranta in Galway Ireland. Certification ID: BSI-DSZ-CC-S-0004Google Scholar
  20. 20.
    Site Security Target for SMT1 Smartrack Technology Ltd., Certification ID: BSI-DSZ-CC-S-0002, version 1.51 lite, September 30 (2009)Google Scholar
  21. 21.
  22. 22.
    The CCMODE project portal, http://commoncriteria.pl (accessed on January 2012)
  23. 23.
    BSI, Guidelines for Developer Documentation according to Common Criteria Version 3.1, Bundesamt für Sicherheit in der Informationstechnik (2007)Google Scholar
  24. 24.
    BSI, Guidelines for Evaluation Reports according to Common Criteria Version 3.1, Bundesamt für Sicherheit in der Informationstechnik ,Version 2.00 for CCv3.1 rev. 3 (2010)Google Scholar
  25. 25.
    Nowak, P., Rogowski, D., Styczeń, I.: Certyfikacja lokalnego środowiska rozwojowego (Site Certification) jako innowacyjne podejście do oceny produktów według standardu Common Criteria. MIAG, Katowice (English title: Site Certification as innovative approach to products evaluation according Common Criteria standard) (2011)Google Scholar
  26. 26.
    CCMB, Common Methodology for Information Technology Security Evaluation (CEM), Evaluation methodology. Version 3.1, Revision 3, CCMB-2009-07-004 (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  1. 1.Institute of Innovative Technologies EMAGKatowicePoland

Personalised recommendations