Advertisement

Specification Means Definition for the Common Criteria Compliant Development Process – An Ontological Approach

  • Andrzej Białas
Conference paper
Part of the Advances in Intelligent and Soft Computing book series (AINSC, volume 170)

Abstract

The chapter presents a new ontology-based approach to the definition of specification means used in the IT security development process compliant with the Common Criteria standard. Introducing the ontological approach makes, generally, the IT security development process easier and more effective. The chapter provides multiple-use specification means to create Security Targets (STs) for different kinds of IT products or systems. First, the review of works concerning the ontological approach within the information security domain was performed. Then the chapter discusses the ITSDO workout: domain and scope definition, identification of terms within the domain, identification of the hierarchy of classes and its properties, creation of a set of individuals, and the ontology testing and validation. This way a prototype of the specification means knowledge base was proposed, developed in the Protégé Ontology Editor and Knowledge Acquisition System.

Keywords

Class Hierarchy Ontology Development Security Objective Ontological Approach Competency Question 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    ISO/IEC 15408 Common Criteria for IT security evaluation, v.3.1. Part 1-3 (2007)Google Scholar
  2. 2.
    Noy, N.F., McGuiness, D.L.: Ontology Development 101: A Guide to Creating Your First Ontology. Knowledge Systems Laboratory. Stanford University, Stanford (2001), www-ksl.stanford.edu/people/dlm/papers/ontology-tutorial-noy-mcguinness-abstract.html (accessed January 19, 2012)Google Scholar
  3. 3.
    Yavagal, D.S., Lee, S.W., Ahn, G.J., Gandhi, R.A.: Common Criteria Requirements Modeling and its Uses for Quality of Information Assurance (QoIA). In: Proc. of the 43rd Annual ACM Southeast Conference (ACMSE 2005), vol. 2, pp. 130–135. Kennesaw State University Kennesaw, Georgia (2005)CrossRefGoogle Scholar
  4. 4.
    Ekelhart, A., Fenz, S., Goluch, G., Weippl, E.: Ontological Mapping of Common Criteria’s Security Assurance Requirements. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) New Approaches for Security, Privacy and Trust in Complex Environments, pp. 85–95. Springer, Boston (2007)CrossRefGoogle Scholar
  5. 5.
    Bialas, A.: Common Criteria Related Security Design Patterns for Intelligent Sensors—Knowledge Engineering-Based Implementation. Sensors 11, 8085–8114 (2011), http://www.mdpi.com/1424-8220/11/8/8085/ (accessed January 19, 2012 )CrossRefGoogle Scholar
  6. 6.
    Bialas, A.: Semiformal Common Criteria Compliant IT Security Development Framework. Studia Informatica, vol. 29(2B(77)). Silesian University of Technology Press, Gliwice (2008), http://www.znsi.aei.polsl.pl/ (accessed January 19, 2012)Google Scholar
  7. 7.
    Protégé Ontology Editor and Knowledge Acquisition System, Stanford University, http://protege.stanford.edu/ (accessed January 19, 2012)
  8. 8.
    CCMODE (Common Criteria compliant, Modular, Open IT security Development Environment) Project, http://www.commoncriteria.pl/ (accessed January 19, 2012)
  9. 9.
    OSCAD Project (the computer supported business continuity and information security management system), http://www.oscad.eu/ (accessed January 19, 2012)

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  1. 1.Institute of Innovative Technologies EMAGKatowicePoland

Personalised recommendations