Specification Means Definition for the Common Criteria Compliant Development Process – An Ontological Approach
The chapter presents a new ontology-based approach to the definition of specification means used in the IT security development process compliant with the Common Criteria standard. Introducing the ontological approach makes, generally, the IT security development process easier and more effective. The chapter provides multiple-use specification means to create Security Targets (STs) for different kinds of IT products or systems. First, the review of works concerning the ontological approach within the information security domain was performed. Then the chapter discusses the ITSDO workout: domain and scope definition, identification of terms within the domain, identification of the hierarchy of classes and its properties, creation of a set of individuals, and the ontology testing and validation. This way a prototype of the specification means knowledge base was proposed, developed in the Protégé Ontology Editor and Knowledge Acquisition System.
KeywordsClass Hierarchy Ontology Development Security Objective Ontological Approach Competency Question
Unable to display preview. Download preview PDF.
- 1.ISO/IEC 15408 Common Criteria for IT security evaluation, v.3.1. Part 1-3 (2007)Google Scholar
- 2.Noy, N.F., McGuiness, D.L.: Ontology Development 101: A Guide to Creating Your First Ontology. Knowledge Systems Laboratory. Stanford University, Stanford (2001), www-ksl.stanford.edu/people/dlm/papers/ontology-tutorial-noy-mcguinness-abstract.html (accessed January 19, 2012)Google Scholar
- 3.Yavagal, D.S., Lee, S.W., Ahn, G.J., Gandhi, R.A.: Common Criteria Requirements Modeling and its Uses for Quality of Information Assurance (QoIA). In: Proc. of the 43rd Annual ACM Southeast Conference (ACMSE 2005), vol. 2, pp. 130–135. Kennesaw State University Kennesaw, Georgia (2005)CrossRefGoogle Scholar
- 4.Ekelhart, A., Fenz, S., Goluch, G., Weippl, E.: Ontological Mapping of Common Criteria’s Security Assurance Requirements. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) New Approaches for Security, Privacy and Trust in Complex Environments, pp. 85–95. Springer, Boston (2007)CrossRefGoogle Scholar
- 7.Protégé Ontology Editor and Knowledge Acquisition System, Stanford University, http://protege.stanford.edu/ (accessed January 19, 2012)
- 8.CCMODE (Common Criteria compliant, Modular, Open IT security Development Environment) Project, http://www.commoncriteria.pl/ (accessed January 19, 2012)
- 9.OSCAD Project (the computer supported business continuity and information security management system), http://www.oscad.eu/ (accessed January 19, 2012)