Abstract
With the scale-spreading and diversification of information systems, security requirements for the systems are being more and more complicated. It is desirable to apply database technologies to information security engineering in order to manage the security requirements in design and development of the systems. This paper proposes a security requirement management database based on the international standard ISO/IEC 15408 that defines security functional requirements which should be satisfied by various information systems. The database can aid design and development of information systems that require high security such that it enables to suitably refer to required data of security requirements.
An erratum to this chapter is available at http://dx.doi.org/10.1007/11751595_129.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Advanced Information Systems Engineering Laboratory, Saitama University.: ISEDS: Information Security Engineering Database System. http://www.aise.ics. saitama-u.ac.jp/
Bruce, T.A.: Designing Quality Databases with IDEF1X Information Models. Dorset House Publishing Company, New York (1991)
Common Criteria Portal Org.: Evaluated product files, http://www.commoncriteriaportal.org/public/files/epfiles/
Common Criteria Portal Org.: Protection profile files, http://www.commoncriteriaportal.org/public/files/ppfiles/
Dolan, K., Wright, P., Montequin, R., Mayer, B., Gilmore, L., Hall, C.: U.S. Department of Defense Traffic-Filter Firewall Protection Profile for Medium Robustness Environments. National Security Agency (2001)
International Software Benchmarking Standard Group.: Empirical Databases of Metrics Collected from Software Projects, http://www.isbsg.org/
ISO/IEC 15408 standard.: Information Technology - Security Techniques - Evaluation Criteria for IT Security (1999)
Jiao, J., Tseng, M.: A Requirement Management Database System for Product Definition. Journal of Integrated Manufacturing Systems 10(3), 146–154 (1999)
Miyazawa, T., Sugawara, H.: Smart Folder 3 Security Target Version: 2.19. Hitachi Software Engineering Co., Ltd. (January 2004)
Morimoto, S., Cheng, J.: Patterning Protection Profiles by UML for Security Specifications. In: Proceedings of the IEEE 2005 International Conference on Intelligent Agents, Web Technology and Internet Commerce (IAWTIC 2005), Vienna, Austria, November 2005, vol. II, pp. 946–951 (2005)
Morimoto, S., Shigematsu, S., Goto, Y., Cheng, J.: A Security Specification Verification Technique Based on the International Standard ISO/IEC 15408. In: Proceedings of the 21st Annual ACM Symposium on Applied Computing (SAC 2006), Dijion, France (April 2006)
PostgreSQL Global Development Group.: PostgreSQL, http://www.postgresql.org/
Software Engineering Institute.: Software Engineering Information Repository, http://seir.sei.cmu.edu/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Morimoto, S., Horie, D., Cheng, J. (2006). A Security Requirement Management Database Based on ISO/IEC 15408. In: Gavrilova, M., et al. Computational Science and Its Applications - ICCSA 2006. ICCSA 2006. Lecture Notes in Computer Science, vol 3982. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11751595_1
Download citation
DOI: https://doi.org/10.1007/11751595_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34075-1
Online ISBN: 978-3-540-34076-8
eBook Packages: Computer ScienceComputer Science (R0)