Skip to main content
SpringerLink
Log in
Book cover

International Conference on Database and Expert Systems Applications

DEXA 1999: Database and Expert Systems Applications pp 416–425Cite as

A Mechanism for Deriving Specifications of Security Functions in the Common Criteria Framework

  • Conference paper
  • First Online:

  • 423 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1677))

Abstract

At the first stage of the Common Criteria process for evaluating the security of information systems, organizational objectives for information security are translated into the specification of all relevant security functions of a becoming system. These specifications are then assessed to specify the subset to be implemented, and further evaluated. The second stage involves risk analysis or related technologies, and the evaluation phase is the major contribution of the common criteria. The derivation of security function specifications from security objectives is the area where further research is needed to provide pragmatic tools for supporting the task. This paper describes a mechanism, harmonization of information security requirements, that aids in this process.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Information technology security evaluation criteria (ITSEC). provisional harmonized criteria, version 1.2. Commossion of the European Communities COM(92) 298 final, Brussels, Belgium, Sept. 1992.

    Google Scholar 

  2. A. Anderson, D. Longley, and L. F.K. Security modelling for organizations. In Proceedings of the 2nd ACM Conference on Computer and Communications Security, pages 241–250. ACM Press, 1994.

    Google Scholar 

  3. J. Backhouse and G. Dhillon. Structures of responsibility and security of information systems. European Journal of Information Systems, 5(1):2–9, 1996.

    Article  Google Scholar 

  4. D. L. Brinkley and R. R. Schell. Concepts and terminology for computer security. In M. D. Abrams, S. Jajodia, and H. J. Podell, editors, Information Security, An Integrated Collection of Essays, pages 40–97. IEEE Computer Society Press, 1995.

    Google Scholar 

  5. E. Dubois and S. Wu. A framework for dealing with and specifying security requirements in information systems. In Proceedings of the IFIP TC11 11th International Conference on Information Systems Security. Chapmann & Hall, 1996.

    Google Scholar 

  6. R. Grimm. A model of security in open telecooperation. In Upper Layers, Protocols, Architectures and Applications, Proceedings of the IFIP TC6/WG6.5 International Conference, IFIP Transactions C: Communication Systems, pages 425–440. North-Holland, 1992.

    Google Scholar 

  7. A. J. I. Jones and M. Sergot. Formal specification of security requirements using the theory of normative positions. In Computer Security-ESORICS’92, number 648 in Lecture Notes in Computer Science, pages 103–121. Springer-Verlag, 1992.

    Chapter  Google Scholar 

  8. C. G. Jussipekka Leiwo and Y. Zheng. Organizational modeling for efficient specification of information security requirements. In Advancaes in Databases and Information Systems, Proceedings of the 3rd East-European Conference, Lecture Notes in Computer Science, Maribor, Slovenia, September 1999. Springer-Verlag.

    Google Scholar 

  9. R. Kruger and J. H. P. Eloff. A common criteria framework for the evaluation of information technology systems security. In Information Security in Research and Business, Proceedings of the IFIP TC11 13th International Conference on Information Systems Security (SEC’97), pages 197–209, Copenhagen, Denmark, May 14-16 1997. Chapmann & Hall.

    Google Scholar 

  10. J. Leiwo, C. Gamage, and Y. Zheng. Harmonization of information security requirements. Informatica, 17, 1999. accepted, to appear.

    Google Scholar 

  11. D. McCullough. Specifications for multi-level security and a hook-up property. In Proceedings of the 1987 IEEE Symposium on Security and Privacy, pages 161–166, 1987.

    Google Scholar 

  12. C. Meadows. Using traces based on procedure calls to reason about composability. In Proceedings of the 1992 IEEE Symposium on Security and Privacy, pages 177–188, 1992.

    Google Scholar 

  13. D. F. Sterne. On the buzzword “security policy”. In 1991 IEEE Symposium on Research in Security and Privacy, pages 219–230. IEEE Computer Society Press, 1991.

    Google Scholar 

  14. M. J. Warren, S. M. Furnell, and P. W. Sanders. ODESSA-a new approach to healthcare risk analysis. In Information Security in Research and Business, Proceedings of the IFIP TC11 13th International Conference on Information Systems Security (SEC’97), pages 391–402, Copenhagen, Denmark, May 14-16 1997. Chapmann & Hall.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Division of Mathematics and Computer Science, Faculty of Sciences, Vrije University, De Boelelaan, 1081a, 1081 HV, Amsterdam, The Netherlands

    Jussipekka Leiwo

Authors
  1. Jussipekka Leiwo
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Liverpool, P.O. Box 147, Liverpool, L49 3BX, UK

    Trevor J.M. Bench-Capon

  2. Department of Systems and Computers, University of Florence, Via S. Marta, 3, I-50139, Florence, Italy

    Giovanni Soda

  3. IFS, Technical University of Vienna, Resselgasse 3, A-1040, Vienna, Austria

    A Min Tjoa

Rights and permissions

Reprints and permissions

Copyright information

© 1999 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Leiwo, J. (1999). A Mechanism for Deriving Specifications of Security Functions in the Common Criteria Framework. In: Bench-Capon, T.J., Soda, G., Tjoa, A.M. (eds) Database and Expert Systems Applications. DEXA 1999. Lecture Notes in Computer Science, vol 1677. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48309-8_39

Download citation

  • DOI: https://doi.org/10.1007/3-540-48309-8_39

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-66448-2

  • Online ISBN: 978-3-540-48309-0

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation