Abstract
An Information Security Engineering Environment (ISEE) based on ISO/IEC security standards has been proposed. It integrates various tools such that its users can use these tools to ensure the whole security of their target information system at anytime consistently and continuously according to ISO/IEC security standards. But ISEE can only provide its services passively, i.e., when users use ISEE, they have to give some commands or instructions to ISEE. Because crackers are active persons who can get knowledge and skills day after day and then continuously attack the weakest point or connection in each target system always with new techniques, some active services and personalized services to defend attacks and prevent damage beforehand are very desirable to various users of ISEE. We have proposed an Information Security Engineering Cloud (ISEC) as a platform to provide various active services and personalized services based on ISEE to its various users in a way of cloud services. ISO/IEC 15408, as one of the most important international standards, plays an important role to ensure the whole security of target information/software systems, and therefore, has been adopted as the core standard in ISEC. This paper presents a control mechanism to provide active and personalized serviced based on ISO/IEC 15408. In order to realize this mechanism, we defined active and personalized services of ISEC, and analyzed necessary data of checkpoints, which are the items controlled by a series of tasks for managing task progress based on ISO/IEC 15408. Based on the analysis, we show how to provide active and personalized services to meet the different needs of various users.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Buyya, R., Pandey, S., Vecchiola, C.: Cloudbus Toolkit for Market-Oriented Cloud Computing. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) CloudCom. LNCS, vol. 5931, pp. 24–44. Springer, Heidelberg (2009)
Cavage, M.: There’s Just No Getting around It: You’re Building a Distributed System. Int. J. ACM Queue 11(4), 80–89 (2013)
Cheng, J., Goto, Y., Morimoto, S., Horie, D.: A Security Engineering Environment Based on ISO/IEC Standards: Providing Standard, Formal, and Consistent Supports for Design, Development, Operation, and Maintenance of Secure Information Systems. In: Proceedings of the 2nd International Conference on Information Security and Assurance (ISA 2008), pp. 350–354. IEEE Computer Society Press (2008)
Cheng, J., Goto, Y., Horie, D.: ISEE: An Information Security Engineering Environment. In: Proceedings of the International Conference on Security and Cryptography (SECRYPT 2009), pp. 395–400. INSTICC Press (2009)
Cheng, J., Goto, Y., Horie, D., Miura, J., Kasahara, T., Iqbal, A.: Development of ISEE: An Information Security Engineering Environment. In: Proceedings of the 7th IEEE International Symposium on Parallel and Distributed Processing with Applications (ISPA 2009), pp. 505–510. IEEE Computer Society Press (2009)
Classmethod: List of Services Provided by the Amazon Cloud, http://classmethod.jp/solutions/aws/tech/ (accessed June 20, 2013)
Common Criteria Project: Common Criteria Portal, http://www.commoncriteriaportal.org/ (accessed June 20, 2013)
Creeger, M.: Cloud Computing: An Overview. Int. J. ACM Queue 7(5), 3–4 (2009)
Horie, D., Morimoto, S., Azimah, N., Goto, Y., Cheng, J.: ISEDS: An Information Security Engineering Database System Based on ISO Standards. In: Proceedings of the 3rd International Conference on Availability, Reliability and Security (ARES 2008), pp. 1219–1225. IEEE Press (2008)
International Organization for Standardization: ISO/IEC 15408:2009, Information Technology - Security Techniques - Evaluation Criteria for IT Security (2009)
Koren, Y., Bell, R., Volinsky, C.: Matrix Factorization Techniques for Recommendersystems. IEEE Computer 42(8), 30–37 (2009)
Marshall, I., Roadknight, C.: Provision of Quality of Service for Active Services. Computer Networks 36(1), 75–85 (2001)
Xu, L., Shi, K., Goto, Y., Cheng, J.: ISEC: An Information Security Engineering Cloud. In: Proceedings of the 3rd IEEE International Conference on Software Engineering and Service Science (ICSESS 2012), pp. 750–753. IEEE Press (2012)
Xu, L., Wang, B., Goto, Y., Cheng, J.: Providing Users with Suitable Services of Information Security Engineering Cloud Based on ISO/IEC 15408. In: Proceedings of the 4th IEEE International Conference on Software Engineering and Service Science (ICSESS 2013), pp. 321–325. IEEE Press (2013)
Zhang, N., Iqbal, A., Goto, Y., Cheng, J.: An Analysis of Software Supportable Tasks related with ISO/IEC 15408. In: Proceedings of 9th International Conference on Computational Intelligence and Security (CIS 2013), pp. 601–606. IEEE Computer Society Press (2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Xu, L., Goto, Y., Suhaimi, A.I.H., Zhang, N., Cheng, J. (2014). Active and Personalized Services in an Information Security Engineering Cloud Based on ISO/IEC 15408. In: Chau, M., Chen, H., Wang, G.A., Wang, JH. (eds) Intelligence and Security Informatics. PAISI 2014. Lecture Notes in Computer Science, vol 8440. Springer, Cham. https://doi.org/10.1007/978-3-319-06677-6_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-06677-6_4
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-06676-9
Online ISBN: 978-3-319-06677-6
eBook Packages: Computer ScienceComputer Science (R0)