Abstract
Security begins with good software code and high quality testing of the code, and it continues with the process used to identify corrected and patch security vulnerabilities and with their auditing based on recognized standards. Security is an important aspect of software systems, especially for distributed security- sensitive systems. The Common Criteria (CC) is the standard requirements catalogue for the evaluation of security critical systems. Using the CC, a large number of security requirements on the system itself and on the system development can be defined. However, the CC does not give methodological process support. In this paper, we show how integrate security aspects into the software engineering process. In addition, we also introduce our work on ensuring the reliability assurance in development process for Network Management System as TOE. The activities and documents from the Common Criteria are tightly intertwined with the system development, which improves the quality of the developed system and reduces the additional cost and effort due to high security requirements.
For modeling and verification of critical parts of CBD(Component Based Development) system, we use formal description techniques and model checker, which increases both the understanding of the system specification and the system’s reliability. We demonstrate our ideas by means of a case study, the CBD-NMS project.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Common Criteria Project/ISO. Common Criteria for Information Technology Security Evaluation Version 2.1 (ISO/IEC 15408) (1999), http://www.commoncriteria.org/
Information Technology-Software Life Cycle Process, (ISO/IEC 12207) (1997), http://standards.ieee.org/reading/ieee/std/
Prieto-Diaz, R.: The Common Criteria Evaluation Process. Common wealth Information Security Center Technical Report (2002)
Kim, H.K.: Object modeling and pattern definition for the integrated network management based on CORBA. In: Proceeding of the Korea Multimedia Society, vol. 2(2) (1999)
Kim, H.K.: A Study on the next generation Internet/Intranet Networking System Development. Technical Report (2001)
Vetterling, M., Wimmel, G., Wisspeintner, A.: Requirements analysis: Secure systems development based on the common criteria: the PalME project. In: Proceeding sof the tenth ACM SIGSOFT symposium on Foundations of software engineering, November 2002, pp. 129–138 (2002)
CC on Information Security System. KISA MIC, Korea (2002)
Kim, H.K.: A Component Specification and Prototyping of Operator Interface System Construction for Network Management. In: SETC 2001. KIPS, vol. 5(1) (2001)
Han, J.: A comprehensive interface definition framework for software components. In: Proceeding of the 1998 Asia Pacific Software Engineering Conference, Taipei, Taiwan, pp. 110–117. IEEE Computer Society, Los Alamitos (1998)
Stephenson, J.: Web Services Architectures for Sec urity, CBDi Journal (February 2003), http://www.cbdiforum.com/
Common Criteria Project/ISO, Common Criteria for Information Technology Security Evaluation Version 2.1 (ISO/IEC 15408) (1999), http://www.commoncriteria.org/cc/
Information Technology-Software Life cycle Process, (ISO/IEC 12207) (1998), http://standards.ieee.org/reading/ieee/std/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, HK., Kim, TH., Kim, JS. (2004). Reliability Assurance in Development Process for TOE on the Common Criteria. In: Ramamoorthy, C.V., Lee, R., Lee, K.W. (eds) Software Engineering Research and Applications. SERA 2003. Lecture Notes in Computer Science, vol 3026. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24675-6_28
Download citation
DOI: https://doi.org/10.1007/978-3-540-24675-6_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21975-0
Online ISBN: 978-3-540-24675-6
eBook Packages: Springer Book Archive