Reliability Assurance in Development Process for TOE on the Common Criteria

Kim, Haeng-Kon; Kim, Tai-Hoon; Kim, Jae-Sung

doi:10.1007/978-3-540-24675-6_28

Reliability Assurance in Development Process for TOE on the Common Criteria

Haeng-Kon Kim¹⁷,
Tai-Hoon Kim¹⁸ &
Jae-Sung Kim¹⁸

Conference paper

867 Accesses
5 Citations

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3026))

Abstract

Security begins with good software code and high quality testing of the code, and it continues with the process used to identify corrected and patch security vulnerabilities and with their auditing based on recognized standards. Security is an important aspect of software systems, especially for distributed security- sensitive systems. The Common Criteria (CC) is the standard requirements catalogue for the evaluation of security critical systems. Using the CC, a large number of security requirements on the system itself and on the system development can be defined. However, the CC does not give methodological process support. In this paper, we show how integrate security aspects into the software engineering process. In addition, we also introduce our work on ensuring the reliability assurance in development process for Network Management System as TOE. The activities and documents from the Common Criteria are tightly intertwined with the system development, which improves the quality of the developed system and reduces the additional cost and effort due to high security requirements.

For modeling and verification of critical parts of CBD(Component Based Development) system, we use formal description techniques and model checker, which increases both the understanding of the system specification and the system’s reliability. We demonstrate our ideas by means of a case study, the CBD-NMS project.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Common Criteria Project/ISO. Common Criteria for Information Technology Security Evaluation Version 2.1 (ISO/IEC 15408) (1999), http://www.commoncriteria.org/
Information Technology-Software Life Cycle Process, (ISO/IEC 12207) (1997), http://standards.ieee.org/reading/ieee/std/
Prieto-Diaz, R.: The Common Criteria Evaluation Process. Common wealth Information Security Center Technical Report (2002)
Google Scholar
Kim, H.K.: Object modeling and pattern definition for the integrated network management based on CORBA. In: Proceeding of the Korea Multimedia Society, vol. 2(2) (1999)
Google Scholar
Kim, H.K.: A Study on the next generation Internet/Intranet Networking System Development. Technical Report (2001)
Google Scholar
Vetterling, M., Wimmel, G., Wisspeintner, A.: Requirements analysis: Secure systems development based on the common criteria: the PalME project. In: Proceeding sof the tenth ACM SIGSOFT symposium on Foundations of software engineering, November 2002, pp. 129–138 (2002)
Google Scholar
CC on Information Security System. KISA MIC, Korea (2002)
Google Scholar
Kim, H.K.: A Component Specification and Prototyping of Operator Interface System Construction for Network Management. In: SETC 2001. KIPS, vol. 5(1) (2001)
Google Scholar
Han, J.: A comprehensive interface definition framework for software components. In: Proceeding of the 1998 Asia Pacific Software Engineering Conference, Taipei, Taiwan, pp. 110–117. IEEE Computer Society, Los Alamitos (1998)
Chapter Google Scholar
Stephenson, J.: Web Services Architectures for Sec urity, CBDi Journal (February 2003), http://www.cbdiforum.com/
Common Criteria Project/ISO, Common Criteria for Information Technology Security Evaluation Version 2.1 (ISO/IEC 15408) (1999), http://www.commoncriteria.org/cc/
Information Technology-Software Life cycle Process, (ISO/IEC 12207) (1998), http://standards.ieee.org/reading/ieee/std/

Download references

Author information

Authors and Affiliations

Department of Computer Information & Communication Engineering, Catholic University of Daegu, Kyungsan, Kyungbuk, 712-702, South Korea
Haeng-Kon Kim
IT Security Evaluation & Certification Authority, Korea Information Security Agency, Seoul, 138-803, South Korea
Tai-Hoon Kim & Jae-Sung Kim

Authors

Haeng-Kon Kim
View author publications
You can also search for this author in PubMed Google Scholar
Tai-Hoon Kim
View author publications
You can also search for this author in PubMed Google Scholar
Jae-Sung Kim
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Electrical Engineering and Computer Sciences, University of California Berkeley, CA 96720, Berkeley, USA
C. V. Ramamoorthy
Software Engineering and Information Technology Institute, Central Michigan University, Mount Pleasant, 48859, Michigan, USA
Roger Lee
School of Computer Science and Engineering, Chung-Ang University, Korea
Kyung Whan Lee

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kim, HK., Kim, TH., Kim, JS. (2004). Reliability Assurance in Development Process for TOE on the Common Criteria. In: Ramamoorthy, C.V., Lee, R., Lee, K.W. (eds) Software Engineering Research and Applications. SERA 2003. Lecture Notes in Computer Science, vol 3026. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24675-6_28

Download citation

DOI: https://doi.org/10.1007/978-3-540-24675-6_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21975-0
Online ISBN: 978-3-540-24675-6
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics