Skip to main content
SpringerLink
Log in
Book cover

International Conference on Computational Science and Its Applications

ICCSA 2004: Computational Science and Its Applications – ICCSA 2004 pp 1069–1077Cite as

A Case Study in Applying Common Criteria to Development Process to Improve Security of Software Products

  • Conference paper

  • 621 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3043))

Abstract

IT Security evaluation based on Common Criteria (CC, ISO/ IEC 15408), international standard for evaluation of security properties of IT products and systems, requires evaluation deliverables such as development and operational documents of TOE (Target of Evaluation) according to EAL (Evaluation Assurance Level). As most developers commonly prepare evaluation deliverables after their products have been developed, additional costs and time have been invested to be ready for evaluation evidences in reverse-engineering. But CC does not provide any methodological support to prepare evaluation deliverables, and furthermore, related work is not sufficient. In this paper, we present how CC applies to development process to improve security of their products and reduce the time and costs to make IT security evaluation. We demonstrate our idea by means of case study – developing MTOS 7.5, security enhanced UNIX-like operating system based on BSD 4.4 according to EAL3 in CC.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   74.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, Chichester (2001)

    Google Scholar 

  2. ISO/IEC 15408-1: Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model (August 1999)

    Google Scholar 

  3. ISO/IEC 15408-2: Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional requirements (August 1999)

    Google Scholar 

  4. ISO/IEC 15408-3: Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance requirements (August 1999)

    Google Scholar 

  5. CCEMB, Common Methodology for Information Technology Security Evaluation Part2: Evaluation Methodology Version 1.0 (August 1999)

    Google Scholar 

  6. ISO/IEC 12207: Information technology - Software life cycle processes, pp. 6-46 (September 1995)

    Google Scholar 

  7. Kim, S.h., et al.: SSE-CMM BPs to Meet the Requirements of ALC DVS.1 Component in CC. In: Yazıcı, A., Şener, C. (eds.) ISCIS 2003. LNCS, vol. 2869, pp. 1069–1075. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  8. Kim, S.h., et al.: Supplement of Security-Related Parts of ISO/IEC TR 15504. In: Yazıcı, A., Şener, C. (eds.) ISCIS 2003. LNCS, vol. 2869, pp. 1084–1089. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  9. http://www.kisa.or.kr

  10. http://www.ecsec.org

  11. http://www.mitreTek.org

  12. http://www.cygnaCom.com

Download references

Author information

Authors and Affiliations

  1. Yonsei University, 134, Shinchon-Dong, Seodaemun-Gu, Seoul, Korea

    Sang Ho Kim & Choon Seong Leem

Authors
  1. Sang Ho Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Choon Seong Leem
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, I-06123, Perugia, Italy

    Antonio Laganá

  2. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  3. William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA

    Vipin Kumar

  4. School of Computing, Soongsil University, Seoul, Korea

    Youngsong Mun

  5. OptimaNumerics Ltd., Cathedral House, 23-31 Waring Street, BT1 2DX, Belfast, UK

    C. J. Kenneth Tan

  6. Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy

    Osvaldo Gervasi

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, S.H., Leem, C.S. (2004). A Case Study in Applying Common Criteria to Development Process to Improve Security of Software Products. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24707-4_120

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24707-4_120

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22054-1

  • Online ISBN: 978-3-540-24707-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation