Skip to main content
SpringerLink
Log in

A Case Study in Applying Common Criteria to Development Process of Virtual Private Network

  • Conference paper
Book cover Computational Science and Its Applications – ICCSA 2004 (ICCSA 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3043))

Included in the following conference series:

  • 488 Accesses

Abstract

IT Security evaluation based on Common Criteria (CC, ISO/IEC15408), international standard for evaluation of security properties of IT products and systems, requires evaluation deliverables such as development and operational documents of TOE(Target of Evaluation) according to EAL(Evaluation Assurance Level). As most developers commonly prepare evaluation deliverables after their products have been developed, additional costs and time have been invested to be ready for evaluation evidences in reverse-engineering. But CC does not provide any methodological support to prepare evaluation deliverables, and furthermore, related work is not sufficient. In this paper, we present how Common Criteria apply to development process of VPN (Virtual Private Network). We demonstrate our idea by means of case study – developing RVPN V1.0 according to EAL4 in CC.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 74.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, Chichester (2001)

    Google Scholar 

  2. ISO/IEC 15408-1: Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model (August 1999)

    Google Scholar 

  3. ISO/IEC 15408-2: Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional requirements (August 1999)

    Google Scholar 

  4. ISO/IEC 15408-3: Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance requirements (August 1999)

    Google Scholar 

  5. CCEMB, Common Methodology for Information Technology Security Evaluation Part2: Evaluation Methodology Version 1.0 (August 1999)

    Google Scholar 

  6. ISO/IEC12207: Information technology-Software life cycle processes, pp. 6-46 (September 1995)

    Google Scholar 

  7. Kim, S.h., et al.: SSE-CMM BPs to Meet the Requirements of ALC_DVS.1 Component in CC. In: Yazıcı, A., Şener, C. (eds.) ISCIS 2003. LNCS, vol. 2869, pp. 1069–1075. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  8. Kim, S.-h., et al.: Supplement of Security-Related Parts of ISO/IEC TR 15504. In: Yazıcı, A., Şener, C. (eds.) ISCIS 2003. LNCS, vol. 2869, pp. 1084–1089. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  9. Kim, S.h., et al.: A Case Study in Applying Formal Methods to Specification for Block Cipher Algorithm SEED. In: 2nd Workshop on Information Technology & Its Disciplines (February 2004)

    Google Scholar 

  10. http://www.kisa.or.kr

  11. http://www.MitreTek.org

Download references

Author information

Authors and Affiliations

  1. Yonsei University, 134, Shinchon-Dong, Seodaemun-Gu, Seoul, Korea

    Sang ho Kim & Choon seong Leem

Authors
  1. Sang ho Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Choon seong Leem
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, I-06123, Perugia, Italy

    Antonio Laganá

  2. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  3. William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA

    Vipin Kumar

  4. School of Computing, Soongsil University, Seoul, Korea

    Youngsong Mun

  5. OptimaNumerics Ltd., Cathedral House, 23-31 Waring Street, BT1 2DX, Belfast, UK

    C. J. Kenneth Tan

  6. Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy

    Osvaldo Gervasi

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, S.h., Leem, C.s. (2004). A Case Study in Applying Common Criteria to Development Process of Virtual Private Network. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24707-4_72

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24707-4_72

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22054-1

  • Online ISBN: 978-3-540-24707-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation