Abstract
IT Security evaluation based on Common Criteria (CC, ISO/IEC15408), international standard for evaluation of security properties of IT products and systems, requires evaluation deliverables such as development and operational documents of TOE(Target of Evaluation) according to EAL(Evaluation Assurance Level). As most developers commonly prepare evaluation deliverables after their products have been developed, additional costs and time have been invested to be ready for evaluation evidences in reverse-engineering. But CC does not provide any methodological support to prepare evaluation deliverables, and furthermore, related work is not sufficient. In this paper, we present how Common Criteria apply to development process of VPN (Virtual Private Network). We demonstrate our idea by means of case study – developing RVPN V1.0 according to EAL4 in CC.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, Chichester (2001)
ISO/IEC 15408-1: Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model (August 1999)
ISO/IEC 15408-2: Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional requirements (August 1999)
ISO/IEC 15408-3: Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance requirements (August 1999)
CCEMB, Common Methodology for Information Technology Security Evaluation Part2: Evaluation Methodology Version 1.0 (August 1999)
ISO/IEC12207: Information technology-Software life cycle processes, pp. 6-46 (September 1995)
Kim, S.h., et al.: SSE-CMM BPs to Meet the Requirements of ALC_DVS.1 Component in CC. In: Yazıcı, A., Şener, C. (eds.) ISCIS 2003. LNCS, vol. 2869, pp. 1069–1075. Springer, Heidelberg (2003)
Kim, S.-h., et al.: Supplement of Security-Related Parts of ISO/IEC TR 15504. In: Yazıcı, A., Şener, C. (eds.) ISCIS 2003. LNCS, vol. 2869, pp. 1084–1089. Springer, Heidelberg (2003)
Kim, S.h., et al.: A Case Study in Applying Formal Methods to Specification for Block Cipher Algorithm SEED. In: 2nd Workshop on Information Technology & Its Disciplines (February 2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, S.h., Leem, C.s. (2004). A Case Study in Applying Common Criteria to Development Process of Virtual Private Network. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24707-4_72
Download citation
DOI: https://doi.org/10.1007/978-3-540-24707-4_72
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22054-1
Online ISBN: 978-3-540-24707-4
eBook Packages: Springer Book Archive