Abstract
The Common Criteria (CC) philosophy is to provide assurance based upon an evaluation of the IT product or system that is to be trusted. Evaluation has been the traditional means of providing assurance. It is essential that not only the customer’s requirements for software functionality should be satisfied but also the security requirements imposed on the software development should be effectively analyzed and implemented in contributing to the security objectives of customer’s requirements. Unless suitable requirements are established at the start of the software development process, the resulting end product, however well engineered, may not meet the objectives of its anticipated consumers. By the security evaluation, customer can sure about the quality of the products or systems they will buy and operate. In this paper, we propose a selection guide for IT products by showing relationship between security engineering and security evaluation and make help user and customer select appropriate products or systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ISO. ISO/IEC 15408-1:1999 Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model
ISO. ISO/IEC 15408-2:1999 Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional requirements
ISO. ISO/IEC 15408-3:1999 Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance requirements
ISO. ISO/IEC 21827 Information technology – Systems Security Engineering Capability Maturity Model (SSE-CMM)
Kim, T.-H., No, B.-G., Lee, D.-c.: Threat Description for the PP by Using the Concept of the Assets Protected by TOE. In: Sloot, P.M.A., Abramson, D., Bogdanov, A.V., Gorbachev, Y.E., Dongarra, J., Zomaya, A.Y. (eds.) ICCS 2003. LNCS, vol. 2660, pp. 605–613. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, Th., Kim, Hk. (2004). A Relationship between Security Engineering and Security Evaluation. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3046. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24768-5_77
Download citation
DOI: https://doi.org/10.1007/978-3-540-24768-5_77
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22060-2
Online ISBN: 978-3-540-24768-5
eBook Packages: Springer Book Archive