Title :
Aligning Security Requirements and Security Assurance Using the Common Criteria
Author :
Taguchi, Kenji ; Yoshioka, Nobukazu ; Tobita, Takayuki ; Kaneko, Hiroyuki
Author_Institution :
Inf. Syst. Archit. Res. Div., Nat. Inst. of Inf., Tokyo, Japan
Abstract :
This paper presents a new approach, which attempts to provide a basic framework in which security requirements and security assurance can be aligned in a uniform and concise way in a single requirements modelling methodology. This framework aims at providing security requirements modelling method for the system development as well as security assurance under the Common Criteria (IEC/ISO 15408), an international standard for security assurance and evaluation for IT products. We will adopt use case diagrams as a basis for this modelling method and extend them based on a meta model derived from the Common Criteria, which includes all relevant security concepts and their relationships for an analysis of security threats. We take Multi Function Peripherals (MFPs) as a working example and demonstrate how our proposed modelling method can effectively elicit/analyze security requirements in this paper.
Keywords :
IEC standards; ISO standards; security of data; software engineering; software standards; systems analysis; Common Criteria; IEC/ISO 15408; IT products; multifunction peripherals; security assurance; security requirements modelling; Computer architecture; Computer industry; Costs; IEC standards; ISO standards; Information security; Information systems; National security; Software standards; Standards development; Common Criteria; assurance; requirements; security;
Conference_Titel :
Secure Software Integration and Reliability Improvement (SSIRI), 2010 Fourth International Conference on
Conference_Location :
Singapore
Print_ISBN :
978-1-4244-7435-6
DOI :
10.1109/SSIRI.2010.30
