Title :
Ontology-Based Security Problem Definition and Solution for the Common Criteria Compliant Development Process
Author_Institution :
R&D Centre EMAG, Katowice, Poland
fDate :
June 30 2009-July 2 2009
Abstract :
The paper shows how to apply a new ontology-based approach to the security problem definition (SPD), which is the key stage of the IT security development process compliant with the ISO/IEC 15408 Common Criteria standard. The SPD specifies threats, security policies and assumptions concerning the developed target of evaluation (TOE). On the SPD basis the security objectives (SO) are elaborated expressing the SPD problem solution, being the basis for further implementation works. The paper presents shortly the specification means ontology (SMO), the related knowledge base and their use by the IT security developers while the security problem is formulated and solved. The paper gives some examples concerning a simple firewall, summarizes the results and experiences, and defines the plans of future works.
Keywords :
IEC standards; ISO standards; authorisation; knowledge based systems; ontologies (artificial intelligence); ISO/IEC 15408 Common Criteria standard; IT security development process compliant; common criteria compliant development process; firewall; knowledge base; ontology-based security problem definition; security objective; security policy; specification means ontology; target of evaluation; Application software; Computer security; Data security; IEC standards; ISO standards; Information security; Ontologies; Research and development; Risk management; Standards development; Common Criteria; IT security development; knowledge engineering; modelling; ontology;
Conference_Titel :
Dependability of Computer Systems, 2009. DepCos-RELCOMEX '09. Fourth International Conference on
Conference_Location :
Brunow
Print_ISBN :
978-0-7695-3674-3
DOI :
10.1109/DepCoS-RELCOMEX.2009.15
