Supporting verification and validation of security targets with ISO/IEC 15408

Author

Da Bao ; Miura, Jun ; Ning Zhang ; Goto, Yasunori ; Jingde Cheng

Author_Institution

Dept. of Inf. & Comput. Sci., Saitama Univ., Saitama, Japan

fYear

2013

fDate

20-22 Dec. 2013

Firstpage

2621

Lastpage

2628

Abstract

ISO/IEC 15408 is an international standard for security evaluation of information systems, and can be applied throughout the software life cycle to improve security of information systems. A Security Target, which contains specifications of security functions of the target system, is the most important document in development of the system according to ISO/IEC 15408. Verification and Validation of Security Targets must be strictly performed before development of the system. This paper analyzed and clarified 168 targets that Security Targets must satisfy based on ISO/IEC 18045, and the procedures of examining those targets are also provided. Then the paper proposes comprehensive methods to support verification and validation of Security Targets. With these methods, we can implement comprehensive supporting tools for verification and validation of Security Targets.

Keywords

IEC standards; ISO standards; formal specification; information systems; program verification; security of data; software standards; ISO/IEC 15408; ISO/IEC 18045; information systems; international standard; security evaluation; security functions specifications; security targets validation; security targets verification; software life cycle; system development; Abstracts; Hardware; IEC standards; ISO standards; Security; Software; ISO/IEC 15408; ISO/IEC 18045; information security; security target; verification and validation;

fLanguage

English

Publisher

ieee

Conference_Titel

Mechatronic Sciences, Electric Engineering and Computer (MEC), Proceedings 2013 International Conference on

Conference_Location

Shengyang

Print_ISBN

978-1-4799-2564-3

Type

conf

DOI

10.1109/MEC.2013.6885475

Filename

6885475