Applying the common criteria in systems engineering

Author

Keblawi, Feisal ; Sullivan, Dick

Author_Institution

Fed. Aviation Adm., Washington, DC

Volume

4

Issue

2

fYear

2006

Firstpage

50

Lastpage

55

Abstract

The National Institute of Standards and Technology has proposed using the common criteria and system-level protection profiles (SLPPs) to specify security requirements in large systems, such as those used in air traffic management. This article summarizes experience with SLPP and security targets for the US Federal Aviation Administration´s National Airspace System. The authors review the FAA efforts, highlight the problems encountered, and offer suggestions for future work, calling for more research on linking systems, software, and security requirements engineering with SLPP; clearer ties between security specifications and system certification; and better guidance on the appropriate use of SLPP as a prerequisite to widespread use

Keywords

aerospace computing; air traffic control; certification; formal specification; security of data; National Airspace System; National Institute of Standards and Technology; US Federal Aviation Administration; air traffic management; aviation security; common criteria; requirements analysis; security requirement specification; security targets; software engineering; system certification; system-level protection profiles; systems engineering; Absorption; Computer security; Costs; FAA; Impedance; National security; Protection; Specification languages; Standards development; Systems engineering and theory; Common Criteria; aviation security; protection profiles; requirements analysis; requirements specifications; security engineering; software engineering; systems engineering;

fLanguage

English

Journal_Title

Security & Privacy, IEEE

Publisher

ieee

ISSN

1540-7993

Type

jour

DOI

10.1109/MSP.2006.35

Filename

1621060