Title :
Applying the common criteria in systems engineering
Author :
Keblawi, Feisal ; Sullivan, Dick
Author_Institution :
Fed. Aviation Adm., Washington, DC
Abstract :
The National Institute of Standards and Technology has proposed using the common criteria and system-level protection profiles (SLPPs) to specify security requirements in large systems, such as those used in air traffic management. This article summarizes experience with SLPP and security targets for the US Federal Aviation Administration´s National Airspace System. The authors review the FAA efforts, highlight the problems encountered, and offer suggestions for future work, calling for more research on linking systems, software, and security requirements engineering with SLPP; clearer ties between security specifications and system certification; and better guidance on the appropriate use of SLPP as a prerequisite to widespread use
Keywords :
aerospace computing; air traffic control; certification; formal specification; security of data; National Airspace System; National Institute of Standards and Technology; US Federal Aviation Administration; air traffic management; aviation security; common criteria; requirements analysis; security requirement specification; security targets; software engineering; system certification; system-level protection profiles; systems engineering; Absorption; Computer security; Costs; FAA; Impedance; National security; Protection; Specification languages; Standards development; Systems engineering and theory; Common Criteria; aviation security; protection profiles; requirements analysis; requirements specifications; security engineering; software engineering; systems engineering;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2006.35
