Using the Common Criteria to Elicit Security Requirements with Use Cases

Author

Ware, Michael S. ; Bowles, John B. ; Eastman, Caroline M.

Author_Institution

Fairmont State Univ., WV

fYear

2005

fDate

March 31 2005-April 2 2005

Firstpage

273

Lastpage

278

Abstract

The common criteria is often too confusing and technical for non-security specialists to understand and therefore properly use. At the same time, it is essential that security critical IT products under development be validated according to such standards not after but rather during the software engineering process. To help address these issues, this paper presents an approach to eliciting security requirements for IT systems with use cases using common criteria methodologies. The approach involves using actor profiles to derive threats, mapping derived threats to security objectives, and mapping objectives to security requirements using a CC toolbox data set. Our aim is to ensure that security issues are considered early during requirements engineering while making the common criteria more readily available to end-users in an understandable context. Violet, an open source UML diagram modeling tool, has been extended to implement the approach from a use case textual description perspective

Keywords

Unified Modeling Language; security of data; software development management; CC toolbox data set; Violet; common criteria; open source UML diagram modeling tool; security requirements; software engineering process; Computer aided software engineering; Data security; Information security; Open source software; Programming; Robustness; Software engineering; Software standards; Standards development; Unified modeling language;

fLanguage

English

Publisher

ieee

Conference_Titel

SoutheastCon, 2006. Proceedings of the IEEE

Conference_Location

Memphis, TN

Print_ISBN

1-4244-0168-2

Type

conf

DOI

10.1109/second.2006.1629363

Filename

1629363