• DocumentCode
    1900807
  • Title

    Using the Common Criteria to Elicit Security Requirements with Use Cases

  • Author

    Ware, Michael S. ; Bowles, John B. ; Eastman, Caroline M.

  • Author_Institution
    Fairmont State Univ., WV
  • fYear
    2005
  • fDate
    March 31 2005-April 2 2005
  • Firstpage
    273
  • Lastpage
    278
  • Abstract
    The common criteria is often too confusing and technical for non-security specialists to understand and therefore properly use. At the same time, it is essential that security critical IT products under development be validated according to such standards not after but rather during the software engineering process. To help address these issues, this paper presents an approach to eliciting security requirements for IT systems with use cases using common criteria methodologies. The approach involves using actor profiles to derive threats, mapping derived threats to security objectives, and mapping objectives to security requirements using a CC toolbox data set. Our aim is to ensure that security issues are considered early during requirements engineering while making the common criteria more readily available to end-users in an understandable context. Violet, an open source UML diagram modeling tool, has been extended to implement the approach from a use case textual description perspective
  • Keywords
    Unified Modeling Language; security of data; software development management; CC toolbox data set; Violet; common criteria; open source UML diagram modeling tool; security requirements; software engineering process; Computer aided software engineering; Data security; Information security; Open source software; Programming; Robustness; Software engineering; Software standards; Standards development; Unified modeling language;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    SoutheastCon, 2006. Proceedings of the IEEE
  • Conference_Location
    Memphis, TN
  • Print_ISBN
    1-4244-0168-2
  • Type

    conf

  • DOI
    10.1109/second.2006.1629363
  • Filename
    1629363