Aligning Security Requirements and Security Assurance Using the Common Criteria

Author

Taguchi, Kenji ; Yoshioka, Nobukazu ; Tobita, Takayuki ; Kaneko, Hiroyuki

Author_Institution

Inf. Syst. Archit. Res. Div., Nat. Inst. of Inf., Tokyo, Japan

fYear

2010

fDate

9-11 June 2010

Firstpage

69

Lastpage

77

Abstract

This paper presents a new approach, which attempts to provide a basic framework in which security requirements and security assurance can be aligned in a uniform and concise way in a single requirements modelling methodology. This framework aims at providing security requirements modelling method for the system development as well as security assurance under the Common Criteria (IEC/ISO 15408), an international standard for security assurance and evaluation for IT products. We will adopt use case diagrams as a basis for this modelling method and extend them based on a meta model derived from the Common Criteria, which includes all relevant security concepts and their relationships for an analysis of security threats. We take Multi Function Peripherals (MFPs) as a working example and demonstrate how our proposed modelling method can effectively elicit/analyze security requirements in this paper.

Keywords

IEC standards; ISO standards; security of data; software engineering; software standards; systems analysis; Common Criteria; IEC/ISO 15408; IT products; multifunction peripherals; security assurance; security requirements modelling; Computer architecture; Computer industry; Costs; IEC standards; ISO standards; Information security; Information systems; National security; Software standards; Standards development; Common Criteria; assurance; requirements; security;

fLanguage

English

Publisher

ieee

Conference_Titel

Secure Software Integration and Reliability Improvement (SSIRI), 2010 Fourth International Conference on

Conference_Location

Singapore

Print_ISBN

978-1-4244-7435-6

Type

conf

DOI

10.1109/SSIRI.2010.30

Filename

5502855