PL EN


2013 | 3(29) | 111-127
Article title

Computer-aided tool based on common criteria related design patterns

Title variants
Languages of publication
EN
Abstracts
EN
The paper describes the results of an R&D project whose aim was to work out a computer tool supporting the development of IT products with built-in security features. The tool ensures that all security measures are applied into a product with regards to the requirements of the ISO/IEC 15408 standard (Common Criteria for Information Technology Security Evaluation). Nowadays there are only a few, limited solutions which support developers in using the Common Criteria methodology. The proposed tool supports three basic processes: security development, product development, and product evaluation as well as writing special evidence documents based on design patterns. Developers used the tool in software- and hardware projects and demonstrated it facilitates and speeds up the development processes of IT security-enhanced products.
Contributors
  • Institute of Innovative Technologies EMAG, Katowice
References
  • Bagiński J., Białas A., Validation of the software supporting information security and business continuity management processes, [in:] Complex Systems and Dependability, AISC, vol. 170, eds. W. Zamojski, J. Mazurkiewicz, J. Sugier, T. Walkowiak, J. Kacprzyk, , Springer-Verlag, Berlin Heidelberg 2012, pp. 1-18.
  • Białas A., Common Criteria related security design patterns for intelligent sensors – knowledge engineering-based implementation, “SENSORS”, vol. 11, issue 8, DOI: 10.3390/s110808085, 2011a, pp. 8085-8114.
  • Białas A., How to develop a biometric system with claimed assurance, IEEE Xplore Digital Library, in press, 2013.
  • Białas A., Patterns improving the Common Criteria compliant IT security development process, [in:] Dependable Computer Systems, AISC, vol. 97, eds. W. Zamojski, J. Kacprzyk, J. Mazurkiewicz, J. Sugier, T. Walkowiak, Springer-Verlag, Berlin Heidelberg 2011, pp. 1-16.
  • Białas A., Security-related design patterns for intelligent sensors requiring measurable assurance, “Electrical Review” 2009, vol. 85 (R. 85), no. 7/2009, ISSN 0033-2097, pp. 92-99.
  • Białas A., Semiformal Common Criteria compliant IT security development framework, “Studia Informatica” 2008, 29, no. 2B(77).
  • Białas A., Specification means definition for the Common Criteria compliant development process – an ontological approach, [in:] Complex Systems and Dependability, AISC, vol. 170, eds. W. Zamojski, J. Kacprzyk, J. Mazurkiewicz, J. Sugier, T. Walkowiak, ISBN 978-3-642-30662-4, Springer-Verlag, Berlin Heidelberg 2012, pp. 37-54.
  • Broja A., Cała D., Małachowski M., Śpiechowicz K., Szczurek A., Zastosowanie metodyki Common Criteria podczas procesu projektowania urządzeń na przykładzie czujnika gazometrycznego, Instytut Technik Innowacyjnych EMAG, MIAG 5 (483), Katowice 2011, pp. 12-18.
  • CC Part 1, Common Criteria for Information Technology Security Evaluation (Version 3.1, Revision 4) Part 1: Introduction and general model (ISO/IEC 15408-1), CCMB, September 2012.
  • CC Part 2, Common Criteria for Information Technology Security Evaluation (Version 3.1, Revision 4) Part 2: Part 2: Security functional requirements (ISO/IEC 15408-2), CCMB, September 2012.
  • CC Part 3, Common Criteria for Information Technology Security Evaluation (Version 3.1, Revision 4) Part 3: Part 3: Security assurance requirements (ISO/IEC 15408-3), CCMB, September 2012.
  • CC Portal, http://www.commoncriteriaportal.org/ [accessed July 2013].
  • Certification Report – BSI-DSZ-CC-0694-2012, SmartApp SIGN 2.2 from Polska Wytwórnia Papierów Wartościowych S.A., BSI (ger. Bundesamt für Sicherheit in der Informationstechnik), Bonn, 6 February 2012.
  • Common Methodology for Information Technology Security Evaluation (Version 3.1, Revision 4) Evaluation Methodology, CCMB, September 2012.
  • Guidelines for developer documentation according to Common Criteria Version 3.1, BSI (ger. Bundesamt für Sicherheit in der Informationstechnik), 2007.
  • Guidelines for evaluation reports according to Common Criteria Version 3.1, Version 2.00 for CCv3.1 rev. 3, BSI (ger. Bundesamt für Sicherheit in der Informationstechnik), 2010.
  • Higaki W.H., Successful Common Criteria evaluations. A practical guide for vendors, Create Space Independent Publishing Platform, 2010.
  • Horie D., Yajima K., Azimah N., Goto Y., Cheng J., GEST: A generator of ISO/IEC15408 Security Target templates, [in:] Computer and Information Science, eds. R. Lee., G. Hu, H. Miao, SCI 208, Springer-Verlag, Berlin Heidelberg 2009, pp 149-158.
  • International Common Criteria Conference (13th), http://www.iccc2012paris.com/en/, Paris 2012 [accessed: July 2013].
  • ISO/IEC TR 15446 – Information technology – security techniques – guide for the production of Protection Profiles and Security Targets, JTC 1/SC27, Berlin 2009.
  • ITSEC – Information Technology Security Evaluation Criteria (ITSEC): Preliminary Harmonized Criteria.
  • Document COM(90) 314, Version 1.2, Commission of the European Communities, June 1991.
  • Jackson W., Under attack, GCN, http://gcn.com/articles/2007/08/10/under-attack.aspx, August 10, 2007.
  • Kane I., Automated tools for supporting CC design evidence, [in:] 9th International Common Criteria Conference, Jeju 2008.
  • Komputerowe wspomaganie procesu rozwoju produktów informatycznych o podwyższonych wymaganiach bezpieczeństwa, ed. A. Białas, ISBN 978-83-932737-8-2, Wydawnictwo Instytutu Technik Innowacyjnych EMAG, Katowice 2012.
  • Rogowski D., Software Implementation of Common Criteria Related Design Patterns, IEEE Xplore Digital Library (to be published), 2013.
  • Rogowski D., Nowak P., Pattern based support for Site Certification [in:] Complex Systems and Dependability, AISC, vol. 170, pp. 179-193, eds. W. Zamojski, et. al., Springer-Verlag, Berlin Heidelberg 2012.
  • The PP/ST guide, Version 1, Revision 6.2, BSI (ger. Bundesamt für Sicherheit in der Informationstechnik), August 2007.
  • Trusted-labs, www.trusted-labs.com, [accessed: May 2013].
  • Zastosowanie wzorców projektowych w konstruowaniu zabezpieczeń informatycznych zgodnych ze standardem Common Criteria, ed. A. Białas, ISBN 978-83-932737-2-0, Wydawnictwo Instytutu Technik Innowacyjnych EMAG, Katowice 2011.
Document Type
Publication order reference
Identifiers
YADDA identifier
bwmeta1.element.desklight-29bdfc32-66be-47f2-af41-7572321fbb78
JavaScript is turned off in your web browser. Turn it on to take full advantage of this site, then refresh the page.