Computer-aided tool based on common criteria related design patterns

• Authors: Dariusz Rogowski
• Languages of publication: EN

Abstracts

EN

The paper describes the results of an R&D project whose aim was to work out a computer tool supporting the development of IT products with built-in security features. The tool ensures that all security measures are applied into a product with regards to the requirements of the ISO/IEC 15408 standard (Common Criteria for Information Technology Security Evaluation). Nowadays there are only a few, limited solutions which support developers in using the Common Criteria methodology. The proposed tool supports three basic processes: security development, product development, and product evaluation as well as writing special evidence documents based on design patterns. Developers used the tool in software- and hardware projects and demonstrated it facilitates and speeds up the development processes of IT security-enhanced products.

Keywords

EN

Common Criteria; security assurance; design patterns; computer-aided tool

• Publisher: Wydawnictwo Uniwersytetu Ekonomicznego we Wrocławiu
• Journal: Informatyka Ekonomiczna
• Year: 2013
• Issue: 3(29)
• Pages: 111-127

Contributors

author

Dariusz Rogowski

• Institute of Innovative Technologies EMAG, Katowice

References

• Bagiński J., Białas A., Validation of the software supporting information security and business continuity management processes, [in:] Complex Systems and Dependability, AISC, vol. 170, eds. W. Zamojski, J. Mazurkiewicz, J. Sugier, T. Walkowiak, J. Kacprzyk, , Springer-Verlag, Berlin Heidelberg 2012, pp. 1-18.
• Białas A., Common Criteria related security design patterns for intelligent sensors – knowledge engineering-based implementation, “SENSORS”, vol. 11, issue 8, DOI: 10.3390/s110808085, 2011a, pp. 8085-8114.
• Białas A., How to develop a biometric system with claimed assurance, IEEE Xplore Digital Library, in press, 2013.
• Białas A., Patterns improving the Common Criteria compliant IT security development process, [in:] Dependable Computer Systems, AISC, vol. 97, eds. W. Zamojski, J. Kacprzyk, J. Mazurkiewicz, J. Sugier, T. Walkowiak, Springer-Verlag, Berlin Heidelberg 2011, pp. 1-16.
• Białas A., Security-related design patterns for intelligent sensors requiring measurable assurance, “Electrical Review” 2009, vol. 85 (R. 85), no. 7/2009, ISSN 0033-2097, pp. 92-99.
• Białas A., Semiformal Common Criteria compliant IT security development framework, “Studia Informatica” 2008, 29, no. 2B(77).
• Białas A., Specification means definition for the Common Criteria compliant development process – an ontological approach, [in:] Complex Systems and Dependability, AISC, vol. 170, eds. W. Zamojski, J. Kacprzyk, J. Mazurkiewicz, J. Sugier, T. Walkowiak, ISBN 978-3-642-30662-4, Springer-Verlag, Berlin Heidelberg 2012, pp. 37-54.
• Broja A., Cała D., Małachowski M., Śpiechowicz K., Szczurek A., Zastosowanie metodyki Common Criteria podczas procesu projektowania urządzeń na przykładzie czujnika gazometrycznego, Instytut Technik Innowacyjnych EMAG, MIAG 5 (483), Katowice 2011, pp. 12-18.
• CC Part 1, Common Criteria for Information Technology Security Evaluation (Version 3.1, Revision 4) Part 1: Introduction and general model (ISO/IEC 15408-1), CCMB, September 2012.
• CC Part 2, Common Criteria for Information Technology Security Evaluation (Version 3.1, Revision 4) Part 2: Part 2: Security functional requirements (ISO/IEC 15408-2), CCMB, September 2012.
• CC Part 3, Common Criteria for Information Technology Security Evaluation (Version 3.1, Revision 4) Part 3: Part 3: Security assurance requirements (ISO/IEC 15408-3), CCMB, September 2012.
• CC Portal, http://www.commoncriteriaportal.org/ [accessed July 2013].
• Certification Report – BSI-DSZ-CC-0694-2012, SmartApp SIGN 2.2 from Polska Wytwórnia Papierów Wartościowych S.A., BSI (ger. Bundesamt für Sicherheit in der Informationstechnik), Bonn, 6 February 2012.
• Common Methodology for Information Technology Security Evaluation (Version 3.1, Revision 4) Evaluation Methodology, CCMB, September 2012.
• Guidelines for developer documentation according to Common Criteria Version 3.1, BSI (ger. Bundesamt für Sicherheit in der Informationstechnik), 2007.
• Guidelines for evaluation reports according to Common Criteria Version 3.1, Version 2.00 for CCv3.1 rev. 3, BSI (ger. Bundesamt für Sicherheit in der Informationstechnik), 2010.
• Higaki W.H., Successful Common Criteria evaluations. A practical guide for vendors, Create Space Independent Publishing Platform, 2010.
• Horie D., Yajima K., Azimah N., Goto Y., Cheng J., GEST: A generator of ISO/IEC15408 Security Target templates, [in:] Computer and Information Science, eds. R. Lee., G. Hu, H. Miao, SCI 208, Springer-Verlag, Berlin Heidelberg 2009, pp 149-158.
• International Common Criteria Conference (13th), http://www.iccc2012paris.com/en/, Paris 2012 [accessed: July 2013].
• ISO/IEC TR 15446 – Information technology – security techniques – guide for the production of Protection Profiles and Security Targets, JTC 1/SC27, Berlin 2009.
• ITSEC – Information Technology Security Evaluation Criteria (ITSEC): Preliminary Harmonized Criteria.
• Document COM(90) 314, Version 1.2, Commission of the European Communities, June 1991.
• Jackson W., Under attack, GCN, http://gcn.com/articles/2007/08/10/under-attack.aspx, August 10, 2007.
• Kane I., Automated tools for supporting CC design evidence, [in:] 9th International Common Criteria Conference, Jeju 2008.
• Komputerowe wspomaganie procesu rozwoju produktów informatycznych o podwyższonych wymaganiach bezpieczeństwa, ed. A. Białas, ISBN 978-83-932737-8-2, Wydawnictwo Instytutu Technik Innowacyjnych EMAG, Katowice 2012.
• Rogowski D., Software Implementation of Common Criteria Related Design Patterns, IEEE Xplore Digital Library (to be published), 2013.
• Rogowski D., Nowak P., Pattern based support for Site Certification [in:] Complex Systems and Dependability, AISC, vol. 170, pp. 179-193, eds. W. Zamojski, et. al., Springer-Verlag, Berlin Heidelberg 2012.
• The PP/ST guide, Version 1, Revision 6.2, BSI (ger. Bundesamt für Sicherheit in der Informationstechnik), August 2007.
• Trusted-labs, www.trusted-labs.com, [accessed: May 2013].
• Zastosowanie wzorców projektowych w konstruowaniu zabezpieczeń informatycznych zgodnych ze standardem Common Criteria, ed. A. Białas, ISBN 978-83-932737-2-0, Wydawnictwo Instytutu Technik Innowacyjnych EMAG, Katowice 2011.