Article

Common criteria requirements modeling and its uses for quality of information assurance (QoIA)

Authors:

Deepak S. Yavagal,

Seok Won Lee,

Gail-Joon Ahn,

Robin A. GandhiAuthors Info & Claims

ACMSE '05 vol 2: Proceedings of the 43rd annual ACM Southeast Conference - Volume 2

Pages 130 - 135

https://doi.org/10.1145/1167253.1167287

Published: 18 March 2005 Publication History

Get Access

Abstract

The Common Criteria for Information Technology Security Evaluation (CCITSE), usually referred to as the Common Criteria (CC), establishes a level of trustworthiness and confidence that should be placed in the security functions of products or systems and the assurance measures applied to them. CC achieves this by evaluating the product or system conformance with a common set of requirements set forth by it. To engineer a product that meets the information assurance goals of CC, a structured and comprehensive methodology is required to drive the activities undertaken in all the stages of the software requirements engineering (RE) process. Such a methodology is inevitable to understand and attain the Quality of Information Assurance (QoIA). As an effort in this direction, we focus on the use of object-oriented ontology modeling as an effective way of representing and enforcing the given common set of requirements established by CC. Our methodology leverages novel techniques from software requirement engineering and knowledge engineering. This paper also describes how this methodology can effectively realize CC-related requirements of the target systems and help evaluate such systems for conformance to the certification and accreditation (C&A) process.

References

[1]

Breitman, K. K. and Leite, J., Ontology as a Requirements Engineering Product, In Proceedings of the IEEE Int'l RE Conf., Mini-tutorial on Ontology Development, 2003

Digital Library

Google Scholar

[2]

Carroll, J. J., Dickinson, I., Dollin, C., Reynolds, D., Seaborne, A., Jena: Implementing the Semantic Web Recommendations, Kevin Wilkinson Digital Media Systems Laboratory HP Laboratories Bristol, 2003

Google Scholar

[3]

CC ToolBox#8482;. Developed by SPARTA, Inc. for the National Information Assurance Partnership (NIAP) http://cctoolbox.sparta.com

Google Scholar

[4]

Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and general model, Part 2: Security functional requirements, Part 3: Security assurance requirements, August 1999 Version 2.1

Google Scholar

[5]

Hearn, J., Does the common criteria paradigm have a future?, National Cryptologic Museum, Security & Privacy Magazine, IEEE, Jan-Feb. 2004

Digital Library

Google Scholar

[6]

Jackson, M. The Meaning of Requirements. Annals of Software Engineering, Vol. 3, pp: 5--21, Baltzer Science Publishers. 1997

Digital Library

Google Scholar

[7]

Lee, S. W. and Yavagal, D., GenOM User's Guide, Technical Report, Department of Software and Information Systems, University of North Carolina at Charlotte, 2004

Google Scholar

[8]

Swartout, W. and Tate, A. Ontologies. In Intelligent Systems, IEEE, 14 (1), pp. 18--19, Jan/Feb 1999

Digital Library

Google Scholar

[9]

Vetterling, Monika., Wimmel, G., Wisspeintner, A., Secure systems development based on the common criteria: the PalME project, In ACM SIGSOFT symposium on Foundations of software engineering, Charleston, SC, USA, 2002

Digital Library

Google Scholar

Cited By

View all

Wen SKatt B(2022)Ontology-Based Metrics Computation for System Security Assurance EvaluationJournal of Applied Security Research10.1080/19361610.2022.215719019:2(230-275)Online publication date: 19-Dec-2022
https://doi.org/10.1080/19361610.2022.2157190
Shukla AKatt BNweke LYeng PWeldehawaryat G(2022)System security assuranceComputer Science Review10.1016/j.cosrev.2022.10049645:COnline publication date: 1-Aug-2022
https://dl.acm.org/doi/10.1016/j.cosrev.2022.100496
Wen SKatt B(2022)SAEOn: An Ontological Metamodel for Quantitative Security Assurance EvaluationComputer Security. ESORICS 2022 International Workshops10.1007/978-3-031-25460-4_35(605-624)Online publication date: 26-Sep-2022
https://dl.acm.org/doi/10.1007/978-3-031-25460-4_35
Show More Cited By

Index Terms

Common criteria requirements modeling and its uses for quality of information assurance (QoIA)
1. Software and its engineering
  1. Software creation and management
    1. Designing software
      1. Requirements analysis

Recommendations

Aligning Security Requirements and Security Assurance Using the Common Criteria
SSIRI '10: Proceedings of the 2010 Fourth International Conference on Secure Software Integration and Reliability Improvement

This paper presents a new approach, which attempts to provide a basic framework in which security requirements and security assurance can be aligned in a uniform and concise way in a single requirements modelling methodology. This framework aims at ...
A common criteria based security requirements engineering process for the development of secure information systems

In order to develop security critical Information Systems, specifying security quality requirements is vitally important, although it is a very difficult task. Fortunately, there are several security standards, like the Common Criteria (ISO/IEC 15408), ...
Capturing data quality requirements for web applications by means of DQ_WebRE

The number of Web applications which are part of Business Intelligence (BI) applications has grown exponentially in recent years, as has their complexity. Consequently, the amount of data used by these applications has also increased. The larger the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ACMSE '05 vol 2: Proceedings of the 43rd annual ACM Southeast Conference - Volume 2

March 2005

430 pages

ISBN:1595930590

DOI:10.1145/1167253

General Chair:
Mario Guimaraes
Kennesaw State University

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 March 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

ACM SE05

Sponsor:

ACM SE05: ACM Southeast Regional Conference 2005

March 18 - 20, 2005

Georgia, Kennesaw

Acceptance Rates

Overall Acceptance Rate 502 of 1,023 submissions, 49%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
945
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)1

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Wen SKatt B(2022)Ontology-Based Metrics Computation for System Security Assurance EvaluationJournal of Applied Security Research10.1080/19361610.2022.215719019:2(230-275)Online publication date: 19-Dec-2022
https://doi.org/10.1080/19361610.2022.2157190
Shukla AKatt BNweke LYeng PWeldehawaryat G(2022)System security assuranceComputer Science Review10.1016/j.cosrev.2022.10049645:COnline publication date: 1-Aug-2022
https://dl.acm.org/doi/10.1016/j.cosrev.2022.100496
Wen SKatt B(2022)SAEOn: An Ontological Metamodel for Quantitative Security Assurance EvaluationComputer Security. ESORICS 2022 International Workshops10.1007/978-3-031-25460-4_35(605-624)Online publication date: 26-Sep-2022
https://dl.acm.org/doi/10.1007/978-3-031-25460-4_35
Bialas A(2018)Common Criteria IT Security Evaluation Methodology – An Ontological ApproachContemporary Complex Systems and Their Dependability10.1007/978-3-319-91446-6_3(23-34)Online publication date: 27-May-2018
https://doi.org/10.1007/978-3-319-91446-6_3
Leberknight C(2016)Perceived Threat Modeling for Cyber‐Physical SystemsCyber‐Assurance for the Internet of Things10.1002/9781119193784.ch11(257-281)Online publication date: 17-Dec-2016
https://doi.org/10.1002/9781119193784.ch11
(2016)BibliographyCyber‐Assurance for the Internet of Things10.1002/9781119193784.biblio(433-455)Online publication date: 17-Dec-2016
https://doi.org/10.1002/9781119193784.biblio
Parreira PDellosso Penteado R(2015)Domain ontologies in the context of Requirements Engineering2015 IEEE/ACS 12th International Conference of Computer Systems and Applications (AICCSA)10.1109/AICCSA.2015.7507206(1-8)Online publication date: Nov-2015
https://doi.org/10.1109/AICCSA.2015.7507206
Białas A(2013)Specification Means Definition for the Common Criteria Compliant Development Process – An Ontological ApproachComplex Systems and Dependability10.1007/978-3-642-30662-4_3(37-53)Online publication date: 2013
https://doi.org/10.1007/978-3-642-30662-4_3
Bialas A(2011)Common Criteria Related Security Design Patterns for Intelligent Sensors—Knowledge Engineering-Based ImplementationSensors10.3390/s11080808511:8(8085-8114)Online publication date: 17-Aug-2011
https://doi.org/10.3390/s110808085
Bialas A(2009)Ontology-Based Security Problem Definition and Solution for the Common Criteria Compliant Development ProcessProceedings of the 2009 Fourth International Conference on Dependability of Computer Systems10.1109/DepCoS-RELCOMEX.2009.15(3-10)Online publication date: 30-Jun-2009
https://dl.acm.org/doi/10.1109/DepCoS-RELCOMEX.2009.15
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Aligning Security Requirements and Security Assurance Using the Common Criteria

A common criteria based security requirements engineering process for the development of secure information systems

Capturing data quality requirements for web applications by means of DQ_WebRE