CC-based Design of Secure Application Systems

Publication: Research - peer-reviewArticle in proceedings – Annual report year: 2009

View graph of relations

This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secure workflow system, all of them specified to achieve CC assurance level EAL3. The methodology is described and strengths and weaknesses of using the Common Criteria in this way are discussed. In general, the systematic methodology was found to be a good support for the designers, enabling them to produce an effective and secure design, starting with the formulation of a Protection Profile and ending with a concrete design, within the project timeframe.
Original languageEnglish
Title of host publicationEngineering Secure Software and Systems
EditorsB. De Win, F. Massacci, S. Redwine, N. Zannone
PublisherSpringer
Publication date2009
Pages111-121
ISBN (print)978-3-642-00198-7
DOIs
StatePublished

Conference

ConferenceInternational Symposium on Engineering Secure Software and Systems
CountryBelgium
CityLeuven
Period04/02/0906/02/09
Internet addresshttps://distrinet.cs.kuleuven.be/events/essos/2009/
NameLecture Notes in Computer Science
Number5429
ISSN (Print)0302-9743
CitationsWeb of Science® Times Cited: No match on DOI

Keywords

  • Design cases, Common Criteria, Security Engineering
Download as:
Download as PDF
Select render style:
APAAuthorCBEHarvardMLAStandardVancouverShortLong
PDF
Download as HTML
Select render style:
APAAuthorCBEHarvardMLAStandardVancouverShortLong
HTML
Download as Word
Select render style:
APAAuthorCBEHarvardMLAStandardVancouverShortLong
Word

ID: 4314353