Incorporating User-oriented Security into CC

Publication: Research - peer-reviewArticle in proceedings – Annual report year: 2009

View graph of relations

Current versions of the Common Criteria concentrate very heavily on technical security issues which are relevant for the design of secure systems. This approach largely ignores a number of questions which can have great significance for whether or not the system can be operated securely in an environment which contains not only other computer systems, but also human users. A case study involving the design of a secure medical instrumentation system will be used to illustrate the problems involved in incorporating user requirements into a secure design, so that system, when implemented, will help users to understand whether they are operating the system in a secure manner, thus avoiding user-related pitfalls such as leaking of confidential data as a result of inappropriate input, loss of patient privacy, inappropriate user reactions due to slow system response, or other similar threats not currently dealt with in CC. Tentative proposals for extensions to the current classes of SFRs will be made on the basis of the analysis of the case.
Original languageEnglish
Title of host publicationProceedings of 10th ICCC
Publication date2009
StatePublished - 2009
Event10th International Common Criteria Conference - Tromsø, Norway


Conference10th International Common Criteria Conference
CityTromsø, Norway
Period01/01/2009 → …


  • Common Criteria, IT Security
Download as:
Download as PDF
Select render style:
Download as HTML
Select render style:
Download as Word
Select render style:

ID: 3798550