CC-based Design of Secure Application Systems

Robin Sharp

doi:10.1007/978-3-642-00199-4_10

CC-based Design of Secure Application Systems

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

Abstract

This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secure workflow system, all of them specified to achieve CC assurance level EAL3. The methodology is described and strengths and weaknesses of using the Common Criteria in this way are discussed. In general, the systematic methodology was found to be a good support for the designers, enabling them to produce an effective and secure design, starting with the formulation of a Protection Profile and ending with a concrete design, within the project timeframe.

Original language	English
Title of host publication	Engineering Secure Software and Systems
Editors	B. De Win, F. Massacci, S. Redwine, N. Zannone
Publisher	Springer
Publication date	2009
Pages	111-121
ISBN (Print)	978-3-642-00198-7
DOIs	https://doi.org/10.1007/978-3-642-00199-4_10
Publication status	Published - 2009
Event	International Symposium on Engineering Secure Software and Systems - Leuven, Belgium Duration: 4 Feb 2009 → 6 Feb 2009 https://distrinet.cs.kuleuven.be/events/essos/2009/

Conference

Conference	International Symposium on Engineering Secure Software and Systems
Country/Territory	Belgium
City	Leuven
Period	04/02/2009 → 06/02/2009
Internet address	https://distrinet.cs.kuleuven.be/events/essos/2009/

Series	Lecture Notes in Computer Science
Number	5429
ISSN	0302-9743

Keywords

Design cases
Common Criteria
Security Engineering

Access to Document

10.1007/978-3-642-00199-4_10

SFX availability

Full text

Cite this

@inproceedings{20ba3fda19a648538bfcb17df291e542,

title = "CC-based Design of Secure Application Systems",

abstract = "This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secure workflow system, all of them specified to achieve CC assurance level EAL3. The methodology is described and strengths and weaknesses of using the Common Criteria in this way are discussed. In general, the systematic methodology was found to be a good support for the designers, enabling them to produce an effective and secure design, starting with the formulation of a Protection Profile and ending with a concrete design, within the project timeframe.",

keywords = "Design cases, Common Criteria, Security Engineering",

author = "Robin Sharp",

year = "2009",

doi = "10.1007/978-3-642-00199-4_10",

language = "English",

isbn = "978-3-642-00198-7",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

number = "5429",

pages = "111--121",

editor = "{De Win}, B. and F. Massacci and S. Redwine and N. Zannone",

booktitle = "Engineering Secure Software and Systems",

note = "International Symposium on Engineering Secure Software and Systems, ESSoS'09 ; Conference date: 04-02-2009 Through 06-02-2009",

url = "https://distrinet.cs.kuleuven.be/events/essos/2009/",

}

TY - GEN

T1 - CC-based Design of Secure Application Systems

AU - Sharp, Robin

PY - 2009

Y1 - 2009

N2 - This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secure workflow system, all of them specified to achieve CC assurance level EAL3. The methodology is described and strengths and weaknesses of using the Common Criteria in this way are discussed. In general, the systematic methodology was found to be a good support for the designers, enabling them to produce an effective and secure design, starting with the formulation of a Protection Profile and ending with a concrete design, within the project timeframe.

AB - This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secure workflow system, all of them specified to achieve CC assurance level EAL3. The methodology is described and strengths and weaknesses of using the Common Criteria in this way are discussed. In general, the systematic methodology was found to be a good support for the designers, enabling them to produce an effective and secure design, starting with the formulation of a Protection Profile and ending with a concrete design, within the project timeframe.

KW - Design cases

KW - Common Criteria

KW - Security Engineering

U2 - 10.1007/978-3-642-00199-4_10

DO - 10.1007/978-3-642-00199-4_10

M3 - Article in proceedings

SN - 978-3-642-00198-7

T3 - Lecture Notes in Computer Science

SP - 111

EP - 121

BT - Engineering Secure Software and Systems

A2 - De Win, B.

A2 - Massacci, F.

A2 - Redwine, S.

A2 - Zannone, N.

PB - Springer

T2 - International Symposium on Engineering Secure Software and Systems

Y2 - 4 February 2009 through 6 February 2009

ER -

CC-based Design of Secure Application Systems

Abstract

Conference

Keywords

Access to Document

SFX availability

Fingerprint

Cite this