CC-based Design of Secure Application Systems

    Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

    Abstract

    This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secure workflow system, all of them specified to achieve CC assurance level EAL3. The methodology is described and strengths and weaknesses of using the Common Criteria in this way are discussed. In general, the systematic methodology was found to be a good support for the designers, enabling them to produce an effective and secure design, starting with the formulation of a Protection Profile and ending with a concrete design, within the project timeframe.
    Original languageEnglish
    Title of host publicationEngineering Secure Software and Systems
    EditorsB. De Win, F. Massacci, S. Redwine, N. Zannone
    PublisherSpringer
    Publication date2009
    Pages111-121
    ISBN (Print)978-3-642-00198-7
    DOIs
    Publication statusPublished - 2009
    EventInternational Symposium on Engineering Secure Software and Systems - Leuven, Belgium
    Duration: 4 Feb 20096 Feb 2009
    https://distrinet.cs.kuleuven.be/events/essos/2009/

    Conference

    ConferenceInternational Symposium on Engineering Secure Software and Systems
    CountryBelgium
    CityLeuven
    Period04/02/200906/02/2009
    Internet address
    SeriesLecture Notes in Computer Science
    Number5429
    ISSN0302-9743

    Keywords

    • Design cases
    • Common Criteria
    • Security Engineering

    Fingerprint Dive into the research topics of 'CC-based Design of Secure Application Systems'. Together they form a unique fingerprint.

    Cite this