Abstract
This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secure workflow system, all of them specified to achieve CC assurance level EAL3. The methodology is described and strengths and weaknesses of using the Common Criteria in this way are discussed. In general, the systematic methodology was found to be a good support for the designers, enabling them to produce an effective and secure design, starting with the formulation of a Protection Profile and ending with a concrete design, within the project timeframe.
Original language | English |
---|---|
Title of host publication | Engineering Secure Software and Systems |
Editors | B. De Win, F. Massacci, S. Redwine, N. Zannone |
Publisher | Springer |
Publication date | 2009 |
Pages | 111-121 |
ISBN (Print) | 978-3-642-00198-7 |
DOIs | |
Publication status | Published - 2009 |
Event | International Symposium on Engineering Secure Software and Systems - Leuven, Belgium Duration: 4 Feb 2009 → 6 Feb 2009 https://distrinet.cs.kuleuven.be/events/essos/2009/ |
Conference
Conference | International Symposium on Engineering Secure Software and Systems |
---|---|
Country/Territory | Belgium |
City | Leuven |
Period | 04/02/2009 → 06/02/2009 |
Internet address |
Series | Lecture Notes in Computer Science |
---|---|
Number | 5429 |
ISSN | 0302-9743 |
Keywords
- Design cases
- Common Criteria
- Security Engineering