Incorporating User-oriented Security into CC

    Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review


    Current versions of the Common Criteria concentrate very heavily on technical security issues which are relevant for the design of secure systems. This approach largely ignores a number of questions which can have great significance for whether or not the system can be operated securely in an environment which contains not only other computer systems, but also human users. A case study involving the design of a secure medical instrumentation system will be used to illustrate the problems involved in incorporating user requirements into a secure design, so that system, when implemented, will help users to understand whether they are operating the system in a secure manner, thus avoiding user-related pitfalls such as leaking of confidential data as a result of inappropriate input, loss of patient privacy, inappropriate user reactions due to slow system response, or other similar threats not currently dealt with in CC. Tentative proposals for extensions to the current classes of SFRs will be made on the basis of the analysis of the case.
    Original languageEnglish
    Title of host publicationProceedings of 10th ICCC
    Publication date2009
    Publication statusPublished - 2009
    Event10th International Common Criteria Conference - Tromsø, Norway
    Duration: 22 Sep 200924 Sep 2009
    Conference number: 10


    Conference10th International Common Criteria Conference


    • Common Criteria
    • IT Security


    Dive into the research topics of 'Incorporating User-oriented Security into CC'. Together they form a unique fingerprint.

    Cite this