Using Common Criteria Methodology to Express Informal Security Requirements

Loading...
Thumbnail Image
Authors
Nguyen, Thuy D.
Irvine, Cynthia E.
Kane, Douglas R.
Subjects
Advisors
Date of Issue
2006-03-00
Date
Publisher
Proc. International Symposium on Secure Software Engineering, Arlington, VA, March 2006
Language
Abstract
Often, security requirements for complex systems are hard to discern because it is difficult to determine which requirements must be allocated to the system and which pertain to the system environment. In the Common Criteria framework, threat analysis results in a set of objectives that can be subdivided into two major categories: those allocated to the system itself, and the remainder to the environment. By differentiating between these two types of objectives, it is possible to avoid inappropriate requirements specification. Moving beyond systems intended to undergo evaluation; we show that the Common Criteria methodology is effective in requirements analysis for informally specified systems. As a demonstration, a worked example using a Common Criteria-based process for a requirements analysis of an on-line dissemination system is presented.
Type
Article
Description
Series/Report No
Department
Computer Science (CS)
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Proc. International Symposium on Secure Software Engineering, Arlington, VA, March 2006, pp. 75-85.
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections