Abstract
Security is a very important issue in information processing, especially in open network environments like the Internet. The Common Criteria (CC) is the standard requirements catalogue for the evaluation of security critical systems. Using the CC, a large number of security requirements on the system itself and on the system development can be defined. However, the CC does not give methodological support.In this paper, we show how integrate security aspects into the software engineering process. The activities and documents from the Common Criteria are tightly intertwined with the system development, which improves the quality of the developed system and reduces the additional cost and effort due to high security requirements. For modelling and verification of critical parts of the system, we use formal description techniques and model checking (supported by the graphical CASE tool AUTOFOCUS), which increases both the understanding of the system specification and the system's reliability. We demonstrate our ideas by means of a case-study, the PalME project--an electronic purse application for Palm handhelds.
- R. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, 2001.]] Google ScholarDigital Library
- M. Burrows, M. Abadi, and R. Needham. A logic of authentication. Proceedings of the Royal Society of London A, 426:233-271, 1989.]]Google ScholarCross Ref
- Common criteria for information technology security evaluation version 2.1. Technical report, 1999. URL: http://www.commoncriteria.org/docs/index, html.]]Google Scholar
- Common criteria for information technology security evaluation supplement: Vulnerability analysis and penetration testing. Technical report, 2002. URL: http://www.commoncriteria.org/review_docs/index.html.]]Google Scholar
- D. F. D'Souza and A. C. Wills. Objects, Components and Frameworks with UML; the Catalysis Approach. Addison Wesley Object Technology Series, 1999.]] Google ScholarDigital Library
- M. Gnatz, F. Marschall, G. Popp, A. Rausch, and W. Schwerin. Towards a living software development process based on process patterns. In V. Ambriola, editor, Proceedings of the Eight European Workshop on Software Process Technology 2001, Lecture Notes in Computer Science 2077, pages 182-202. Springer, 2001.]] Google ScholarDigital Library
- F. Huber, S. Molterer, A. Rausch, B. Schätz, M. Sihling, and O. Slotosch. Tool supported Specification and Simulation of Distributed Systems. In International Symposium on Software Engineering for Parallel and Distributed Systems, pages 155-164, 1998.]] Google ScholarDigital Library
- F. Huber, S. Molterer, B. Schätz, O. Slotosch, and A. Vilbig. Traffic Lights -- An AutoFocus Case Study. In 1998 International Conference on Application of Concurrency to System Design, pages 282-294. IEEE Computer Society, 1998.]] Google ScholarDigital Library
- IABG. V-Modell 97, 1999. URL: http://www.v-modell.iabg.de/ (in German).]]Google Scholar
- ITSEC. Information Technology Security Evaluation Criteria--Harmonised Criteria of France, Germany, the Netherlands, the United Kingdom, May 1990. Version 1.]]Google Scholar
- J. Jürjens and G. Wimmel. Security modelling for electronic commerce: The Common Electronic Purse Specifications. In 1st IFIP Conference on E-Commerce, E-Business and E-Government. Kluwer, 2001.]] Google ScholarDigital Library
- G. Lowe. Breaking and fixing the Needham-Schroeder Public-Key Protocol using FDR. In Margaria and Steffen, editors, TACAS, volume 1055 of Lecture Notes on Computer Science, pages 147-166. Springer, 1996.]] Google ScholarDigital Library
- D. A. Mahony, M. Peirce, and H. Tewari. Electronic Payment Systems. Artech House Publishers, 1997.]] Google ScholarDigital Library
- K. L. McMillan. Symbolic Model Checking. Kluwer Academic Publishers, Boston, 1993.]] Google ScholarDigital Library
- PalME-Team. PalME secure Palm-based Money Exchange -- Project Homepage, 2001. URL: http://www4.in.tum.de/~palme/ (in German).]]Google Scholar
- L. C. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6(1-2):85-128, 1998.]] Google ScholarCross Ref
- J. Philipps and O. Slotosch. The Quest for Correct Systems: Model Checking of Diagramms and Datatypes. In Asia Pacific Software Engineering Conference 1999, 1999.]] Google ScholarDigital Library
- O. Slotosch. Quest: Overview over the Project. In D. Hutter, W. Stephan, P. Traverso, and M. Ullmann, editors, Applied Formal Methods - FM-Trends 98, pages 346-350. Springer LNCS 1641, 1998.]] Google ScholarDigital Library
- I. Somerville. Software Engineering. Addison Wesley, 2000.]] Google ScholarDigital Library
- W. Swartout and R. Balzer. On the Inevitable Interleaving of Specification and Implementation. Communications of the ACM, 25(7), 1982.]] Google ScholarDigital Library
- M. Vetterling. Security Engineering nach den Common Criteria -- eine Fallstudie. Master's thesis, Technische Universität München, Aug. 2001.]]Google Scholar
- G. Wimmel, H. Lötzbeyer, A. Pretschner, and O. Slotosch. Specification Based Test Sequence Generation with Propositional Logic. Journal on Software Testing Verification and Reliability, 10, 2000.]]Google Scholar
- G. Wimmel and A. Wißpeintner. Extended description techniques for security engineering. In 16th International Conference on Information Security (IFIP/SEC 2001). Kluwer, 2001.]] Google ScholarDigital Library
Index Terms
- Secure systems development based on the common criteria: the PalME project
Recommendations
Common criteria compliant software development (CC-CASD)
SAC '13: Proceedings of the 28th Annual ACM Symposium on Applied ComputingIn order to gain their customers' trust, software vendors can certify their products according to security standards, e.g., the Common Criteria (ISO 15408). However, a Common Criteria certification requires a comprehensible documentation of the software ...
Secure systems development based on the common criteria: the PalME project
SIGSOFT '02/FSE-10: Proceedings of the 10th ACM SIGSOFT symposium on Foundations of software engineeringSecurity is a very important issue in information processing, especially in open network environments like the Internet. The Common Criteria (CC)is the standard requirements catalogue for the evaluation of security critical systems. Using the CC, a ...
Extended description techniques for security engineering
Sec '01: Proceedings of the 16th international conference on Information security: Trusted information: the new decade challengeThere is a strong demand for techniques to aid development and modelling of security critical systems. Based on general security evaluation criteria, we show how to extend the system structure diagrams of the CASE tool AutoFocus (which are related to ...
Comments