Aligning security requirements and security assurance using the common criteria

Kenji Taguchi*, Nobukazu Yoshioka, Takayuki Tobita, Hiroyuki Kaneko

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

This paper presents a new approach, which attempts to provide a basic framework in which security requirements and security assurance can be aligned in a uniform and concise way in a single requirements modelling methodology. This framework aims at providing security requirements modelling method for the system development as well as security assurance under the Common Criteria (IEC/ISO 15408), an international standard for security assurance and evaluation for IT products. We will adopt use case diagrams as a basis for this modelling method and extend them based on a meta model derived from the Common Criteria, which includes all relevant security concepts and their relationships for an analysis of security threats. We take Multi Function Peripherals (MFPs) as a working example and demonstrate how our proposed modelling method can effectively elicit/analyze security requirements in this paper.

Original languageEnglish
Title of host publicationSSIRI 2010 - 4th IEEE International Conference on Secure Software Integration and Reliability Improvement
Pages69-77
Number of pages9
DOIs
Publication statusPublished - 2010
Externally publishedYes
Event4th IEEE International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2010 - Singapore, Singapore
Duration: 2010 Jun 92010 Jun 11

Publication series

NameSSIRI 2010 - 4th IEEE International Conference on Secure Software Integration and Reliability Improvement

Conference

Conference4th IEEE International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2010
Country/TerritorySingapore
CitySingapore
Period10/6/910/6/11

Keywords

  • Assurance
  • Common criteria
  • Requirements
  • Security

ASJC Scopus subject areas

  • Software
  • Safety, Risk, Reliability and Quality

Cite this