Security policy modeling using Z notation for common criteria version 3.1

Authors:
Junkil Park;Jin-Young Choi
Affiliations:
Theory and Fonnal Methods Laboratory;Theory and Fonnal Methods Laboratory
Venue:
ICACT'09 Proceedings of the 11th international conference on Advanced Communication Technology - Volume 1
Year:
2009

Citing 2
Cited 0

The certification of the Mondex electronic purse to ITSEC Level E6

Formal Aspects of Computing
A formal security policy for xenon

Proceedings of the 6th ACM workshop on Formal methods in security engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Common Criteria for Information Technology Security Evaluation (CC) is an international standard for evaluating secure computer systems. To obtain high Evaluation Assurance Level, CC requires formalism in the Development class. In the Security Policy Modeling of CC v3.1, the use of formal methods is mandatory. This paper gives a guideline for developing formal security policy model with Z notation in CC v3.1. We compare CC v3.1 to CC v2.3 with respect to security policy model. We explain a structure of formal security policy model written in Z, and provide a formal security policy model of a smart card operating system as an example.