Object-oriented development: the fusion method
Object-oriented development: the fusion method
Problem frames: analyzing and structuring software development problems
Problem frames: analyzing and structuring software development problems
A Problem-Oriented Approach to Common Criteria Certification
SAFECOMP '02 Proceedings of the 21st International Conference on Computer Safety, Reliability and Security
A Comparison of the Common Criteria with Proposals of Information Systems Security Requirements
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
A Formal Metamodel for Problem Frames
MoDELS '08 Proceedings of the 11th international conference on Model Driven Engineering Languages and Systems
DEPCOS-RELCOMEX '09 Proceedings of the 2009 Fourth International Conference on Dependability of Computer Systems
Introducing Vulnerability Awareness to Common Criteria's Security Targets
ICSEA '09 Proceedings of the 2009 Fourth International Conference on Software Engineering Advances
A comparison of security requirements engineering methods
Requirements Engineering - Special Issue on RE'09: Security Requirements Engineering; Guest Editors: Eric Dubois and Haralambos Mouratidis
A UML profile for requirements analysis of dependable software
SAFECOMP'10 Proceedings of the 29th international conference on Computer safety, reliability, and security
Applying a security requirements engineering process
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
UML4PF -- A tool for problem-oriented requirements analysis
RE '11 Proceedings of the 2011 IEEE 19th International Requirements Engineering Conference
Hi-index | 0.00 |
In order to gain their customers' trust, software vendors can certify their products according to security standards, e.g., the Common Criteria (ISO 15408). However, a Common Criteria certification requires a comprehensible documentation of the software product. The creation of this documentation results in high costs in terms of time and money. We propose a software development process that supports the creation of the required documentation for a Common Criteria certification. Hence, we do not need to create the documentation after the software is built. Furthermore, we propose to use an enhanced version of the requirements-driven software engineering process called ADIT to discover possible problems with the establishment of Common Criteria documents. We aim to detect these issues before the certification process. Thus, we avoid expensive delays of the certification effort. ADIT provides a seamless development approach that allows consistency checks between different kinds of UML models. ADIT also supports traceability from security requirements to design documents. We illustrate our approach with the development of a smart metering gateway system.