Objects, components, and frameworks with UML: the catalysis approach
Objects, components, and frameworks with UML: the catalysis approach
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
On the inevitable intertwining of specification and implementation
Communications of the ACM
Extended description techniques for security engineering
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
Symbolic Model Checking
Software Engineering
Electronic Payment Systems
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Security Modelling for Electronic Commerce: The Common Electronic Purse Specifications
I3E '01 Proceedings of the IFIP Conference on Towards The E-Society: E-Commerce, E-Business, E-Government
The Quest for Correct Systems: Model Checking of Diagrams and Datatypes
APSEC '99 Proceedings of the Sixth Asia Pacific Software Engineering Conference
Traffic Lights - An AutoFocus Case Study
CSD '98 Proceedings of the 1998 International Conference on Application of Concurrency to System Design
Tool Supported Specification and Simulation of Distributed Systems
PDSE '98 Proceedings of the International Symposium on Software Engineering for Parallel and Distributed Systems
Towards agile security assurance
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Extending XP practices to support security requirements engineering
Proceedings of the 2006 international workshop on Software engineering for secure systems
Common criteria requirements modeling and its uses for quality of information assurance (QoIA)
Proceedings of the 43rd annual Southeast regional conference - Volume 2
Model-Based Security Engineering of Distributed Information Systems Using UMLsec
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Model-based security analysis for mobile communications
Proceedings of the 30th international conference on Software engineering
Report: CC-Based Design of Secure Application Systems
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Retrofitting security into a web-based information system
ICWE'03 Proceedings of the 2003 international conference on Web engineering
A framework for security assurance in component based development
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part II
Hi-index | 0.00 |
Security is a very important issue in information processing, especially in open network environments like the Internet. The Common Criteria (CC)is the standard requirements catalogue for the evaluation of security critical systems. Using the CC, a large number of security requirements on the system itself and on the system development can be defined. However, the CC does not give methodological support. In this paper, we show how integrate security aspects into the software engineering process. The activities and documents from the Common Criteria are tightly intertwined with the system development, which improves the quality of the developed system and reduces the additional cost and effort due to high security requirements. For modelling and verification of critical parts of the system, we use formal description techniques and model checking (supported by the graphical CASE tool AutoFocus, which increases both the understanding of the system specification and the system's reliability. We demonstrate our ideas by means of a case-study, the PalME project---an electronic purse application for Palm handhelds.