Secure systems development based on the common criteria: the PalME project

Authors:
Monika Vetterling;Guido Wimmel;Alexander Wisspeintner
Affiliations:
Beratung und Entwicklung GmbH, Unterhaching, Germany;Technische Universität München, Garching, Germany;Technische Universität München, Garching, Germany
Venue:
ACM SIGSOFT Software Engineering Notes
Year:
2002

Citing 13
Cited 2

Objects, components, and frameworks with UML: the catalysis approach

Objects, components, and frameworks with UML: the catalysis approach
The inductive approach to verifying cryptographic protocols

Journal of Computer Security
On the inevitable intertwining of specification and implementation

Communications of the ACM
Extended description techniques for security engineering

Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
Security Engineering: A Guide to Building Dependable Distributed Systems

Security Engineering: A Guide to Building Dependable Distributed Systems
Symbolic Model Checking

Symbolic Model Checking
Software Engineering

Software Engineering
Electronic Payment Systems

Electronic Payment Systems
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR

TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Security Modelling for Electronic Commerce: The Common Electronic Purse Specifications

I3E '01 Proceedings of the IFIP Conference on Towards The E-Society: E-Commerce, E-Business, E-Government
The Quest for Correct Systems: Model Checking of Diagrams and Datatypes

APSEC '99 Proceedings of the Sixth Asia Pacific Software Engineering Conference
Traffic Lights - An AutoFocus Case Study

CSD '98 Proceedings of the 1998 International Conference on Application of Concurrency to System Design
Tool Supported Specification and Simulation of Distributed Systems

PDSE '98 Proceedings of the International Symposium on Software Engineering for Parallel and Distributed Systems

Controlling security of software development with multi-agent system

KES'10 Proceedings of the 14th international conference on Knowledge-based and intelligent information and engineering systems: Part IV
Requirements for identity management from the perspective of multilateral interactions

Digital privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security is a very important issue in information processing, especially in open network environments like the Internet. The Common Criteria (CC) is the standard requirements catalogue for the evaluation of security critical systems. Using the CC, a large number of security requirements on the system itself and on the system development can be defined. However, the CC does not give methodological support.In this paper, we show how integrate security aspects into the software engineering process. The activities and documents from the Common Criteria are tightly intertwined with the system development, which improves the quality of the developed system and reduces the additional cost and effort due to high security requirements. For modelling and verification of critical parts of the system, we use formal description techniques and model checking (supported by the graphical CASE tool AUTOFOCUS), which increases both the understanding of the system specification and the system's reliability. We demonstrate our ideas by means of a case-study, the PalME project--an electronic purse application for Palm handhelds.