A security specification verification technique based on the international standard ISO/IEC 15408

Authors:
Shoichi Morimoto;Shinjiro Shigematsu;Yuichi Goto;Jingde Cheng
Affiliations:
Saitama University, Saitama, Japan;Saitama University, Saitama, Japan;Saitama University, Saitama, Japan;Saitama University, Saitama, Japan
Venue:
Proceedings of the 2006 ACM symposium on Applied computing
Year:
2006

Citing 3
Cited 1

An introduction to formal specification and Z

An introduction to formal specification and Z
Interactive Theorem Proving and Program Development

Interactive Theorem Proving and Program Development
Patterning Protection Profiles by UML for Security Specifications

CIMCA '05 Proceedings of the International Conference on Computational Intelligence for Modelling, Control and Automation and International Conference on Intelligent Agents, Web Technologies and Internet Commerce Vol-2 (CIMCA-IAWTIC'06) - Volume 02

A security requirement management database based on ISO/IEC 15408

ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper proposes a security specification verification technique based on the international standard ISO/IEC 15408. We formalized the security criteria of ISO/IEC 15408 and developed the verification technique of security specifications based on the formalized criteria with formal methods. With the technique, one can formally verify whether or not specifications satisfy the security criteria of ISO/IEC 15408. Ambiguity and/or oversight about security in specifications written in natural language can also be detected.