Secure systems development based on the common criteria: the PalME project
Proceedings of the 10th ACM SIGSOFT symposium on Foundations of software engineering
Annals of Software Engineering
Guest Editors' Introduction: Ontologies
IEEE Intelligent Systems
Ontology as a Requirements Engineering Product
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Does the Common Criteria Paradigm Have a Future?
IEEE Security and Privacy
Hi-index | 0.00 |
The Common Criteria for Information Technology Security Evaluation (CCITSE), usually referred to as the Common Criteria (CC), establishes a level of trustworthiness and confidence that should be placed in the security functions of products or systems and the assurance measures applied to them. CC achieves this by evaluating the product or system conformance with a common set of requirements set forth by it. To engineer a product that meets the information assurance goals of CC, a structured and comprehensive methodology is required to drive the activities undertaken in all the stages of the software requirements engineering (RE) process. Such a methodology is inevitable to understand and attain the Quality of Information Assurance (QoIA). As an effort in this direction, we focus on the use of object-oriented ontology modeling as an effective way of representing and enforcing the given common set of requirements established by CC. Our methodology leverages novel techniques from software requirement engineering and knowledge engineering. This paper also describes how this methodology can effectively realize CC-related requirements of the target systems and help evaluate such systems for conformance to the certification and accreditation (C&A) process.