liu.seSök publikationer i DiVA
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Introducing Vulnerability Awareness to Common Criteria's Security Targets
Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
2009 (Engelska)Ingår i: The Fourth International Conference on Software Engineering Advances, Portugal, IEEE Computer Society , 2009, s. 419-424Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Security of software systems has become one of the biggest concerns in our everyday life, since software systems are increasingly used by individuals, companies and governments. One way to help software system consumers gain assurance about the security measures of software products is to evaluate and certify these products with standard evaluation processes. The Common Criteria (ISO/IEC 15408) evaluation scheme is a standard that is widely used by software vendors. This process does not include information about already known vulnerabilities, their attack data and lessons learned from them. This has resulted in criticisms concerning the accuracy of this evaluation scheme since it might not address the areas in which actual vulnerabilities might occur.

In this paper, we present a methodology that introduces information about threats from vulnerabilities to Common Criteria documents. Our methodology improves the accuracy of the Common Criteria by providing information about known vulnerabilities in Common Criteria’s security target. Our methodology also provides documentation about how to fulfill certain security requirements, which can reduce the time for evaluation of the products.

 

Ort, förlag, år, upplaga, sidor
IEEE Computer Society , 2009. s. 419-424
Nyckelord [en]
Common Criteria, Security target, vulnerability modeling, vulnerability cause mitigation, vulnerability cause graph, security activity graph
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
URN: urn:nbn:se:liu:diva-19813DOI: 10.1109/ICSEA.2009.67ISBN: 978-0-7695-3777-1 (tryckt)ISBN: 978-1-4244-4779-4 (tryckt)OAI: oai:DiVA.org:liu-19813DiVA, id: diva2:229025
Konferens
The Fourth International Conference on Software Engineering Advances
Tillgänglig från: 2009-08-10 Skapad: 2009-08-10 Senast uppdaterad: 2018-01-13

Open Access i DiVA

Fulltext saknas i DiVA

Övriga länkar

Förlagets fulltextLink to Conference

Personposter BETA

Ardi, ShanaiShahmehri, Nahid

Sök vidare i DiVA

Av författaren/redaktören
Ardi, ShanaiShahmehri, Nahid
Av organisationen
Tekniska högskolanDatabas och informationsteknik
Datavetenskap (datalogi)

Sök vidare utanför DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetricpoäng

doi
isbn
urn-nbn
Totalt: 191 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf