liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Introducing Vulnerability Awareness to Common Criteria's Security Targets
Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
2009 (English)In: The Fourth International Conference on Software Engineering Advances, Portugal, IEEE Computer Society , 2009, 419-424 p.Conference paper, Published paper (Refereed)
Abstract [en]

Security of software systems has become one of the biggest concerns in our everyday life, since software systems are increasingly used by individuals, companies and governments. One way to help software system consumers gain assurance about the security measures of software products is to evaluate and certify these products with standard evaluation processes. The Common Criteria (ISO/IEC 15408) evaluation scheme is a standard that is widely used by software vendors. This process does not include information about already known vulnerabilities, their attack data and lessons learned from them. This has resulted in criticisms concerning the accuracy of this evaluation scheme since it might not address the areas in which actual vulnerabilities might occur.

In this paper, we present a methodology that introduces information about threats from vulnerabilities to Common Criteria documents. Our methodology improves the accuracy of the Common Criteria by providing information about known vulnerabilities in Common Criteria’s security target. Our methodology also provides documentation about how to fulfill certain security requirements, which can reduce the time for evaluation of the products.

 

Place, publisher, year, edition, pages
IEEE Computer Society , 2009. 419-424 p.
Keyword [en]
Common Criteria, Security target, vulnerability modeling, vulnerability cause mitigation, vulnerability cause graph, security activity graph
National Category
Computer Science
Identifiers
URN: urn:nbn:se:liu:diva-19813DOI: 10.1109/ICSEA.2009.67ISBN: 978-0-7695-3777-1 (print)ISBN: 978-1-4244-4779-4 (print)OAI: oai:DiVA.org:liu-19813DiVA: diva2:229025
Conference
The Fourth International Conference on Software Engineering Advances
Available from: 2009-08-10 Created: 2009-08-10 Last updated: 2014-08-26

Open Access in DiVA

No full text

Other links

Publisher's full textLink to Conference

Authority records BETA

Ardi, ShanaiShahmehri, Nahid

Search in DiVA

By author/editor
Ardi, ShanaiShahmehri, Nahid
By organisation
The Institute of TechnologyDatabase and information techniques
Computer Science

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 106 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf