{"title":"Aspect-oriented reuse mechanism for security targets and protection profiles","authors":"Y. Goto, Huilin Chen, Da Bao","doi":"10.1109/ICSESS.2014.6933536","DOIUrl":null,"url":null,"abstract":"Common Criteria (CC) is an international standard for evaluation and certification of IT products. Although a security target (ST) is an important and central document used in the security evaluation process of CC, creating STs is not so easy task for most of software engineers. On the other hand, there are dependency relations among several elements of an ST and a protection profile (PP). Elements of an ST/PP are elements of mandatory contents of STs/PPs defined in CC part 1, e.g., security problems, security objectives, security requirements, and so on. If there is a same element in both an ST/PP and other ST/PP, then what to describe and how to describe elements that depend on the same element are probably similar. Such same element and its dependent elements are a cross-cutting concern among the STs/PPs. Although retrieving cross-cutting concerns among certified STs and PPs are useful for creation and evaluation of STs and PPs, it is difficult, not impossible, to do that because certified STs and PPs are published as PDF files. This paper presents an aspect-oriented reuse mechanism for STs and PPs to help creation and evaluation of STs. The paper also shows technical issues and current implementation of the mechanism.","PeriodicalId":6473,"journal":{"name":"2014 IEEE 5th International Conference on Software Engineering and Service Science","volume":"19 1","pages":"161-164"},"PeriodicalIF":0.0000,"publicationDate":"2014-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE 5th International Conference on Software Engineering and Service Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSESS.2014.6933536","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Common Criteria (CC) is an international standard for evaluation and certification of IT products. Although a security target (ST) is an important and central document used in the security evaluation process of CC, creating STs is not so easy task for most of software engineers. On the other hand, there are dependency relations among several elements of an ST and a protection profile (PP). Elements of an ST/PP are elements of mandatory contents of STs/PPs defined in CC part 1, e.g., security problems, security objectives, security requirements, and so on. If there is a same element in both an ST/PP and other ST/PP, then what to describe and how to describe elements that depend on the same element are probably similar. Such same element and its dependent elements are a cross-cutting concern among the STs/PPs. Although retrieving cross-cutting concerns among certified STs and PPs are useful for creation and evaluation of STs and PPs, it is difficult, not impossible, to do that because certified STs and PPs are published as PDF files. This paper presents an aspect-oriented reuse mechanism for STs and PPs to help creation and evaluation of STs. The paper also shows technical issues and current implementation of the mechanism.
CC (Common Criteria)是一个用于评估和认证IT产品的国际标准。虽然安全目标(ST)是CC安全评估过程中重要的中心文件,但对于大多数软件工程师来说,创建ST并不是一件容易的事情。另一方面,ST和保护配置文件(PP)的几个要素之间存在依赖关系。ST/PP的要素是在CC第1部分中定义的ST/PP的强制性内容的要素,例如,安全问题、安全目标、安全要求等。如果在一个ST/PP和其他ST/PP中都有相同的元素,那么描述什么以及如何描述依赖于同一元素的元素可能是相似的。这些相同的元素及其相关的元素是化粪池/PPs之间的交叉关注。虽然检索经认证的化粪池和pp之间的交叉关注点对创建和评估化粪池和pp很有用,但很难做到这一点,因为经认证的化粪池和pp是以PDF文件的形式发布的。本文提出了一种面向方面的STs和pp重用机制,以帮助STs的创建和评估。文章还介绍了该机制的技术问题和目前的实施情况。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
