Secure systems development based on the common criteria: The PaIME project

Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering

Volumn , Issue , 2002, Pages 129-138

  Vetterling, Monika ^a   Wimmel, Guido ^b   Wisspeintner, Alexander ^b  

^a Beratung und Entwicklung GmbH   (Germany)

^b TECHNICAL UNIVERSITY OF MUNICH   (Germany)

Author keywords

AutoFocus; CASE; Case study; Common criteria; Development process; Formal methods; Graphical description techniques; Requirements engineering; Security engineering; Software design; Software engineering

Indexed keywords

COMPUTER AIDED SOFTWARE ENGINEERING; COMPUTER HARDWARE DESCRIPTION LANGUAGES; HAND HELD COMPUTERS; INTERNET; REQUIREMENTS ENGINEERING; SYSTEMS ANALYSIS;

COMMON CRITERIA; EVALUATION ASSURANCE LEVELS; MODEL CHECKING; SYSTEMS DEVELOPMENT;

SECURITY OF DATA;

EID: 0038348212     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (23)

1. R. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley 2001
2. M. Burrows, M. Abadi, and R. Needham, A logic of authentication. Proceedings of the Royal Society of London A, 426:233-271, 1989.
3. Common criteria for information technology security evaluation version 2.1. Technical report, 1999. URL: http://www.commoncriteria.org/docs/index.html.
4. Common criteria for information technology security evaluation supplement: Vulnerability analysis and penetration testing. Technical report, 2002. URL: http://www.commoncriteria.org/review_docs/index.html.
5. D. F. D'Souza and A. C. Wills. Objects, Components and Frameworks with UML: the Catalysis Approach. Addison Wesley Object Technology Series, 1999
6. M. Grantz, F. Marschall, G. Popp, A. Rausch, and W. Schwerin. Towards a living software development process based on process patterns. In V. Ambriola, editor, Proceedings of the Eight European Workshop on Software Process Technology 2001, Lecture Notes in Computer Science 2077, pages 182-202. Springer, 2001
7. F. Huber, S. Molterer, A. Rausch, B. Schätz, M. Sihling, and O. Slotosch. Tool supported Specification and Simulation of Distributed Systems. In International Symposium on Software Engineering for Parallel and Distributed Systems, pages 155-164, 1998.
8. F. Huber, S. Molterer, B. Schätz, O. Slotosch, and A. Vilbig. Traffic Lights - An AutoFocus Case Study. In 1998 International Conference on Application of Concurrency to System Design, pages 282-294. IEEE Computer Society, 1998
9. IABG. V-Modell 97, 1999. URL:http://www.-modell.iabg.de/ (in German).
10. ITSEC. Information Technology Security Evaluation Criteria-Harmonised Criteria of France, Germany, the Netherlands, the United Kingdom, May 1990. Version 1.
11. J. Jürjens and G. Wimmel. Security modelling for electronic commerce: The Common Electronic Purse Specifications. In 1st IFIP Conference on E-Commerce. E-Business and E-Government. Kluwer, 2001
12. G. Lowe. Breaking and fixing the Needham-Schroeder Public-Key Protocol using FDR. In Margaria and Steffen, editors, TACAS, volume 1055 of Lecture Notes on Computer Science, pages 147-166, Springer, 1996.
13. D. A. Mahony, M. Peirce, and H. Tewari. Electronic Payment Systems. Artech House Publishers, 1997
14. K. L. McMillan. Symbolic Model Checking. Kluwer Academic Publishers, Boston, 1993
15. PalME-Team. PalME secure Palm-based Money Exchange - Project Homepage, 2001, URL:http://www4.in.tum.de/~palme/ (in German).
16. L. C. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6(1-2): 85-128, 1998.
17. J. Philipps and O. Slotosch. The Quest for Correct Systems: Model Checking of Diagrams and Datatypes. In Asia Pacific Software Engineering Conference 1999, 1999.
18. O. Slotosch. Quest: Overview over the Project. In D. Hutter. W. Stephan, P. Traverso, and M. Ullmann, editors, Applied Formal Methods - FM-Trends 98, pages 346-350. Springer LNCS 1641, 1998
19. I. Somerville. Software Engineering. Addison Wesley, 2000
20. W. Swartout and R. Balzer. On the Inevitable Interleaving of Specification and Implementation. Communications of the ACM, 25(7), 1982.
21. M. Vetterling. Security Engineering nach den Common Criteria - eine Fallstudie. Master's thesis, Technische Universität Müchen, Aug. 2001
22. G. Wimmel, H. Lötzbeyer, A. Pretschner, and O. Slotosch. Specification Based Test Sequence Generation with Propositional Logic. Journal on Software Testing Verification and Reliability, 10, 2000
23. G. Wimmel and A. Wißpeintner. Extended description techniques for security engineering. In 16th International Conference on Information Security (IFIP/SEC 2001). Kluwer, 2001