Introducing vulnerability awareness to common criteria's security targets

4th International Conference on Software Engineering Advances, ICSEA 2009, Includes SEDES 2009: Simposio para Estudantes de Doutoramento em Engenharia de Software

Volumn , Issue , 2009, Pages 419-424

  Ardi, Shanai ^a   Shahmehri, Nahid ^a  

^a LINKÖPING UNIVERSITY   (Sweden)

Author keywords

Common criteria; Security activity graph; Security target; Vulnerability cause graph; Vulnerability cause mitigation; Vulnerability modeling

Indexed keywords

COMPUTER SOFTWARE;

COMMON CRITERIA; SECURITY ACTIVITIES; SECURITY TARGET; VULNERABILITY CAUSE GRAPH; VULNERABILITY CAUSE MITIGATION; VULNERABILITY MODELS;

ISO STANDARDS;

EID: 70749151816     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICSEA.2009.67     Document Type: Conference Paper

References (20)

1. N. R. Mead, "Security requirements engineering", Build Security In 2006-08-10, http://buildsecurityin.us-cert.gov/daisy/bsi/articles/ bestpractices/requirements/243.html, accessed August 2007.
2. Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 2, September 2007.
3. Committee on Government Reform House of Representatives, "Exploring Common Criteria: Can it assure that the federal government gets needed security in software?", Serial No. 108-126, September 2003.
4. SECTRA AB, http://www.sectra.com.
5. S. Ardi, D. Byers, N. Shahmehri, "Towards a structured unified process for software security", Proceedings of the ICSE 2006 workshop on Software Engineering for Secure Systems (SESS06), Shanghai, China, 2006.
6. D. Byers, S. Ardi, N. Shahmehri, C. Duma, "Modeling software vulnerabilities with vulnerability cause graphs", Proceedings of the International Conference on Software Maintenance (ICSM06), Philadelphia, USA, September 2006.
7. D. Byers, N. Shahmehri, "A cause-based approach to preventing software vulnerabilities", Proceedings of the International Conference on Availability, Reliability and Security (ARES08), Barcelona, Spain, March 2008.
8. M. S. Ware, J. B. Bowles, C. M. Eastman, "Using Common Criteria to elicit security requirements with use cases", Proceedings of the IEEE Southeast Conference, 2006.
9. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0513.
10. IBM Tivoli Access Manager for e-businnes 5.1 with Fixpack 06, Security Target CC Evaluation Document, ver. 1.0, April 2005, http://www. commoncriteriaportal.org/files/epfiles/0285b.pdf.
11. SHIELDS project, Deliverable D2.2, http://www.shields-project.eu, accessed April 2009.
12. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192.
13. D. Byers, N. Shahmehri, "Prioritisation and selection of software security activities", Proceedings of the International Conference on Availability, Reliability and Security (ARES09), Fukuoka, Japan, March 2009.
14. Common Criteria for Information Technology Security Evaluation, Version 2.1, August 1999.
15. CC ToolBox, Version 6.0f, http://pagenotes.com/writings/.
16. SecurityFocus. The SecurityFocus vulnerability database. http://www.securityfocus.com/.
17. NIST. The national vulnerability database. http://nvd.nist.gov/.
18. SHIELDS: Detecting known security vulnerabilities from within design and development tools, SHIELDS, http://www.shieldsproject.eu.
19. http://www.atsec.de/01/index.php?id=03-0002-01&news=127.
20. Report of the Defense Science Board Task Force on Mission Impact of Foreign Influence on DoD Software, Office of the Under Secretary of Defense For Acquisition, Technology and Logistics, Washington D.C., September 2007.