Abstract
Software vendors have to build their customers’ trust through appropriate security functionalities of their products. The Common Criteria (ISO 15408) security standard provides an evaluation process for a software product, the application of which results in a set of documents that can be reviewed by a certification body. Creating this comprehensible set of documents is difficult, due to a detailed threat analysis, security objectives elicitation, and a selection and implementation of appropriate security measures. Moreover, the descriptions of what to do in the document are given in ambiguous natural language. We propose a model-driven approach for Common Criteria threat analysis and the subsequent security analysis based on the problem frames security requirements engineering method. Our method contains a UML profile that aligns the problem frames and Common Criteria concepts and terminology. Furthermore, we provide OCL checks for these models for consistency and reasoning support. In addition, our tool support contains a functionality to transform the information stored in UML models to natural language texts in LaTeX and HTML format. We illustrate the application of our approach for a smart grid example based on a published Common Criteria protection profile.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The CC uses the term threat agent for attacker. However, we use attacker as a synonym for threat agent in this work.
- 2.
This extension is available under the following homepage: http://www.uml4pf.org/ext-cc/.
- 3.
The ACCELEO homepage: http://www.acceleo.org/pages/home/en.
- 4.
Note that the in the upper left corner the tool states that the validation is suspended. The reason is that we paused the validation for taking this screenshot.
References
Ardi, S., & Shahmehri, N. (2009). Introducing vulnerability awareness to common criteria’s security targets. In Proceedings of the Fourth International Conference on Software Engineering Advances. ICSEA (pp. 419–424). IEEE Computer Society.
Beckers, K., Côté, I., Hatebur, D., Faßbender, S., & Heisel, M. (2013a). Common criteria compliant software development (CC-CASD). In Proceedings 28th Symposium on Applied Computing (pp. 937–943). ACM.
Beckers, K., Hatebur, D., & Heisel, M. (2013b). A problem-based threat analysis in compliance with common criteria. In Proceedings of the International Conference on Availability, Reliability and Security (ARES) (pp. 111–120). IEEE Computer Society.
Beckers, K., Hatebur, D., & Heisel, M. (2014). Supporting common criteria security analysis with problem frames. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), 5(1), 37–63.
Bialas, A. (2009). Ontology-based security problem definition and solution for the common criteria compliant development process. In Proceedings of the Fourth International Conference on Dependability of Computer Systems. DepCos-RELCOMEX (pp. 3–10). IEEE Computer Society.
Białas, A. (2009). Ontological approach to the it security development. In E. Tkacz & A. Kapczynski (Eds.), Internet—technical development and applications (Vol. 64, p. 261–269). Springer Berlin/Heidelberg.
BSI. (2011). Protection Profile for the Gateway of a Smart Metering System (Gateway PP) (Version 01.01.01(final draft)). Bonn, Germany: Bundesamt für Sicherheit in der Informationstechnik (BSI)—Federal Office for Information Security Germany. (https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/SmartMeter/PP-SmartMeter.pdf?_blob=publicationFile).
BSI. (2013). Protection Profile for the Security Module of a Smart Meter Gateway (Security Module PP) (Version 1.0)). Bonn, Germany: Bundesamt für Sicherheit in der Informationstechnik (BSI)—Federal Office for Information Security Germany. https://www.commoncriteriaportal.org/files/ppfiles/pp0077b_pdf.pdf).
Chang, S.-C., & Fan, C.-F. (2010). Construction of an ontology-based common criteria review tool. In Proceedings of the 2010 International Computer Symposium (ICS) (pp. 907–912). IEEE Computer Society.
Côté, I. (2012). A systematic approach to software evolution. Baden-Baden: Deutscher Wissenschafts-Verlag.
Dhillon, D. (2011). Developer-driven threat modeling: Lessons learned in the trenches. IEEE Security and Privacy, 9(4), 41–47. IEEE Computer Society.
Ekelhart, A., Fenz, S., & Neubauer, T. (2009). AURUM: A framework for information security risk management. In Proceedings of the Hawaii International Conference on System Sciences (HICSS) (pp. 1–10). IEEE Computer Society.
Fabian, B., Gürses, S., Heisel, M., Santen, T., & Schmidt, H. (2010). A comparison of security requirements engineering methods. Requirements Engineering—Special Issue on Security Requirements Engineering, 15(1), 7–40.
Haley, C. B., Laney, C. R., Moffett, D. J., & Nuseibeh, B. (2008). Security requirements engineering: A framework for representation and analysis. IEEE Transactions on Software Engineering, 34(1), 133–153.
Hatebur, D. (2012). Pattern and component-based development of dependable systems. Baden-Baden: Deutscher Wissenschafts-Verlag.
Howard, M., & Lipner, S. (2006). The security development lifecycle: SDL: A process for developing demonstrably more secure software. Redmond: Microsoft Press.
ISO/IEC. (2012). Common Criteria for Information Technology Security Evaluation (ISO/IEC 15408). Geneva, Switzerland: International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC).
Jackson, M. (2001). Problem frames. Analyzing and structuring software development problems. New York: Addison-Wesley.
Lin, L., Nuseibeh, B., Ince, D. C., & Jackson, M. (2004). Using abuse frames to bound the scope of security problems. In Proceedings of the Requirements Engineering Conference (RE) (pp. 354–355). IEEE Computer Society.
Lund, M. S., Solhaug, B., & Stølen, K. (2010). Model-driven risk analysis: The CORAS approach (1st ed.). Berlin: Springer.
Massacci, F., Mylopoulos, J., & Zannone, N. (2010). Security requirements engineering: The SI* modeling language and the secure tropos methodology. Advances in Intelligent Information Systems, 265, 147–174.
Mayer, N. (2009). Model-based management of information system security risk. Unpublished doctoral dissertation, University of Namur.
Mayer, N., Heymans, P., & Matulevicius, R. (2007). Design of a modelling language for information system security risk management. In Proceedings of the International Conference on Research Challenges in Information Science (RCIS) (pp. 121–132). IEEE Computer Society.
Mellado, D., Fernandez-Medina, E., & Piattini, M. (2006a). A comparison of the common criteria with proposals of information systems security requirements. In The First International Conference on Availability, Reliability and Security. ARES (pp. 654–661). IEEE Computer Society.
Moffett, J. D., Haley, C. B., & Nuseibeh, B. (2004). Core security requirements artefacts. Technical Report No. 2004/23. Milton Keynes, United Kingdom: The Open University, UK.
Rottke, T., Hatebur, D., Heisel, M., & Heiner, M. (2002). A problem-oriented approach to common criteria certification. In Proceedings of the 21st International Conference on Computer Safety, Reliability and Security (pp. 334–346). Berlin: Springer.
Schmidt, H. (2010). A pattern- and component-based method to develop secure software. Baden-Baden: Deutscher Wissenschafts-Verlag.
Schneider, K., Knauss, E., Houmb, S., Islam, S., & Jürjens, J. (2012). Enhancing security requirements engineering by organizational learning. Requirements Engineering, 17, 35–56.
UML Revision Task Force. (2010a). OMG object constraint language: Reference.
UML Revision Task Force. (2010b, May). OMG unified modeling language: Superstructure.
van Lamsweerde, A. (2009). Requirements engineering: From system goals to UML models to software specifications (1st ed.). Chichester: Wiley.
Yin, L., & Qiu, F.-L. (2010). A novel method of security requirements development integrated common criteria. In Proceedings of the International Conference on Computer Design and Applications (ICCDA) (pp. 531–535). IEEE Computer Society.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Beckers, K. (2015). Supporting Common Criteria Security Analysis with Problem Frames. In: Pattern and Security Requirements. Springer, Cham. https://doi.org/10.1007/978-3-319-16664-3_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-16664-3_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-16663-6
Online ISBN: 978-3-319-16664-3
eBook Packages: Computer ScienceComputer Science (R0)