Abstract
The paper deals with the Common Criteria assurance methodology, particularly vulnerability assessment which is the key activity of the IT security evaluation process. Vulnerability assessment is specified by the Common Criteria Evaluation Methodology (CEM). The paper is focused on software support for vulnerability assessment. As the implementation platform, a ready-made risk management software developed by the author’s organization is applied. The paper includes introduction to the vulnerability assessment, review of the existing methods and tools, specification of the CEM-based method to be implemented in the software, implementation and short exemplification. The conclusions summarize the validation and propose future works to extend and improve the tool.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Common Criteria for IT Security Evaluation, part 1–3, version 3.1 rev. 4 (2012). http://www.commoncriteriaportal.org/. Accessed 10 Mar 2017
Common Criteria Portal Home page. http://www.commoncriteriaportal.org/. Accessed 10 Mar 2017
Hermann, D.S.: Using the Common Criteria for IT Security Evaluation. CRC Press, Boca Raton (2003)
Higaki, W.H.: Successful Common Criteria Evaluation. A Practical Guide for Vendors. Copyright 2010 by Wesley Hisao Higaki, Lexington (2011)
Bialas, A.: Intelligent sensors security. Sensors 10, 822–859 (2010)
Bialas, A.: Common criteria related security design patterns—validation on the intelligent sensor example designed for mine environment. Sensors 10, 4456–4496 (2010)
Bialas, A.: Common criteria related security design patterns for intelligent sensors—knowledge engineering-based implementation. Sensors 11, 8085–8114 (2011)
Bialas, A.: Computer-aided sensor development focused on security issues. Sensors 16, 759. http://www.mdpi.com/1424-8220/16/6/759. Accessed 10 Mar 2017
Common Methodology for Information Technology Security Evaluation, version 3.1 rev. 4 (2012). http://www.commoncriteriaportal.org/. Accessed 10 Mar 2017
ISO/IEC TR 15446: Information technology—Security techniques—Guide for the production of Protection Profiles and Security Targets (2009)
Bundesamt für Sicherheit in der Informationstechnik. Guidelines for Developer Documentation according to Common Criteria, Version 3.1 (2007)
CC Toolbox. http://niatec.info/ViewPage.aspx?id=44. Accessed 10 Mar 2017
Horie, D., Yajima, K., Azimah, N., Goto, Y., Cheng, J.: GEST: a generator of ISO/IEC 15408 security target templates. In: Lee, R., Hu, G., Miao, H. (eds.) Computer and Information Science 2009. SCI, vol. 208, pp. 149–158. Springer, Heidelberg (2009). http://link.springer.com/chapter/10.1007%2F978-3-642-01209-9_14#page-1. Accessed 10 Mar 2017
TL SET. http://trusted-labs.com/security-consulting/tools-training/tl-set/. Accessed 10 Mar 2017
CCMODE: Common Criteria compliant, Modular, Open IT security Development Environment’. http://www.commoncriteria.pl/. Accessed 10 Mar 2017
Goertzel, K.M., Winograd, T.: (Contributor): Information Assurance Tools Report – Vulnerability Assessment. 6th edn. Information Assurance Technology Analysis Center (IATAC), USA (2011)
ISO 31000:2009, Risk management – Principles and guidelines
ISO/IEC 31010:2009 – Risk Management—Risk Assessment Techniques
Bagiński, J., Rogowski, D.: Software support for enhanced risk management. In: Rostański, M., Pikiewicz, P., Buchwald, P., Maczka, K. (eds.): Proceedings of the XI International Scientific Conference Internet in the Information Society, Publishing University of Dąbrowa Górnicza, Cieszyn, Poland, 22–23 September 2016, pp. 369–388 (2016)
ISO/IEC TS 30104 Information technology—Security Techniques—Physical Security Attacks, Mitigation Techniques and Security Requirements (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Bialas, A. (2018). Software Support of the Common Criteria Vulnerability Assessment. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Advances in Dependability Engineering of Complex Systems. DepCoS-RELCOMEX 2017. Advances in Intelligent Systems and Computing, vol 582. Springer, Cham. https://doi.org/10.1007/978-3-319-59415-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-59415-6_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-59414-9
Online ISBN: 978-3-319-59415-6
eBook Packages: EngineeringEngineering (R0)