Skip to main content
SpringerLink
Log in

Software Support of the Common Criteria Vulnerability Assessment

  • Conference paper
  • First Online:
Advances in Dependability Engineering of Complex Systems (DepCoS-RELCOMEX 2017)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 582))

Included in the following conference series:

Abstract

The paper deals with the Common Criteria assurance methodology, particularly vulnerability assessment which is the key activity of the IT security evaluation process. Vulnerability assessment is specified by the Common Criteria Evaluation Methodology (CEM). The paper is focused on software support for vulnerability assessment. As the implementation platform, a ready-made risk management software developed by the author’s organization is applied. The paper includes introduction to the vulnerability assessment, review of the existing methods and tools, specification of the CEM-based method to be implemented in the software, implementation and short exemplification. The conclusions summarize the validation and propose future works to extend and improve the tool.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Common Criteria for IT Security Evaluation, part 1–3, version 3.1 rev. 4 (2012). http://www.commoncriteriaportal.org/. Accessed 10 Mar 2017

  2. Common Criteria Portal Home page. http://www.commoncriteriaportal.org/. Accessed 10 Mar 2017

  3. Hermann, D.S.: Using the Common Criteria for IT Security Evaluation. CRC Press, Boca Raton (2003)

    Google Scholar 

  4. Higaki, W.H.: Successful Common Criteria Evaluation. A Practical Guide for Vendors. Copyright 2010 by Wesley Hisao Higaki, Lexington (2011)

    Google Scholar 

  5. Bialas, A.: Intelligent sensors security. Sensors 10, 822–859 (2010)

    Article  Google Scholar 

  6. Bialas, A.: Common criteria related security design patterns—validation on the intelligent sensor example designed for mine environment. Sensors 10, 4456–4496 (2010)

    Article  Google Scholar 

  7. Bialas, A.: Common criteria related security design patterns for intelligent sensors—knowledge engineering-based implementation. Sensors 11, 8085–8114 (2011)

    Article  Google Scholar 

  8. Bialas, A.: Computer-aided sensor development focused on security issues. Sensors 16, 759. http://www.mdpi.com/1424-8220/16/6/759. Accessed 10 Mar 2017

  9. Common Methodology for Information Technology Security Evaluation, version 3.1 rev. 4 (2012). http://www.commoncriteriaportal.org/. Accessed 10 Mar 2017

  10. ISO/IEC TR 15446: Information technology—Security techniques—Guide for the production of Protection Profiles and Security Targets (2009)

    Google Scholar 

  11. Bundesamt für Sicherheit in der Informationstechnik. Guidelines for Developer Documentation according to Common Criteria, Version 3.1 (2007)

    Google Scholar 

  12. CC Toolbox. http://niatec.info/ViewPage.aspx?id=44. Accessed 10 Mar 2017

  13. Horie, D., Yajima, K., Azimah, N., Goto, Y., Cheng, J.: GEST: a generator of ISO/IEC 15408 security target templates. In: Lee, R., Hu, G., Miao, H. (eds.) Computer and Information Science 2009. SCI, vol. 208, pp. 149–158. Springer, Heidelberg (2009). http://link.springer.com/chapter/10.1007%2F978-3-642-01209-9_14#page-1. Accessed 10 Mar 2017

  14. TL SET. http://trusted-labs.com/security-consulting/tools-training/tl-set/. Accessed 10 Mar 2017

  15. CCMODE: Common Criteria compliant, Modular, Open IT security Development Environment’. http://www.commoncriteria.pl/. Accessed 10 Mar 2017

  16. Goertzel, K.M., Winograd, T.: (Contributor): Information Assurance Tools Report – Vulnerability Assessment. 6th edn. Information Assurance Technology Analysis Center (IATAC), USA (2011)

    Google Scholar 

  17. ISO 31000:2009, Risk management – Principles and guidelines

    Google Scholar 

  18. ISO/IEC 31010:2009 – Risk Management—Risk Assessment Techniques

    Google Scholar 

  19. Bagiński, J., Rogowski, D.: Software support for enhanced risk management. In: Rostański, M., Pikiewicz, P., Buchwald, P., Maczka, K. (eds.): Proceedings of the XI International Scientific Conference Internet in the Information Society, Publishing University of Dąbrowa Górnicza, Cieszyn, Poland, 22–23 September 2016, pp. 369–388 (2016)

    Google Scholar 

  20. ISO/IEC TS 30104 Information technology—Security Techniques—Physical Security Attacks, Mitigation Techniques and Security Requirements (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Innovative Technologies EMAG, Leopolda 31, 40-189, Katowice, Poland

    Andrzej Bialas

Authors
  1. Andrzej Bialas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andrzej Bialas .

Editor information

Editors and Affiliations

  1. Department of Computer Engineering, Wrocław University of Technology Department of Computer Engineering, Wrocław, Poland

    Wojciech Zamojski

  2. Department of Computer Engineering, Wrocław University of Technology Department of Computer Engineering, Wrocław, Poland

    Jacek Mazurkiewicz

  3. Department of Computer Engineering, Wrocław University of Technology, Wroclaw, Poland

    Jarosław Sugier

  4. Department of Computer Engineering, Wrocław University of Technology Department of Computer Engineering, Wrocław, Poland

    Tomasz Walkowiak

  5. Systems Research Institute, Polish Academy of Sciences Systems Research Institute, Warsaw, Poland

    Janusz Kacprzyk

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Cite this paper

Bialas, A. (2018). Software Support of the Common Criteria Vulnerability Assessment. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Advances in Dependability Engineering of Complex Systems. DepCoS-RELCOMEX 2017. Advances in Intelligent Systems and Computing, vol 582. Springer, Cham. https://doi.org/10.1007/978-3-319-59415-6_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-59415-6_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-59414-9

  • Online ISBN: 978-3-319-59415-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation