Article ID | Journal | Published Year | Pages | File Type |
---|---|---|---|---|
550793 | Information and Software Technology | 2006 | 8 Pages |
Abstract
At the specification phase, the developer of an IT security product identifies and documents applicable security objectives. Specifications are often intuitive and hard to assess and while being syntactically correct may still fail to appropriately capture the security problem addressed. A technique is proposed for expressing Common Criteria compliant security environments and security objectives for high assurance IT security products. The technique is validated by an analysis of the security specification for a device computing digital signatures within the European Union PKI framework. Modifications to the specification are proposed and the possibility of extending the CC treatment of security objectives is discussed.
Keywords
Related Topics
Physical Sciences and Engineering
Computer Science
Human-Computer Interaction
Authors
Jussipekka Leiwo, Lam-For Kwok, Douglas L. Maskell, Nenad Stankovic,