Common Criteria requirements modeling and its uses for Quality of Information Assurance (QoIA)

Deepak S. Yavagal, Seok Won Lee, Gail Joon Ahn, Robin A. Gandhi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

11 Scopus citations

Abstract

The Common Criteria for Information Technology Security Evaluation (CCITSE), usually referred to as the Common Criteria (CC), establishes a level of trustworthiness and confidence that should be placed in the security functions of products or systems and the assurance measures applied to them. CC achieves this by evaluating the product or system conformance with a common set of requirements set forth by it. To engineer a product that meets the information assurance goals of CC, a structured and comprehensive methodology is required to drive the activities undertaken in all the stages of the software requirements engineering (RE) process. Such a methodology is inevitable to understand and attain the Quality of Information Assurance (QoIA). As an effort in this direction, we focus on the use of object-oriented ontology modeling as an effective way of representing and enforcing the given common set of requirements established by CC. Our methodology leverages novel techniques from software requirement engineering and knowledge engineering. This paper also describes how this methodology can effectively realize CC-related requirements of the target systems and help evaluate such systems for conformance to the certification and accreditation (C&A) process.

Original languageEnglish (US)
Title of host publicationProceedings of the 43rd Annual Association for Computing Machinery Southeast Conference, ACMSE '05
Pages2130-2135
Number of pages6
DOIs
StatePublished - 2005
Externally publishedYes
Event43rd Annual Association for Computing Machinery Southeast Conference, ACMSE '05 - Kennesaw, GA, United States
Duration: Mar 18 2005Mar 20 2005

Publication series

NameProceedings of the Annual Southeast Conference
Volume2

Other

Other43rd Annual Association for Computing Machinery Southeast Conference, ACMSE '05
Country/TerritoryUnited States
CityKennesaw, GA
Period3/18/053/20/05

Keywords

  • Common Criteria
  • Information assurance metrics & measures
  • Ontology
  • Requirements modeling

ASJC Scopus subject areas

  • General Computer Science

Fingerprint

Dive into the research topics of 'Common Criteria requirements modeling and its uses for Quality of Information Assurance (QoIA)'. Together they form a unique fingerprint.

Cite this