Common Criteria requirements modeling and its uses for Quality of Information Assurance (QoIA)

Deepak S. Yavagal, Seok Won Lee, Gail-Joon Ahn, Robin A. Gandhi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Citations (Scopus)

Abstract

The Common Criteria for Information Technology Security Evaluation (CCITSE), usually referred to as the Common Criteria (CC), establishes a level of trustworthiness and confidence that should be placed in the security functions of products or systems and the assurance measures applied to them. CC achieves this by evaluating the product or system conformance with a common set of requirements set forth by it. To engineer a product that meets the information assurance goals of CC, a structured and comprehensive methodology is required to drive the activities undertaken in all the stages of the software requirements engineering (RE) process. Such a methodology is inevitable to understand and attain the Quality of Information Assurance (QoIA). As an effort in this direction, we focus on the use of object-oriented ontology modeling as an effective way of representing and enforcing the given common set of requirements established by CC. Our methodology leverages novel techniques from software requirement engineering and knowledge engineering. This paper also describes how this methodology can effectively realize CC-related requirements of the target systems and help evaluate such systems for conformance to the certification and accreditation (C&A) process.

Original languageEnglish (US)
Title of host publicationProceedings of the Annual Southeast Conference
Pages2130-2135
Number of pages6
Volume2
DOIs
StatePublished - 2005
Externally publishedYes
Event43rd Annual Association for Computing Machinery Southeast Conference, ACMSE '05 - Kennesaw, GA, United States
Duration: Mar 18 2005Mar 20 2005

Other

Other43rd Annual Association for Computing Machinery Southeast Conference, ACMSE '05
CountryUnited States
CityKennesaw, GA
Period3/18/053/20/05

Fingerprint

Requirements engineering
Knowledge engineering
Accreditation
Information technology
Ontology
Engineers

Keywords

  • Common Criteria
  • Information assurance metrics & measures
  • Ontology
  • Requirements modeling

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Yavagal, D. S., Won Lee, S., Ahn, G-J., & Gandhi, R. A. (2005). Common Criteria requirements modeling and its uses for Quality of Information Assurance (QoIA). In Proceedings of the Annual Southeast Conference (Vol. 2, pp. 2130-2135) https://doi.org/10.1145/1167253.1167287

Common Criteria requirements modeling and its uses for Quality of Information Assurance (QoIA). / Yavagal, Deepak S.; Won Lee, Seok; Ahn, Gail-Joon; Gandhi, Robin A.

Proceedings of the Annual Southeast Conference. Vol. 2 2005. p. 2130-2135.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Yavagal, DS, Won Lee, S, Ahn, G-J & Gandhi, RA 2005, Common Criteria requirements modeling and its uses for Quality of Information Assurance (QoIA). in Proceedings of the Annual Southeast Conference. vol. 2, pp. 2130-2135, 43rd Annual Association for Computing Machinery Southeast Conference, ACMSE '05, Kennesaw, GA, United States, 3/18/05. https://doi.org/10.1145/1167253.1167287
Yavagal DS, Won Lee S, Ahn G-J, Gandhi RA. Common Criteria requirements modeling and its uses for Quality of Information Assurance (QoIA). In Proceedings of the Annual Southeast Conference. Vol. 2. 2005. p. 2130-2135 https://doi.org/10.1145/1167253.1167287
Yavagal, Deepak S. ; Won Lee, Seok ; Ahn, Gail-Joon ; Gandhi, Robin A. / Common Criteria requirements modeling and its uses for Quality of Information Assurance (QoIA). Proceedings of the Annual Southeast Conference. Vol. 2 2005. pp. 2130-2135
@inproceedings{108ed0c652c94c54b3d7899f397c2f80,
title = "Common Criteria requirements modeling and its uses for Quality of Information Assurance (QoIA)",
abstract = "The Common Criteria for Information Technology Security Evaluation (CCITSE), usually referred to as the Common Criteria (CC), establishes a level of trustworthiness and confidence that should be placed in the security functions of products or systems and the assurance measures applied to them. CC achieves this by evaluating the product or system conformance with a common set of requirements set forth by it. To engineer a product that meets the information assurance goals of CC, a structured and comprehensive methodology is required to drive the activities undertaken in all the stages of the software requirements engineering (RE) process. Such a methodology is inevitable to understand and attain the Quality of Information Assurance (QoIA). As an effort in this direction, we focus on the use of object-oriented ontology modeling as an effective way of representing and enforcing the given common set of requirements established by CC. Our methodology leverages novel techniques from software requirement engineering and knowledge engineering. This paper also describes how this methodology can effectively realize CC-related requirements of the target systems and help evaluate such systems for conformance to the certification and accreditation (C&A) process.",
keywords = "Common Criteria, Information assurance metrics & measures, Ontology, Requirements modeling",
author = "Yavagal, {Deepak S.} and {Won Lee}, Seok and Gail-Joon Ahn and Gandhi, {Robin A.}",
year = "2005",
doi = "10.1145/1167253.1167287",
language = "English (US)",
isbn = "1595930590",
volume = "2",
pages = "2130--2135",
booktitle = "Proceedings of the Annual Southeast Conference",

}

TY - GEN

T1 - Common Criteria requirements modeling and its uses for Quality of Information Assurance (QoIA)

AU - Yavagal, Deepak S.

AU - Won Lee, Seok

AU - Ahn, Gail-Joon

AU - Gandhi, Robin A.

PY - 2005

Y1 - 2005

N2 - The Common Criteria for Information Technology Security Evaluation (CCITSE), usually referred to as the Common Criteria (CC), establishes a level of trustworthiness and confidence that should be placed in the security functions of products or systems and the assurance measures applied to them. CC achieves this by evaluating the product or system conformance with a common set of requirements set forth by it. To engineer a product that meets the information assurance goals of CC, a structured and comprehensive methodology is required to drive the activities undertaken in all the stages of the software requirements engineering (RE) process. Such a methodology is inevitable to understand and attain the Quality of Information Assurance (QoIA). As an effort in this direction, we focus on the use of object-oriented ontology modeling as an effective way of representing and enforcing the given common set of requirements established by CC. Our methodology leverages novel techniques from software requirement engineering and knowledge engineering. This paper also describes how this methodology can effectively realize CC-related requirements of the target systems and help evaluate such systems for conformance to the certification and accreditation (C&A) process.

AB - The Common Criteria for Information Technology Security Evaluation (CCITSE), usually referred to as the Common Criteria (CC), establishes a level of trustworthiness and confidence that should be placed in the security functions of products or systems and the assurance measures applied to them. CC achieves this by evaluating the product or system conformance with a common set of requirements set forth by it. To engineer a product that meets the information assurance goals of CC, a structured and comprehensive methodology is required to drive the activities undertaken in all the stages of the software requirements engineering (RE) process. Such a methodology is inevitable to understand and attain the Quality of Information Assurance (QoIA). As an effort in this direction, we focus on the use of object-oriented ontology modeling as an effective way of representing and enforcing the given common set of requirements established by CC. Our methodology leverages novel techniques from software requirement engineering and knowledge engineering. This paper also describes how this methodology can effectively realize CC-related requirements of the target systems and help evaluate such systems for conformance to the certification and accreditation (C&A) process.

KW - Common Criteria

KW - Information assurance metrics & measures

KW - Ontology

KW - Requirements modeling

UR - http://www.scopus.com/inward/record.url?scp=77953740851&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77953740851&partnerID=8YFLogxK

U2 - 10.1145/1167253.1167287

DO - 10.1145/1167253.1167287

M3 - Conference contribution

AN - SCOPUS:77953740851

SN - 1595930590

SN - 9781595930590

VL - 2

SP - 2130

EP - 2135

BT - Proceedings of the Annual Southeast Conference

ER -