Article

A security specification verification technique based on the international standard ISO/IEC 15408

Authors:

Shoichi Morimoto,

Shinjiro Shigematsu,

Yuichi Goto,

Jingde ChengAuthors Info & Claims

SAC '06: Proceedings of the 2006 ACM symposium on Applied computing

Pages 1802 - 1803

https://doi.org/10.1145/1141277.1141701

Published: 23 April 2006 Publication History

Get Access

Abstract

This paper proposes a security specification verification technique based on the international standard ISO/IEC 15408. We formalized the security criteria of ISO/IEC 15408 and developed the verification technique of security specifications based on the formalized criteria with formal methods. With the technique, one can formally verify whether or not specifications satisfy the security criteria of ISO/IEC 15408. Ambiguity and/or oversight about security in specifications written in natural language can also be detected.

References

[1]

Advanced Information Systems Engineering Laboratory. Security Functional Requirement Management Database. Saitama University. http://queen.aise.ics.saitama-u.ac.jp/

Google Scholar

[2]

Y. Bertot and P. Casteran. Interactive Theorem Proving and Program Development. Springer-Verlag. 2004.

Digital Library

Google Scholar

[3]

Common Criteria Org. Evaluated Product Files. http://www.commoncriteriaportal.org/public/files/epfiles/

Google Scholar

[4]

ISO/IEC 13568 Standard. Information Technology - Z Formal Specification Notation - Syntax, Type System and Semantics. 2002.

Google Scholar

[5]

ISO/IEC 15408 Standard. Common Criteria for Information Technology Security Evaluation Version 2.2 Revision 256. 2004.

Google Scholar

[6]

ORA Canada. Z/EVES. http://www.ora.on.ca/z-eves/welcome.html

Google Scholar

[7]

S. Morimoto and J. Cheng. Patterning Protection Profiles by UML for Security Specifications. In Proc. of the IEEE 2005 International Conference on Intelligent Agents, Web Technology and Internet Commerce (IAWTIC'05), November 2005.

Digital Library

Google Scholar

[8]

S. Morimoto and J. Cheng. Modeling Protection Profiles by UML and their Formal Verification. IEICE Trans., Vol. J89-D, No.4, April 2006 (in Japanese).

Google Scholar

[9]

S. Morimoto, S. Shigematsu, Y. Goto, and J. Cheng. A Security Specification Verification Technique Using Theorem Proving and Model Checking Based on the International Standard ISO/IEC 15408. In Proc. of the Second Symposium on Science and Technology for System Verification, pages, 12--23, National Institute of Advanced Industrial Science and Technology, October 2005 (in Japanese).

Google Scholar

[10]

B. Potter, J. Sinclair, and D. Till. An Introduction to Formal Specification and Z 2nd Edition. International Series in Computer Science, Prentice-Hall, 1996.

Digital Library

Google Scholar

Cited By

View all

Shoniregun CDube KMtenzi FShoniregun CDube KMtenzi F(2010)Laws and Standards for Secure e-Healthcare InformationElectronic Healthcare Information Security10.1007/978-0-387-84919-5_3(59-100)Online publication date: 2010
https://doi.org/10.1007/978-0-387-84919-5_3
Morimoto SHorie DCheng J(2006)A security requirement management database based on ISO/IEC 15408Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III10.1007/11751595_1(1-10)Online publication date: 8-May-2006
https://dl.acm.org/doi/10.1007/11751595_1
Morimoto SJingde Cheng (2005)Patterning Protection Profiles by UML for Security SpecificationsInternational Conference on Computational Intelligence for Modelling, Control and Automation and International Conference on Intelligent Agents, Web Technologies and Internet Commerce (CIMCA-IAWTIC'06)10.1109/CIMCA.2005.1631590(946-951)Online publication date: 2005
https://doi.org/10.1109/CIMCA.2005.1631590

Index Terms

A security specification verification technique based on the international standard ISO/IEC 15408
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Formal software verification
  2. Software organization and properties
    1. Software functional properties
      1. Formal methods

Recommendations

Formal verification of security specifications with common criteria
SAC '07: Proceedings of the 2007 ACM symposium on Applied computing

This paper proposes a formalization and verification technique for security specifications, based on common criteria. Generally, it is difficult to define reliable security properties that should be applied to validate an information system. Therefore, ...
A Supporting Tool for IT System Security Specification Evaluation Based on ISO/IEC 15408 and ISO/IEC 18045
Trends and Applications in Knowledge Discovery and Data Mining
Abstract
In evaluation and certification framework based on ISO/IEC 15408 and ISO/IEC 18045, a Security Target, which contains the specifications of all security functions of the target system, is the most important document. Evaluation on Security Targets ...
Evaluating the security levels of the Web-Portals based on the standard ISO/IEC 15408
SoICT '18: Proceedings of the 9th International Symposium on Information and Communication Technology

Evaluating the security level of the Web-Portal is an urgent need, but it is not yet paid enough attention. A quantitative method is a key factor in analyzing security level evaluation. The formal model of the standard ISO/IEC 15408 and some other ...

Comments

Information & Contributors

Information

Published In

SAC '06: Proceedings of the 2006 ACM symposium on Applied computing

April 2006

1967 pages

ISBN:1595931082

DOI:10.1145/1141277

Conference Chair:
Hisham M. Haddad
Kennesaw State University, Kennesaw, Georgia

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 April 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SAC06

Sponsor:

SIGAPP

SAC06: The 2006 ACM Symposium on Applied Computing

April 23 - 27, 2006

Dijon, France

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25

Sponsor:
sigapp

The 40th ACM/SIGAPP Symposium on Applied Computing

March 31 - April 4, 2025

Catania , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
391
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Shoniregun CDube KMtenzi FShoniregun CDube KMtenzi F(2010)Laws and Standards for Secure e-Healthcare InformationElectronic Healthcare Information Security10.1007/978-0-387-84919-5_3(59-100)Online publication date: 2010
https://doi.org/10.1007/978-0-387-84919-5_3
Morimoto SHorie DCheng J(2006)A security requirement management database based on ISO/IEC 15408Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III10.1007/11751595_1(1-10)Online publication date: 8-May-2006
https://dl.acm.org/doi/10.1007/11751595_1
Morimoto SJingde Cheng (2005)Patterning Protection Profiles by UML for Security SpecificationsInternational Conference on Computational Intelligence for Modelling, Control and Automation and International Conference on Intelligent Agents, Web Technologies and Internet Commerce (CIMCA-IAWTIC'06)10.1109/CIMCA.2005.1631590(946-951)Online publication date: 2005
https://doi.org/10.1109/CIMCA.2005.1631590

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Formal verification of security specifications with common criteria

A Supporting Tool for IT System Security Specification Evaluation Based on ISO/IEC 15408 and ISO/IEC 18045

Evaluating the security levels of the Web-Portals based on the standard ISO/IEC 15408

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations