Semiformal Common Criteria compliant it security development framework

Andrzej Białas

Abstract


The monograph presents an IT Security Development Framework (ITSDF) based on the Common Criteria (ISO/IEC 15408) family of standards for the product designers and evaluators. The system, compliant with ISO/IEC TR 15446, is based on the enhanced generics, advanced functionality, recent information security management standards, and risk analysis. The concept presented in the monograph, dealing with the elaboration of the ITSDF framework, encompasses two basic issues:
- creating the means to build the security specifications; the means include defined enhanced generics and Common Criteria components for any stage of IT security development, i.e.: security problem definition, elaborating security objectives, requirements and functions,
- workout of the semiformal (UML/OCL-based) model of this development process, encompassing a data model and processes responsible for the issuing of the security specifications.
Using the UML/OCL-based framework presented there, a computer-aided tool was developed (ITSDF-tool). The main goal of creating this tool is to make the IT security developers’ activities easier and more effective. Due to the semiformal character of the Common Criteria and the UML methodologies, the framework presented there has a semiformal character as well. The formal method elements were introduced in the selected areas of this framework where they can bring real advantages, especially to improve the specification means.


Keywords


assurance; Common Criteria; computer aiding; designing; development; evaluation; formal method; framework; IT security; UML; OCL; modelling; security engineering; semiformal method

Full Text:

PDF

References


ACSA: http://www.acsac.org/waepssd.

Apted A.J., Carthigaser M, Lowe Ch.: Common Problems with the Common Criteria, Proceedings of the 3rd International Common Criteria Conference, May 2002.

AUTOFOCUS: http://autofocus.informatik.tu-muenchen.de.

AOSD: http://www.aosd.net/.

Białas A.: Wprowadzenie do problematyki projektowania i oceny zabezpieczeń teleinformatycznych, Studia Informatica vol. 22, Number 1(43), Silesian University of Technology Press, Gliwice 2001, pp. 263÷287 ("Introduction to IT security development and evaluation", in Polish).

Białas A.: Modelowanie i ocena zabezpieczeń teleinformatycznych, Studia Informatica vol. 23, Number 2B(49), Silesian University of Technology Press, Gliwice 2002, pp. 219÷232 ("Security modelling and evaluation", in Polish).

Białas A.: Sposób formalnego wyrażania własności bezpieczeństwa teleinformatycznego, Studia Informatica vol. 24, Number 2B(54), Silesian University of Technology Press, Gliwice 2003, pp. 265÷278 ("Formal description of the security features", in Polish).

Białas A.: Hierarchy of the Assets Model for the Information Technology Security Management, Archiwum Informatyki Teoretycznej i Stosowanej, Polska Akademia Nauk, vol. 15 (2003), z. 2, 2003, pp. 109÷120.

Białas A.: The automated support for the information and communications technology security management, Elektronnoje Modelirovanije, vol. 25, No. 4, Ukrainian National Academy of Sciences, 2003, pp. 39÷50.

Białas A.: Modelowanie zasobów teleinformatycznych oraz funkcji zabezpieczających według Wspólnych Kryteriów, Rozdział w: Grzywak A., Kwiecień A. (redakcja): Współczesne problemy sieci komputerowych - zastosowanie i bezpieczeństwo, Wydawnictwa Naukowo-Techniczne, 2004, pp. 351÷368. ("ICT Assets and security functions modelling - Common Criteria approach", in Polish).

Białas A.: The Assets Inventory for the Information and Communication Technologies Security Management, Archiwum Informatyki Teoretycznej i Stosowanej, Polska Akademia Nauk, vol. 16 (2004), z. 2, 2004, pp. 93÷108.

Białas A.: Bezpieczeństwo teleinformatyki - wzorcowa praktyka czy miara gwarantowana, Rozdział w: Marecki F., Grabara J.K., Nowak J.S. (red.): Systemy informatyczne - bankowość i finanse, Wydawnictwa Naukowo-Techniczne, 2004, pp. 323÷364, ("Information security management and IT security evaluation ", in Polish).

Białas A.: IT security development - computer-aided tool supporting design and evaluation, In: Kowalik J, Górski J., Sachenko A. (editors): Cyberspace Security and Defense: Research Issues, NATO reference: ARW 980492, NATO Science Series II, vol. 196, Springer, Dordrecht, 2005, pp. 3÷23.

Białas A.: Identifying the features of the IT security-related products for the IT development process according to Common Criteria, Archiwum Informatyki Teoretycznej i Stosowanej, Polska Akademia Nauk, vol. 17 (2005), z. 1, 2005, pp. 3÷18.

Białas A.: IT security modelling, In: Arabnia, H. R., Editor; Liwen He & Youngsong Mun, Associate Co Editors, Proceedings of the 2005 International Conference on Security and Management (The World Congress In Applied Computing - SAM'05: June, Las Vegas, USA), ISBN# 1 932415 82 3, Publisher: CSREA Press, 2005, pp. 502÷505.

Białas.: Critical information infrastructure protection - research issues and activities, In: Stepnowski A (Editor), Ruciński A.& Kosmowski K. (Co-Editors), Proceedings of the IEEE International Conference on Technologies for Homeland Security and Safety - TEHOSS'2005, Gdansk, September 28-30,2005, ISBN 83-917681-9-8, pp. 369÷374.

Białas A.: The ISMS Business Environment Elaboration Using a UML Approach, In: Zieliński K., Szmuc T. (editors): Software Engineering: Evolution and Emerging Technologies, IOS Press, Amsterdam, 2005, ISBN: 1 58603-559-2, pp. 99÷110.

Białas A.: A UML approach in the ISMS implementation, In: Dowland P., Furnell S., Thuraisingham B., Wang X.S. (eds): Security management, integrity, and internal control in information systems, IFIP TC-11 WG 11.1 & WG 11.5 Joint Working Conf., Springer Science + Business Media, New York 2005, ISBN-10:0-387-29826-6, pp. 285÷297.

Białas A.: Wspólne kryteria do projektowania i oceny zabezpieczeń, Szkolenie dla Centrum Analiz Kryptograficznych i Bezpieczeństwa Teleinformatycznego MON, Warszawa, 29-30 listopada 2005 ("Common Criteria for IT security development and evaluation - Training handbook for IT security labs", in Polish).

Białas A.: Information security systems vs. critical information infrastructure protection systems similarities and differences. In: Zamojski W., Mazurkiewicz J., Sugier J., Walkowiak T.: Proceedings of the International Conference on Dependability of Computer Systems DepCoS-RELCOMEX, May 2006, IEEE Computer Society Los Alamitos, Washington, Tokyo, 2006, ISBN 0-7695-2565-2, pp. 60÷67.

Białas A.: Using ISMS concept for critical information infrastructure protection. In: Balducelli A., Bologna S. (eds), Proceedings of the International Workshop on "Complex Network and Infrastructure Protection - CNIP'06", Italian National Agency for New Technologies, Energy and the Environment (ENEA), Rome, March 28-29, 2006, pp. 415÷426, http://ciip.casaccia.enea.it/cnip06

Białas A.: A semiformal approach to the security problem of the target of evaluation (TOE) modeling, In: Arabnia, H. R., Aissi S. (Editors), Vert G. L., Williams P.A.H. (Associate Co Editors), Proceedings of the 2006 International Conference on Security and Management (The World Congress In Applied Computing - SAM'06: June, Las Vegas, USA), ISBN# 1-60132-001-9, Publisher: CSREA Press, 2006, pp. 19÷25.

Białas A.: Bezpieczeństwo informacji i usług w nowoczesnej instytucji i firmie, Wydawnictwa Naukowo-Techniczne, Warszawa 2006, 2007, ISBN 83-204-3155-7 ("Information security within modern organizations and companies", in Polish).

Białas A.: Półformalna reprezentacja procesu projektowania zabezpieczeń tele-informatycznych, Rozdział w: Pochopień B., Kwiecień A., Grzywak A., Klamka J. (redakcja): Nowe technologie sieci komputerowych, Wydawnictwa Komunikacji i Łączności, 2006, pp. 329÷336 (,,Semiformal approach to the IT security development process", in Polish).

Białas A.: Development of an Integrated, Risk-based Platform for Information and E-services Security, In: Górski J.: Computer Safety, Reliability, and Security, 25th International Conference SAFECOMP2006, Lecture Notes in Computer Science (LNCS4166), Springer Verlag Berlin Heidelberg New York 2006, pp. 316÷329.

Białas A.: Specification of security environment of IT security-related products according to Common Criteria, Theoretical and Applied Informatics, ISSN 1896-5334, vol. 18 (2006) z. 2. pp. 141÷157.

Białas A.: Konstruowanie zabezpieczeń teleinformatycznych zgodnie ze standardem ISO/IEC 15408 - Common Criteria, "II Functional Safety Management Conference", Jurata, October 2007. ("CC-compliant IT security development process ", in Polish).

Białas A.: Semiformal framework for ICT security development, The 8th International Common Criteria Conference, Rome, 25-27 September 2007.

Białas A.: Modeling the Security Objectives According to the Common Criteria Methodology, In: Aissi S., Arabnia H. R. (Editors), Daimi K., Gligoroski D., Markowsky G., Solo A.M.G. (Associate Co Editors), Proc. of the 2007 International Conference on Security and Management (The World Congress In Applied Computing - SAM'07: June, Las Vegas, USA), ISBN# 1-60132-048-5, 2007, Publisher: CSREA Press, pp. 223÷229.

Białas A.: Semiformal Approach to the IT Security Development In: Zamojski W., Mazurkiewicz J., Sugier J., Walkowiak T: Proceedings of the International Conference on Dependability of Computer Systems DepCoS-RELCOMEX 2007, IEEE Computer Society, Los Alamitos, Washington, Tokyo, ISBN 0-7695-2850-3, pp. 3÷11.

Białas A., Lisek K.: Integrated, Business-Oriented, Two-Stage Risk Analysis, Journal of Information Assurance and Security (JIAS), vol. 2, issue 3, September 2007, www.dynamicpublishers.com/JIAS

Białas A.: Szkieletowy system konstruowania zabezpieczeń teleinformatycznych - przegląd i wyniki prac, Rozdział w: Kwiecień A., Ober J., Pochopień B., Gaj P. (redakcja): Sieci Komputerowe, Tom2 Aplikacje i Zastosowania, Wydawnictwa Komunikacji i Łączności, 2007, pp. 311÷320 (IT security development framework - a project overview and results, in Polish).

Białas A.: Advanced IT Security Development Process - through Enhancement of IT Security Development Process to Better Assurance, Chapter 13 in monograph: Kosmowski K.T. (Ed): Functional Safety Management In Critical Systems, Politechnika Gdańska, Fundacja Rozwoju Uniwersytetu Gdańskiego, Gdańsk 2007 (ISBN 978-83-7531-006-1).

B-Method/Tools: http://www.b-core.com

den Braber F, Lund S., Stolen K.: Using the CORAS Threat Modelling Language to Document Threat Scenarios for several Microsoft relevant Technologies, Report STF90 A04057, Sintef, 2004.

Booch G., Rumbaugh J., Jacobson I.: UML- Przewodnik użytkownika, Wyd. II, Wydawnictwa Naukowo-Techniczne, Warszawa 2002, ("The Unified Modeling Language - User Guide").

Cakir M.: Evaluation of organizational information systems according to CC and ISO 17799, 5th International CC Conference, Berlin, September 2004.

ISO/IEC 15408-1, Information technology - Security techniques - Evaluation criteria for IT security - Introduction and general model (Common Criteria Part I).

ISO/IEC 15408-2, Information technology - Security techniques - Evaluation criteria for IT security - Security functional requirements (Common Criteria Part 2).

ISO/IEC 15408-3, Information technology - Security techniques - Evaluation criteria for IT security - Security assurance requirements (Common Criteria Part 3).

Common Criteria Evaluation and Validation Scheme for Information Technology Security, Organization Management and Concept of Operation, v.2.0., NIST - NSA.

Common Criteria portal: http://www.commoncriteriaportal.org/

CCToolbox: http://cc-control.sparta.com/

Cheesman J., Daniels J.: Komponenty w UML, Wydawnictwa Naukowo-Techniczne, Warszawa 2004, ("UML Components - A Simple Process for Specifying Component-Based Software").

Common Evaluation Methodology for Information Technology Security, Part 1: Introduction and General Model.

Common Evaluation Methodology for Information Technology Security, Part 2: Evaluation Methodology.

Chapman R.: SPARK - a state-of-the-practice approach to the Common Criteria implementation requirements, 2nd International CC Conference, Brighton, July 2001.

CI2RCO: www.ci2rco.org

Cockburn A.: Jak pisać efektywne przypadki użycia?, Wydawnictwa Naukowo-Techniczne, Warszawa 2004, ("Writing Effective Use Cases ").

Ekelhart A., Fenz, S., Goluch, G., and Weippl, E.: Ontological Mapping of Common Criteria's Security Assurance Requirements, 2007 IFIP, Volume 232, New Approaches for Security, Privacy and Trust in Complex Environments, eds. Venter, H-, Eloff, M-, Labuschagne, L., Eloff, J., von Solms, R., (Boston: Springer), pp. 85÷95.

Galitzer S.: Introducing Engineered Composition (EC): An Approach for Extending the Common Criteria to Better Support Composing Systems, Published in the Workshop for Application of Engineering Principles to System Security Design (WAEPSSD) Proceedings, September 2003.

Górski J.: Trust case - A case for trustworthiness of IT infrastructures, In: Kowalik J, Górski J., Sachenko A. (editors): Cyberspace Security and Defense: Research Issues, NATO reference: ARW 980492, NATO Science Series II, vol. 196, Springer, Dordrecht, 2005, pp. 125÷141.

Hays D.: Security Engineering: Science or Art?, Published in the Workshop for Application of Engineering Principles to System Security Design (WAEPSSD) Proceedings, September 2003.

Hunstad A., Hallberg J.: Design for securability - Applying engineering principles to the design of security architecture, Published in the Workshop for Application of Engineering Principles to System Security Design (WAEPSSD) Proceedings, September 2003.

Hall-May M., Kelly T.: Using Agent-Based Modelling Approaches to Support the Development of Safety Policy for System of Systems, In: Górski J.: Computer Safety, Reliability, and Security, 25th International Conference SAFECOMP2006, Springer Lecture Notes in Computer Science (LNCS4166), Springer Verlag Berlin Heidelberg New York 2006, ISBN 3-540-45762-3, pp. 330÷343.

Hwa-Jong S.: Development and utilization of automatic generation tool for evaluation report, 5th International CC Conference, Berlin, September 2004.

ICCC: http://www.expotrack.com/iccc/english/proceedings.asp

ISO 27001:2005 Information security management systems - Specification with guidance for use.

ISO/IEC TR 15443, Information technology - Security techniques - A framework for IT security assurance.

ISO/IEC TR 15446:2004, Information technology - Security techniques - Guide for the production of protection profiles and security targets.

Information Technology Security Evaluation Criteria (ITSEC), EGKS-EWG-EAG, Bruessel, Juni 1991.

Jürjens J., Houmb S.H.: Risk-driven development of security-critical systems using UMLsec, LADC 2003, Sao Paulo, Oct. 21-24, 2003.

Jung-Shian Li: Development of CC in Taiwan, 5th International CC Conference, Berlin, September 2004.

Jürjens J.: Developing Secure Systems with UMLsec - From Business Processes to Implementation, VIS 2001, Kiel (Germany), 12-14 Sept. 2001, Vieweg-Verlag, 2001.

Jürjens J., Secure Systems Development with UML - Applications to Telemedicine, CORAS workshop, Int. Conf. on Telemedicine (ICT2002), Regensburg, September, 2002.

Jürjens J.: UMLsec: Extending UML for Secure Systems Development, UML 2002, Dresden, LNCS, Springer-Verlag, 2002.

Jürjens J.: A UML statecharts semantics with message-passing, Symposium of Applied Computing (SAC 2002), Madrid, March 10-14, ACM, 2002.

Jürjens J.: Using UMLsec and Goal-Trees for Secure Systems Development, Symposium of Applied Computing (SAC 2002), Madrid, March 10-14, ACM, 2002.

Jürjens J.: Formal Semantics for Interacting UML subsystems, IFIP TC6/WG6.1 Fifth International Conference on Formal Methods for Open Object-Based Distributed Systems (FMOODS 2002), Twente, March 20-22, Kluwer, 2002.

Jürjens J., Model-based Security with UMLsec, UML Forum, Tokyo, Apr. 17, 2003.

Jürjens J.: Formal Development of Critical Systems with UML, ETAPS 03, European joint conferences on Theory And Practice of Software 2003, Warschau, April 2003.

Jürjens J.: Secure Systems Development with UML, Springer-Verlag, 2005.

Krueger B.: Application of the Common Criteria to Information Security Management Systems - A study, 5th International CC Conference, Berlin, September 2004.

Lavatelli C: EDEN: A formal framework for high level security CC evaluations, e-Smart' 2004, Sophia Antipolis 2004.

Ling R., Latapie H., Tran V.: Expressing Common Criteria Security Requirements in Domain Models in Model-based Architecture, 6th Annual Workshop on Distributed Objects and Component Security 2002.

Leffingwell D., Widrig D.: Zarządzanie wymaganiami, Wydawnictwa Naukowo-Techniczne, Warszawa 2003, (Managing Software Requirements - A Unified Approach).

Melton R.: Integration of risk management with the Common Criteria (ISO/IEC 15408:1999), 5th International CC Conference, Berlin, September 2004.

Motre S., Teri C: Using Formal and Semiformal Methods for a Common Criteria Evaluation, In: Marting L (Ed): EuroSmart Security Conference, Marseille, slide version, pp. 337÷349, 2000.

Murray W.H.: Position paper for the Workshop for Application of Engineering Principles to System Security Design, Published in the Workshop for Application of Engineering Principles to System Security Design (WAEPSSD) Proc., September 2003.

Menezes A., van Oorschot P., Vanstone S.: Handbook of Applied Cryptography, CRC Press, 1996, ver. downloaded in 2002 from: http://www.cacr.math.uwaterloo.ca/hac

Naaman N.: A unified framework for information assurance, 5th International CC Conference, Berlin, September 2004.

Nash M.: Simpler security targets, 5th International CC Conference, Berlin, Sept. 2004.

UML 2.0 OCL Specification, OMG, 2003.

Oltra M.A.: Security Framework (draft 0.1.2), ITEA - Osmose, 2006 (WP2-031023-1), available at: http://www.itea-osmose.org.

Object Modelling Group portal: http://www.omg.org.

Pattinson F.: BS 7799-2 and Common Criteria - Supporting the business of software development, 5th International CC Conference, Berlin, September 2004.

Security Target BSI-DSZ-CC-0153: First Evaluation of Philips P8WE5032 Secure 8-bit Smart Card Controller, Philips Semiconductors Hamburg, September 1999.

Certification Report BSI-DSZ-CC-0153-1999 for Philips Smart Card Controller P8WE5032V0B from Philips Semiconductors Hamburg, BSI, November 1999.

Short form specification - Philips P8WE5032 Secure 8-bit Smart Card Controller, Philips Semiconductors, rev.1.0, July 2000.

POZIT: Białas A. Praca zbiorowa pod red.: Metodyka prowadzenia badań i oceny środków teleinformatycznych, Projekt celowy KBN pt. System wspomagania projektowania i oceny zabezpieczeń teleinformatycznych, Instytut Systemów Sterowania, 2004 (target project reports: "ITsecurity development and evaluation" - in Polish).

UML 2.0 OCL Specification, Appendix A: Semantics, 2003, available at: www.omg.org, developed on the basis of: Richters M.: A precise approach to validating UML models and OCL constraints. Ph.D thesis, Universitaet Bremen, Logos Verlag, Berlin, BISS Monographs, No. 14, 2002.

Robinson K.: An Introduction to the B Method - An Overview, School of Computer Science & Engineering, 2003.

SecCert: http://www.cbst.iss.pl.

SecCert Users Guide, Instytut Systemów Sterowania, 2006.

SecOffice: http://www.cbst.iss.pl.

SECOQC: http://www.secoqc.net/.

Spafford E.H.: Exploring Common Criteria: Can it Ensure that the Federal Government Gets Needed Security in Software, Published in the Workshop for Application of Engineering Principles to System Security Design (WAEPSSD) Proceedings, Sept. 2003.

SPARK: http://praxis-cs.co.uk/sparkada/publications.asp.

Stoneburner G.: Underlying Technical Models for Information Technology Security, NIST Special Publication, Gaithersburgh 2001.

TL FIT: http://trusted-logic.fr.

TL SET: http://trusted-logic.fr.

UML: http://www.omg.org/uml/.

Warmer J., Kleppe A.: OCL - Precyzyjne modelowanie w UML, Wydawnictwa Naukowo-Techniczne, Warszawa 2003, (The Object Constraint Language - Precise Modeling with UML).

Win De B., Piessens F., Joosen W.: On the importance of the separation-of-concerns principle in secure software engineering, Published in the Workshop for Application of Engineering Principles to System Security Design (WAEPSSD) Proc, September 2003.

Yavagal D.S., Lee S.W., Ahn G-J., Gandhi R.A.: Common Criteria Requirements Modeling and its Uses for Quality of Information Assurance (QoIA), In: Proc. of the 43rd Annual ACM Southeast Conference (ACMSE '05), Vol. 2, pp. 130÷135, March 18-20, Kennesaw State Univ. Kennesaw, Georgia. 2005.

Białas A.: Ontology-based Approach to the Common Criteria Compliant IT Security Development, In: Proceedings of the 2008 International Conference on Security and Management (The World Congress In Applied Computing - SAM'08), July 2008, Las Vegas, USA (accepted).




DOI: http://dx.doi.org/10.21936/si2008_v29.n2B.528