Title :
Using the Common Criteria to Elicit Security Requirements with Use Cases
Author :
Ware, Michael S. ; Bowles, John B. ; Eastman, Caroline M.
Author_Institution :
Fairmont State Univ., WV
fDate :
March 31 2005-April 2 2005
Abstract :
The common criteria is often too confusing and technical for non-security specialists to understand and therefore properly use. At the same time, it is essential that security critical IT products under development be validated according to such standards not after but rather during the software engineering process. To help address these issues, this paper presents an approach to eliciting security requirements for IT systems with use cases using common criteria methodologies. The approach involves using actor profiles to derive threats, mapping derived threats to security objectives, and mapping objectives to security requirements using a CC toolbox data set. Our aim is to ensure that security issues are considered early during requirements engineering while making the common criteria more readily available to end-users in an understandable context. Violet, an open source UML diagram modeling tool, has been extended to implement the approach from a use case textual description perspective
Keywords :
Unified Modeling Language; security of data; software development management; CC toolbox data set; Violet; common criteria; open source UML diagram modeling tool; security requirements; software engineering process; Computer aided software engineering; Data security; Information security; Open source software; Programming; Robustness; Software engineering; Software standards; Standards development; Unified modeling language;
Conference_Titel :
SoutheastCon, 2006. Proceedings of the IEEE
Conference_Location :
Memphis, TN
Print_ISBN :
1-4244-0168-2
DOI :
10.1109/second.2006.1629363
