Title :
Patterning Protection Profiles by UML for Security Specifications
Author :
Morimoto, Shoichi ; Cheng, Jingde
Author_Institution :
Dept. of Inf. & Comput. Sci., Saitama Univ.
Abstract :
A protection profile is a security specification template that defines an implementation-independent set of IT security requirements for a category of information systems. The protection profiles have also been certified to satisfy the international standard ISO/IEC 15408 security criteria. However, because the protection profiles are complicated and their classifications are not clear, they are not widely used. This paper proposes an approach to model protection profiles as UML patterns. By using the patterns, designers and developers can easily specify security issues of target systems to satisfy ISO/IEC 15408 criteria. The paper also shows how to verify specifications with the patterns by theorem-proving and model-checking technologies
Keywords :
IEC standards; ISO standards; Unified Modeling Language; certification; formal specification; formal verification; information systems; object-oriented methods; security of data; theorem proving; IEC15408 standard; ISO standard; IT security requirement; UML pattern; Unified Modeling Language; certification; formal verification; information system; model checking technology; protection profile; security specification template; theorem-proving; Business; Computer security; IEC standards; ISO standards; Information security; Information systems; Internet; Protection; Sociotechnical systems; Unified modeling language;
Conference_Titel :
Computational Intelligence for Modelling, Control and Automation, 2005 and International Conference on Intelligent Agents, Web Technologies and Internet Commerce, International Conference on
Conference_Location :
Vienna
Print_ISBN :
0-7695-2504-0
DOI :
10.1109/CIMCA.2005.1631590
