A technique for expressing IT security objectives

Jussipekka Leiwo; Lam-For Kwok; Douglas L. Maskell; Nenad Stankovic

doi:10.1016/j.infsof.2005.05.008

A technique for expressing IT security objectives

Jussipekka Leiwo, Lam-For Kwok, Douglas L. Maskell, Nenad Stankovic

Department of Computer Science

Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review

1 Citation (Scopus)

Abstract

At the specification phase, the developer of an IT security product identifies and documents applicable security objectives. Specifications are often intuitive and hard to assess and while being syntactically correct may still fail to appropriately capture the security problem addressed. A technique is proposed for expressing Common Criteria compliant security environments and security objectives for high assurance IT security products. The technique is validated by an analysis of the security specification for a device computing digital signatures within the European Union PKI framework. Modifications to the specification are proposed and the possibility of extending the CC treatment of security objectives is discussed. © 2005 Elsevier B.V. All rights reserved.

Original language	English
Pages (from-to)	532-539
Journal	Information and Software Technology
Volume	48
Issue number	7
DOIs	https://doi.org/10.1016/j.infsof.2005.05.008
Publication status	Published - Jul 2006

Research Keywords

Common Criteria
Secure
Security objective specification
Signature-creation device

Access Output

10.1016/j.infsof.2005.05.008

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

@article{b8e43017464249028b10d4e8d5b694ff,

title = "A technique for expressing IT security objectives",

abstract = "At the specification phase, the developer of an IT security product identifies and documents applicable security objectives. Specifications are often intuitive and hard to assess and while being syntactically correct may still fail to appropriately capture the security problem addressed. A technique is proposed for expressing Common Criteria compliant security environments and security objectives for high assurance IT security products. The technique is validated by an analysis of the security specification for a device computing digital signatures within the European Union PKI framework. Modifications to the specification are proposed and the possibility of extending the CC treatment of security objectives is discussed. {\textcopyright} 2005 Elsevier B.V. All rights reserved.",

keywords = "Common Criteria, Secure, Security objective specification, Signature-creation device",

author = "Jussipekka Leiwo and Lam-For Kwok and Maskell, {Douglas L.} and Nenad Stankovic",

year = "2006",

month = jul,

doi = "10.1016/j.infsof.2005.05.008",

language = "English",

volume = "48",

pages = "532--539",

journal = "Information and Software Technology",

issn = "0950-5849",

publisher = "Elsevier B.V.",

number = "7",

}

TY - JOUR

T1 - A technique for expressing IT security objectives

AU - Leiwo, Jussipekka

AU - Kwok, Lam-For

AU - Maskell, Douglas L.

AU - Stankovic, Nenad

PY - 2006/7

Y1 - 2006/7

N2 - At the specification phase, the developer of an IT security product identifies and documents applicable security objectives. Specifications are often intuitive and hard to assess and while being syntactically correct may still fail to appropriately capture the security problem addressed. A technique is proposed for expressing Common Criteria compliant security environments and security objectives for high assurance IT security products. The technique is validated by an analysis of the security specification for a device computing digital signatures within the European Union PKI framework. Modifications to the specification are proposed and the possibility of extending the CC treatment of security objectives is discussed. © 2005 Elsevier B.V. All rights reserved.

AB - At the specification phase, the developer of an IT security product identifies and documents applicable security objectives. Specifications are often intuitive and hard to assess and while being syntactically correct may still fail to appropriately capture the security problem addressed. A technique is proposed for expressing Common Criteria compliant security environments and security objectives for high assurance IT security products. The technique is validated by an analysis of the security specification for a device computing digital signatures within the European Union PKI framework. Modifications to the specification are proposed and the possibility of extending the CC treatment of security objectives is discussed. © 2005 Elsevier B.V. All rights reserved.

KW - Common Criteria

KW - Secure

KW - Security objective specification

KW - Signature-creation device

UR - http://www.scopus.com/inward/record.url?scp=33646499426&partnerID=8YFLogxK

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-33646499426&origin=recordpage

U2 - 10.1016/j.infsof.2005.05.008

DO - 10.1016/j.infsof.2005.05.008

M3 - RGC 21 - Publication in refereed journal

SN - 0950-5849

VL - 48

SP - 532

EP - 539

JO - Information and Software Technology

JF - Information and Software Technology

IS - 7

ER -

A technique for expressing IT security objectives

Abstract

Research Keywords

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Cite this