Patterns for Common Criteria Certification

Andreas Daniel Sinnhofer; Wolfgang Raschke; Christian Steger; Christian Josef Kreiner

doi:10.1145/2855321.2855355

Patterns for Common Criteria Certification

Andreas Daniel Sinnhofer, Wolfgang Raschke, Christian Steger, Christian Josef Kreiner

Institute of Technical Informatics (4480)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

One step in the development of certifiable secure systems is to provide trust in the development process and in the implemented security mechanisms of the product. In the domain of information technology, the Common Criteria schemes are used to evaluate the implemented security mechanisms of a product. Traditionally, a product certification is issued at a late stage of the development process, even though some Common Criteria evaluation paradigm exists to support the development process. The usage of such a paradigm would result in a beneficial certification process, since the evaluator gains experience through the maturing product. We have identified patterns which are designed to support the development process of secure applications. Based on these patterns, a systematic approach to integrate the evaluation process into the development process can be defined.

Original language	English
Title of host publication	ACM International Conference Proceeding Series
Publisher	Association of Computing Machinery
Pages	1 - 15
ISBN (Electronic)	978-145033847-9
DOIs	https://doi.org/10.1145/2855321.2855355
Publication status	Published - 4 Feb 2016
Event	Pattern Languages for Programs - Irsee, Germany Duration: 8 Jul 2015 → 12 Jul 2015

Conference

Conference	Pattern Languages for Programs
Country/Territory	Germany
City	Irsee
Period	8/07/15 → 12/07/15

Fields of Expertise

Information, Communication & Computing

Access to Document

10.1145/2855321.2855355

1 Finished
2 Active

Industrial Informatics
Krisper, M., Macher, G., Dobaj, J., Krug, T. & Seidl, M.
1/09/12 → …
Project: Research area
Hardware/Software-Codesign
Steger, C., Seifert, C., Stelzer, P., Feldbacher, M., Fiala, G. & Basic, F.
1/01/95 → …
Project: Research area
ASIDS - Advanced Secure Identification Systems
Steger, C., Oppermann, F. J., Kreiner, C. J., Krampl, F., Maierl, P., Sinnhofer, A. D. & Hechl, A.
1/06/14 → 30/11/16
Project: Research project

Cite this

@inproceedings{33bed834baed4b67a76a0918472c32e0,

title = "Patterns for Common Criteria Certification",

abstract = "One step in the development of certifiable secure systems is to provide trust in the development process and in the implemented security mechanisms of the product. In the domain of information technology, the Common Criteria schemes are used to evaluate the implemented security mechanisms of a product. Traditionally, a product certification is issued at a late stage of the development process, even though some Common Criteria evaluation paradigm exists to support the development process. The usage of such a paradigm would result in a beneficial certification process, since the evaluator gains experience through the maturing product. We have identified patterns which are designed to support the development process of secure applications. Based on these patterns, a systematic approach to integrate the evaluation process into the development process can be defined.",

author = "Sinnhofer, {Andreas Daniel} and Wolfgang Raschke and Christian Steger and Kreiner, {Christian Josef}",

year = "2016",

month = feb,

day = "4",

doi = "10.1145/2855321.2855355",

language = "English",

pages = "1 -- 15",

booktitle = "ACM International Conference Proceeding Series",

publisher = "Association of Computing Machinery",

address = "United States",

note = "Pattern Languages for Programs ; Conference date: 08-07-2015 Through 12-07-2015",

}

TY - GEN

T1 - Patterns for Common Criteria Certification

AU - Sinnhofer, Andreas Daniel

AU - Raschke, Wolfgang

AU - Steger, Christian

AU - Kreiner, Christian Josef

PY - 2016/2/4

Y1 - 2016/2/4

N2 - One step in the development of certifiable secure systems is to provide trust in the development process and in the implemented security mechanisms of the product. In the domain of information technology, the Common Criteria schemes are used to evaluate the implemented security mechanisms of a product. Traditionally, a product certification is issued at a late stage of the development process, even though some Common Criteria evaluation paradigm exists to support the development process. The usage of such a paradigm would result in a beneficial certification process, since the evaluator gains experience through the maturing product. We have identified patterns which are designed to support the development process of secure applications. Based on these patterns, a systematic approach to integrate the evaluation process into the development process can be defined.

AB - One step in the development of certifiable secure systems is to provide trust in the development process and in the implemented security mechanisms of the product. In the domain of information technology, the Common Criteria schemes are used to evaluate the implemented security mechanisms of a product. Traditionally, a product certification is issued at a late stage of the development process, even though some Common Criteria evaluation paradigm exists to support the development process. The usage of such a paradigm would result in a beneficial certification process, since the evaluator gains experience through the maturing product. We have identified patterns which are designed to support the development process of secure applications. Based on these patterns, a systematic approach to integrate the evaluation process into the development process can be defined.

U2 - 10.1145/2855321.2855355

DO - 10.1145/2855321.2855355

M3 - Conference paper

SP - 1

EP - 15

BT - ACM International Conference Proceeding Series

PB - Association of Computing Machinery

T2 - Pattern Languages for Programs

Y2 - 8 July 2015 through 12 July 2015

ER -

Patterns for Common Criteria Certification

Abstract

Conference

Fields of Expertise

Access to Document

Fingerprint

Projects

Industrial Informatics

Hardware/Software-Codesign

ASIDS - Advanced Secure Identification Systems

Cite this