A language for security issues specification during the IT security development process

A. Białas

Abstract


The paper deals with the modelling of IT (Information Technology) security development process to be compliant with the Common Criteria (ISO/IEC 15408) family of standards. The paper concerns a more extensive project of the IT security development framework (ITSDF) but special attention is paid to improving and extending the means used to build the IT security specification. A dedicated language is proposed to define specification means for development stages other than the security requirement elaboration stage for which the standard does not provide specification means. The proposed means, called “enhanced generics”, can be used to specify items for the security environment, objectives, environmental requirements and the security functions. The enhanced generics have similar features as the components of the security requirements. They have a well defined structure and allow operations (iteration) on themselves. This solution, instead of the informal textual descriptors, ensures better preciseness of the security features description. The key element of the paper is the formal grammar of generics. It allows to derive all possible “legal” enhanced generics. They have semiformal character and features, similarly to the functional and assurance components defined by the standard to specify the security requirements. The paper, concluding an earlier informal approach, introduces syntax and semantics definitions based on the formal grammar and approach used to define the OCL language formally. The proposed means make security specifications more precise and coherent, allowing to reach the assurance level more easily. Moreover, this approach allows to create an IT security development tool in which the specification means are implemented as the design library elements.

Full Text:

PDF

Refbacks

  • There are currently no refbacks.


Copyright (c) 2015 Theoretical and Applied Informatics



ISSN: 1896-5334 (print), 2300-889X (online)

Open Acces CrossRef Indexed in DOAJ