Ontology-Based Security Problem Definition and Solution for the Common Criteria Compliant Development Process

Andrzej Bialas
2009 2009 Fourth International Conference on Dependability of Computer Systems  
The paper shows how to apply a new ontology-based approach to the security problem definition (SPD), which is the key stage of the IT security development process compliant with the ISO/IEC 15408 Common Criteria standard. The SPD specifies threats, security policies and assumptions concerning the developed target of evaluation (TOE). On the SPD basis the security objectives (SO) are elaborated expressing the SPD problem solution, being the basis for further implementation works. The paper
more » ... ts shortly the Specification Means Ontology (SMO), the related knowledge base and their use by the IT security developers while the security problem is formulated and solved. The paper gives some examples concerning a simple firewall, summarizes the results and experiences, and defines the plans of future works.
doi:10.1109/depcos-relcomex.2009.15 dblp:conf/depcos/Bialas09 fatcat:dl5o3d732bdjrebplldqzv4fwm