3rd International ICST Symposium on Information Assurance and Security

Research Article

CCARCH: Architecting Common Criteria Security Requirements

  • @INPROCEEDINGS{10.1109/IAS.2007.30,
        author={Jose  Romero-Mariona and Hadar  Ziv and Debra  J. Richardson},
        title={CCARCH: Architecting Common Criteria Security Requirements},
        proceedings={3rd International ICST Symposium on  Information Assurance and Security},
        publisher={IEEE},
        proceedings_a={IAS},
        year={2007},
        month={9},
        keywords={Application software  Computer architecture  Computer security  Connectors  Guidelines  Information security  Phase measurement  Programming  Software architecture  Spirals},
        doi={10.1109/IAS.2007.30}
    }
    
  • Jose Romero-Mariona
    Hadar Ziv
    Debra J. Richardson
    Year: 2007
    CCARCH: Architecting Common Criteria Security Requirements
    IAS
    IEEE
    DOI: 10.1109/IAS.2007.30
Jose Romero-Mariona1,*, Hadar Ziv1,*, Debra J. Richardson1,*
  • 1: Donald Bren School of Information and Computer Sciences University of California, Irvine Irvine, CA USA
*Contact email: jromerom@ics.uci.edu, ziv@ics.uci.edu, djr@ics.uci.edu

Abstract

As technology continues to evolve, so do different entities that threaten the security of this technology. We believe that in order to build dependable software security should be treated just as any other important aspect of a system; to do this we must emphasize it at the beginning of our development cycle and be able to carry these security requirements down the cycle. We focus on a technique known as the Common Criteria, which allows for the development of security requirements. We extend the capabilities of Common Criteria beyond the requirements phase, to allow us to take security requirements into further stages of the cycle. In this paper we describe CCARCH, a technique accompanied by a set of tools, that takes Common Criteria expressed security requirements to the architectural level. Our approach aids in making the usage of Common Criteria more beneficial and applicable.