AuthorsA. Naseer, Z. Huang and A. Ali
EditorsG. Wang, J. Feng, M. Z. A. Bhuiyan and R. Lu
TitleModelling Security Requirements for Software Development with Common Criteria
AfilliationSoftware Engineering
Project(s)Data-Driven Software Engineering Department
Publication TypeBook Chapter
Year of Publication2019
Book TitleSecurity, Privacy, and Anonymity in Computation, Communication, and Storage
Series Volume1611-3349
PaginationXVI, 506
Date Published07/2019
Publisher Springer
ISBN Number978-3-030-24906-9
Keywordscommon criteria (ISO/IEC 15408), security evaluation, security requirement engineering, software modelling, UML profile

Designing software needs to address the issues of adaptation and evaluation in terms of object-oriented concepts to prevent the loss of resources in terms of system failure. System security assessments are common practice, and system certification according to a standard requires submitting relevant software security information to applicable authorities. Many security-related standards exist to develop various security-critical systems; however, Common Criteria (ISO/IEC 15408) is an International de-facto standard that assures specification, implementation, and evaluation of an IT security product. This research will aid in better communication and enhanced collaboration among different stakeholders, especially between software and security engineers, by proposing a model of security-related concepts in de-facto standard Unified Modeling Language (UML). In this paper, we present a Usage Scenario and a Conceptual Model by extracting key security-related images from Common Criteria. The effectiveness is illustrated by a case study on Facebook Meta-Model, built for the evaluation purpose of Common Criteria models.


Contact person