Reliability assurance in development process for TOE on the Common Criteria

Abstract

Security begins with good software code and high quality testing of the code, and it continues with the process used to identify corrected and patch security vulnerabilities and with their auditing based on recognized standards. Security is an important aspect of software systems, especially for distributed security-sensitive systems. The Common Criteria (CC) is the standard requirements catalogue for the evaluation of security critical systems. Using the CC, a large number of security requirements on the system itself and on the system development can be defined. However, the CC does not give methodological process support. In this paper, we show how integrate security aspects into the software engineering process. In addition, we also introduce our work on ensuring the reliability assurance in development process for Network Management System as TOE. The activities and documents from the Common Criteria are tightly intertwined with the system development, which improves the quality of the developed system and reduces the additional cost and effort due to high security requirements. For modeling and verification of critical parts of CBD(Component Based Development) system, we use formal description techniques and model checker, which increases both the understanding of the system specification and the system's reliability. We demonstrate our ideas by means of a case study, the CBD-NMS project. © Springer-Verlag 2004.