Ontological Mapping of Common Criteria's Security Assurance Requirements

The Common Criteria (CC) for Information Technology Security Evaluation provides comprehensive guidelines for the evaluation and certification of IT security regarding data security and data privacy. Due to the very complex and time-consuming certification process a lot of companies abstain from a CC certification. We created the CC Ontology tool, which is based on an ontological representation of the CC catalog, to support the evaluator at the certification process. Tasks such as the planning of an evaluation process, the review of relevant documents or the creating of reports are supported by the CC Ontology tool. With the development of this tool we reduce the time and costs needed to complete a certification.

[1]  Edgar R. Weippl,et al.  Security Ontologies: Improving Quantitative Risk Analysis , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[2]  Alexander K. Wißpeintner,et al.  Secure systems development based on the common criteria: the PalME project , 2002, SIGSOFT '02/FSE-10.

[3]  Timothy W. Finin,et al.  Swartout: Enabling technology for knowledge sharing , 1991 .

[4]  A Min Tjoa,et al.  Ontology-Based Business Knowledge for Simulating Threats to Corporate Assets , 2006, PAKM.

[5]  Edgar R. Weippl,et al.  Ontology based IT-security planning , 2006, 2006 12th Pacific Rim International Symposium on Dependable Computing (PRDC'06).

[6]  Jim Hearn Does the common criteria paradigm have a future? [security and privacy] , 2004, IEEE Security & Privacy Magazine.

[7]  Feisal Keblawi,et al.  Applying the common criteria in systems engineering , 2006, IEEE Security & Privacy.

[8]  S. A. Smith Looking Back and Ahead , 2001 .

[9]  Sean Bechhofer,et al.  OWL: Web Ontology Language , 2009, Encyclopedia of Database Systems.

[10]  Anna van Raaphorst RDF (Resource Description Framework) , 2006 .

[11]  O. Debande,et al.  Information and Communication Technologies: A Tool Empowering and Developing the Horizon of the Learner. , 2004 .

[12]  Kenneth G. Olthoff A cursory examination of market forces driving the use of protection profiles , 1999, NSPW '99.

[13]  M. Razzazi,et al.  Common Criteria Security Evaluation: A Time and Cost Effective Approach , 2006, 2006 2nd International Conference on Information & Communication Technologies.

[14]  Sergei Nirenburg,et al.  Ontology in information security: a useful theoretical foundation and methodological tool , 2001, NSPW '01.

[15]  Mariano Fernández-López,et al.  Ontological Engineering , 2003, Encyclopedia of Database Systems.

[16]  Timothy W. Finin,et al.  Enabling Technology for Knowledge Sharing , 1991, AI Mag..