Defining Security Requirements with the Common Criteria: Applications, Adoptions, and Challenges

Advances of emerging Information and Communications Technology (ICT) technologies push the boundaries of what is possible and open up new markets for innovative ICT products and services. The adoption of ICT products and systems with security properties depends on consumers' confidence and markets' trust in the security functionalities and whether the assurance measures applied to these products meet the inherent security requirements. Such confidence and trust are primarily gained through the rigorous development of security requirements, validation criteria, evaluation, and certification. Common Criteria for Information Technology Security Evaluation (often referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for cyber security certification. In this paper, we conduct a systematic review of the CC standards and its adoptions. Adoption barriers of the CC are also investigated based on the analysis of current trends in security evaluation. Specifically, we share the experiences and lessons gained through the recent Development of Australian Cyber Criteria Assessment (DACCA) project that promotes the CC among stakeholders in ICT security products related to specification, development, evaluation, certification and approval, procurement, and deployment. Best practices on developing Protection Profiles, recommendations, and future directions for trusted cybersecurity advancement are presented

Selecting Web Services with Security Compliances: A Managerial Perspective

This paper proposes a framework of a decision support system (DSS) for the assessment process of selecting Web services with security compliances consistent with the enterprise business goal. The proposed DSS framework is a systematic assessment model which could aid IS managers in making decision on which Web services would most likely meet the security requirements of their information systems. The proposed process is based on the standard ISO/IEC 15408, the Common Criteria for Information Technology Security Evaluation. The framework consists of five components: (i) Identification of security objectives; (ii) Formulation of criteria; (iii) Selection of candidate Web services; (iv) Security profiling of Web services; and (v) Variance analysis engine. The framework is presented with a running example to demonstrate the applicability of the approach

INFORMATION SYSTEM SECURITY THREATS CLASSIFICATIONS

Information systems are exposed to different types of security risks. Theconsequences of information systems security (ISS) breaches can vary from e.g. damaging the data base integrity to physical "destruction" of entire information system facilities, and can result with minor disruptions in less important segments of information systems, or with significant interruptions in information systems functionality. The sources of security risks are different, and can origin from inside or outside of information system facility, and can be intentional or unintentional. The precise calculation of loses caused by such incidents is often not possible because a number of small scale ISS incidents are never detected, or detected with a significant time delay, a part of incidents are interpreted as an accidental mistakes, and all that results with an underestimation of ISS risks. This paper addresses the different types and criteria of information system security risks (threats) classification and gives an overview of most common classifications used in literature and in practice. We define a common set of criteria that can be used for information system security threats classification, which will enable the comparison and evaluation of different security threats from different security threats classifications

DEVELOPMENT OF PROTECTION PROFILE FOR SECOND-LEVEL E-KTP CARD READER BASED ON ISO/IEC 15408:2022 AND ISO/IEC TS 19608:2018

The second level e-KTP reader device is an electronic data reader device stored in the e-KTP chip by applying a verification device in the form of a fingerprint/face scan. The data stored in the e-KTP chip is personal data that is general and specific, as stated in Law Number 27 of 2022. Therefore, users of e-KTP readers as controllers and processors of personal data are obliged to prevent unauthorised access lawfully by using a security system reliably, safely and responsibly. Permendagri Number 76 of 2020 requires compliance with product standards by involving relevant K/L agencies in the security sector as a form of supervision. Based on BSSN Regulation 15 of 2019, implementing the evaluation process in Indonesia's common criteria scheme requires a Protection Profile document to support the evaluation of IT device security. However, there is no Protection Profile document for e-KTP reader devices that have been certified so that it can be used as a reference in developing IT devices to support the evaluation of IT device security. Therefore, in this study, developing Protection Profiles for e-KTP readers based on ISO/IEC 15408 and ISO/IEC TS 19608: 2018 was carried out to prepare functional security requirements and security guarantees by considering the protection of personal data. While the developing method used is based on ISO/IEC TR 15446:2017. The results of this study are preparing a Protection Profile document consisting of 25 functional security requirements to fulfil 8 device security objectives with a level of security assurance at Evaluation Assurance Level (EAL) 4. Then the design results are tested based on the Assurance Protection Profile Evaluation class (APE) ISO/IEC 18045:2022 and declared to meet the criteria based on the ISO/IEC 15408 series

A Multi-Layer and Multi-Tenant Cloud Assurance Evaluation Methodology

Data with high security requirements is being processed and stored with increasing frequency in the Cloud. To guarantee that the data is being dealt in a secure manner we investigate the applicability of Assurance methodologies. In a typical Cloud environment the setup of multiple layers and different stakeholders determines security properties of individual components that are used to compose Cloud applications. We present a methodology adapted from Common Criteria for aggregating information reflecting the security properties of individual constituent components of Cloud applications. This aggregated information is used to categorise overall application security in terms of Assurance Levels and to provide a continuous assurance level evaluation. It gives the service owner an overview of the security of his service, without requiring detailed manual analyses of log files

Comparisons of Bitcoin Cryptosystem with Other Common Internet Transaction Systems by AHP Technique

This paper describes proposed methodology for evaluation of critical systems and prioritization of critical risks and assets identified in highly secured information systems. For different types of information assets or security environments it is necessary to apply different techniques and methods for their prioritization and evaluation. In this article, VECTOR matrix method for prioritization of critical assets and critical risks is explained and integrated into AHP (Analytic Hierarchy Process) technique as a set of fixed criteria for evaluation of defined alternatives. Bitcoin cryptocurrency was compared and evaluated along with other common Internet transaction systems by information security professionals according to defined VECTOR criteria. Also, the newly proposed hybrid AHP model is presented with potential case studies for future research. This article tries to discover security posture of Bitcoin cryptocurrency in the context of information security risks related to the existing most common online payment systems like e-banking, m-banking, and e-commerce

Common Criteria IT Security Standard in Product Development Process

Tietoturvallisuutta tarvitaan informaatioteknologian (IT) tuotteissa ja järjestelmissä. Yksi tapa varmistaa tuotteiden turvallisuus on käyttää IT -turvallisuusstandardeja. Tässä tutkielmassa tarkastellaan kansainvälistä IT -turvallisuusstandardia nimeltä Common Criteria (CC), jotta ymmärrettäisiin, kuinka sitä voidaan käyttää ja soveltaa tuote-kehitysprosessissa, sekä mitä hyötyjä standardi tuo prosessille. Tutkielman alussa tutkitaan IT -turvallisuuden ja sen standardien perusnäkökulmia. Tämän jälkeen syvennytään Common Criteria -standardiin. Tutkielma pohjautuu kirjallisuuskatsaukseen sekä esimerkkiin, jossa käytetään Common Criterian arviointiolettamustasoa 3. Common Criteria luo puitteet koko tuotteen elinkaarelle. Vaikkakin CC vaatimukset lisäävät työmäärää prosessissa, selviä hyötyjä turvallisuusasioihin on kuitenkin havaittavissa. Ilman "pakollista vaatimusta" nämä turvallisuusasiat voisivat jäädä huomioimatta. Common Criterialla on myös laaja kansainvälinen tuki, ja sitä pidetäänkin tämän päivän merkittävimpänä yleisenä kansainvälisenä turvallisuusstandardina. Kuitenkin CC-standardin joustamattomuus ajan ja kustannusten suhteen on aikaansaanut uusia vaatimuksia sen kehittämiseksi dynaamisempaan suuntaan.Information Technology Security is needed in both IT products and IT systems. One way to assure the secureness, is through the use of IT security standards. In this thesis an international IT security standard called Common Criteria (CC) is ex-amined in order to understand how it can be applied to a product development process, and what kind of benefits it brings to the process. This study begins by reviewing the basics of the IT security aspects, and by explaining the target of IT security standards. After that the content of the Common Criteria is examined in more details. The research was made based on a comprehensive literature research and a case using the Common Criteria evaluation assurance level 3. The Common Criteria sets the basis for the whole life-cycle process of the product. Although implementing the CC requirements adds extra workload to the process, there are visible advantages for security related matters that could be left unnoticed without a compulsory requirement. The Common Criteria also receives wide international support and is considered as "the" de facto international standard for IT Security. However, its inflexibility mainly in terms of time and expenses has brought up a demand for develop-ing it for a more dynamic IT standard

Criteria for Evaluating Alternative Network and Link Layer Protocols for the NASA Constellation Program Communication Architecture

Selecting a communications and network architecture for future manned space flight requires an evaluation of the varying goals and objectives of the program, development of communications and network architecture evaluation criteria, and assessment of critical architecture trades. This paper uses Cx Program proposed exploration activities as a guideline; lunar sortie, outpost, Mars, and flexible path options are described. A set of proposed communications network architecture criteria are proposed and described. They include: interoperability, security, reliability, and ease of automating topology changes. Finally a key set of architecture options are traded including (1) multiplexing data at a common network layer vs. at the data link layer, (2) implementing multiple network layers vs. a single network layer, and (3) the use of a particular network layer protocol, primarily IPv6 vs. Delay Tolerant Networking (DTN). In summary, the protocol options are evaluated against the proposed exploration activities and their relative performance with respect to the criteria are assessed. An architectural approach which includes (a) the capability of multiplexing at both the network layer and the data link layer and (b) a single network layer for operations at each program phase, as these solutions are best suited to respond to the widest array of program needs and meet each of the evaluation criteria

System Security Assurance: A Systematic Literature Review

System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber-physical systems (CPS) in a wide range of domains. We conducted a systematic review of requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We highlighted the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions