Computer-Aided Sensor Development Focused on Security Issues
Abstract
:1. Introduction
- Patterns (including specification means, all evidences, documentation, procedures, etc.);
- Methodology and tools used to create and manage IT security development environments by different business organizations;
- Knowledge-related CC development and evaluation (a knowledgebase).
1.1. Basic Common Criteria Methodology Terms Used in the Article
- The IT security development process, focused on the security analyses; the document called ST (security target) for the given TOE is worked out; the ST contains:
- ○
- TOE overview and description sections;
- ○
- Security problem definition (SPD), which specifies: the protected assets, subjects, threats, organizational security policies (OSPs), and security assumptions for the TOE;
- ○
- Security objectives (SO) presenting how the security problem specified by the SPD is solved; the SO expresses generally the proposed security measures;
- ○
- Security requirements (SFRs and SARs) present these solutions using the semiformal CC components;
- ○
- TOE security functions for ST (TSF); they are the SFR implementation on the claimed EAL level;
- The TOE development process, focused on the elaboration of the CC-specific IT product documentation, embracing:
- ○
- TOE architecture, its functional specification, design, security policy, implementation;
- ○
- Live cycle definition, configuration management, product delivery, development process security, used tools and their options;
- ○
- Tests specification, test depth and coverage;
- ○
- Product manuals and procedures;
- ○
- Vulnerability assessment of the TOE and its development site;
- The IT security evaluation process; it is performed by an independent, accredited security lab and finalized by certification; during this process the TOE and its evidences, i.e., ST and the TOE documentation, are evaluated according to the CC methodology against the claimed EAL.
1.2. Current State of the Research Field
- Common Criteria application in sensors and sensors systems development;
- Patterns in security development;
- Computer support of the Common Criteria methodology.
- General sensors network security aspects;
- Healthcare systems;
- Aircraft health monitoring systems;
- Safety-critical assets distribution systems;
- Transport, including motion sensors of digital tachographs;
- Products related to SCADA (Supervisory Control And Data Acquisition);
- Specialized firewalls used in control and automation systems, co-operating with sensors networks.
- Electronic Distribution of Software (EDS);
- Airplane Assets Distribution System (AADS);
- Air Health Monitoring and Management System (AHMMS);
- Air Traffic Control (ATC).
- To monitor the health of airplane structures and board systems, which use embedded sensors;
- To give timely feedback to the flight control computer working on the board and to the airline ground server for health assessment.
1.3. Research Motivation and Directions
- To improve the IT security development process, thanks to the patterns-based approach;
- To minimize the barriers for developers, related to the lack of knowledge, methods and exemplars of evidences, etc.;
- Theoretical foundation included in the author’s monograph [39], which includes the UML extension (stereotypes) to specify models of the IT security development framework in a formal way (syntax and semantics defined on mathematical principles), and the security models related to this framework (data and activity diagrams);
- The CCMODE project products [15]: methodology, tool and knowledge, to adapt them for the sensors systems domain of application;
- Patterns and tools to implement this methodology, adapted to the sensors development domain;
- Knowledge concerning the Common Criteria assurance methodology and the sensors security.
2. Experimental Section
2.1. General Features of CCMODE Tools
2.2. Evaluation Evidences Patterns Implemented in CCMODE Tools
- Documentation, e.g., configuration management plan;
- Documented results of independent investigations or observations conducted by the evaluators, e.g., a TOE vulnerability analysis report;
- Described behaviour or activities of people according to their roles in the TOE life cycle.
2.3. Specification Means Patterns Implemented in CCMODE Tools
- Assets representing passive entities within the considered system, divided into subcategories:
- ―
- TOE related assets—marked DTO,
- ―
- Assets within the TOE operational environment (DEO),
- Subjects, representing active entities related to the TOE or its operational environment, including:
- ―
- Authorized subjects (SAU), e.g., user, administrator, process,
- ―
- Unauthorized entity (SNA), e.g., intruder,
- ―
- Non-human malicious entity (SNH), e.g., force majeure, failure,
- Threats, including:
- ―
- Direct attacks against the TOE (TDA),
- ―
- Attacks against the TOE operational environment (TEO),
- Assumptions, addressed to the TOE operational environment:
- ―
- Connectivity aspects (ACN),
- ―
- Personnel/organizational aspects (APR),
- ―
- Physical aspects (APH),
- Organizational security policies (OSPs) and security objectives have similar subcategories assigned:
- ―
- Control and information flow control (policy: PACC, objective: OACC),
- ―
- Identification and authentication (PIDA, OIDA),
- ―
- Accountability and security audit (PADT, OADT),
- ―
- Integrity (PINT, OINT),
- ―
- Availability (PAVB, OAVB),
- ―
- Privacy (PPRV, OPRV),
- ―
- Data exchange (PDEX, ODEX),
- ―
- Confidentiality (PCON, OCON),
- ―
- IT aspects of the TOE operational environment (PEIT, OEIT),
- ―
- Technical/physical aspects of the TOE operational environment (PEPH, OEPH),
- ―
- Security maintenance/management (PSMN, OSMN).
- Different kinds of protected assets:
- ―
- Basic assets, i.e., sampled, processed, stored and transmitted data, and provided services,
- ―
- Assets whose availability allows the right operation of sensors (please note the restricted resources: energy, processing- and transmission capability),
- ―
- Security-related data, e.g., cryptographic keys, passwords, credentials, secrets,
- ―
- Assets placed within the TOE operational environment, encompassing all co-operating and mutually related IT entities, e.g., network gateways, monitoring central unit, common data base,
- Active entities (subjects):
- ―
- Legal users of a sensor or sensor system, user, admin, process,
- ―
- Legal actors participating in the life cycle processes performed within the site, service personnel,
- ―
- Intruders of different attack potential, force majeure, failure,
- Commonly known attacks against sensors and sensors systems—threats:
- ―
- Related to the data sampled/measured by the intelligent sensor, e.g., input data manipulation,
- ―
- Related to the data stored, processed and transferred by the intelligent sensor, e.g., illegal access, data manipulation,
- ―
- Exploiting vulnerabilities concerning sensors restricted resources, like power, transmission capability, etc.,
- ―
- Aimed at the sensor identity, e.g., cloning, replacing, sybil attack, node fabrication,
- ―
- Trying to breach the security-related data,
- ―
- Aiming at the sensor physical integrity, like tampering, chemical, thermal, electromagnetic and similar attacks,
- ―
- Related to different cases of unforeseen natural catastrophes, emergencies and failures,
- ―
- Against sensor network and transmission ability (TOE operational environment), like routing misuse, malware, uncontrolled network area accessible to potential intruders, etc.,
- ―
- Attacks causing safety problems—safety-critical faults in the safety-critical equipment,
- Organizational Security Policies (OSPs):
- ―
- Information flow rules,
- ―
- Access to asset rules,
- ―
- Intrinsic safety,
- ―
- Compliance with standards,
- Assumptions related to the TOE operational environment, like trustiness of administration and intended use of an IT product;
- Security objectives for the TOE and for the TOE operational environment, representing different kinds of security measures, which counter threats, enforce OSPs or uphold assumptions.
2.4. Adaptation of CCMODE Tools to Sensors and Sensors Systems Domain of Applications
2.5. Range of the Validation Experiment
- CCMODE Tools configuration for the MethSens project;
- IT security modeling of the MethSens with the use of EA-plugin;
- Injecting this model to the MethSens Security Target using GenDoc application.
2.6. CCMODE Tools Configuration for the MethSens Project
- Introducing basic information about the project, like: project type, TOE name and acronym, involved organizations, project roles and actors, subcontractors, etc.;
- Configuring connections and working parameters of external modules, like SVN, EA, MS Word, Redmine, Testlink; some tools are optional;
- Selecting the right evaluation assurance level (EAL) for the TOE; components of the EAL are automatically joined to the project; it is possible to perform substitution (replacing one or more components of the given EAL by more rigorous ones) and augmentation (adding one or more component to these implied by the EAL); these two cases are distinguished by “+”, e.g.,: EAL2+; developers can define their own components;
- Defining the IT product life cycle and its phases, processes, actors; some life cycles are predefined in the tool; for MethSens a standard life cycle (with phases: Development, Manufacturing, Operation and maintenance, End of life) was applied;
- Specifying software tools and hardware tools, especially those whose configuration parameters influence the IT product; concerns the “ALC_TAT—Tools and techniques” family requirements [6];
- Specifying tools related to the TOE configuration management; concerns the ALC_CMC, ALC_CMS families [6];
- Setting repository paths pointing at different project artefacts, e.g.,: source files, configuration lists and their items, regulations, etc.
2.7. Security Model of the MethSens Device
- To perform CC-related security analyses and modelling for ST (ASE_SPD, ASE_OBJ, ASE_REQ, ASE_TSS families);
- To support the development of evidences dealing with the TOE decomposition (ADV_TDS), interfaces (ADV_FSP), and tests (ATE_FUN, ATE_DPT, ATE_COV) [6].
2.7.1. Security Problem Definition (SPD)—Threats, Organizational Security Policies and Assumptions
Example 1
Example 2
2.7.2. Security Objectives (SO)—Solving the Security Problem
Example 3
- OACC.Access. The sensor must control access of connected entities;
- OIDA.ControlID. Using the properly managed unique identifiers of sensors [Dparam<=DTO.SensorID]. Refinement: Calibration keyboards are provided with unique identifiers which can be checked;
- OADT.Audit. The sensor must audit attempts to undermine its security and should trace them to the associated entities;
- OSMN.NetAdmin. Network administration and security policy procedures implementation.
Example 4
Example 5
2.7.3. Security Functional Requirements (SFR)—Semiformal Representation of the Security Objectives
Example 6
- OACC.Access expressed by: FDP_ACC.1 (FDP_ACF.1, FMT_MSA.3); explained above;
- OIDA.ControlID expressed by: FIA_UID.2, requiring user identification before any action; it has no dependencies;
- OADT.Audit: expressed by: FAU_ARP.1 (Security alarm when security violation occurs); it has a dependent component FAU_SAA.1 (Potential violation analysis) which, in turn, has another dependent component FAU_GEN.1 (Audit data generation);
- OAVB.DataFreshness expressed by: FPT_ITI.1 (Inter-TSF detection of modification) which has no dependencies.
Example 7
- TSF1_SensorAccCtrl meeting the requirements included in the SFRs: FDP_ACC.1, FDP_ACF.1 and FMT_MSA.3;
- TSF2_SensorIDctr meeting the requirements included in the SFR: FIA_UID.2;
- TSF3_AbnormalEventsDet meeting the requirements included in the SFRs: FAU_ARP.1, FAU_SAA.1 and FAU_GEN.1;
- TSF7_.DataIntegCtrl meeting the requirements included in the SFR: FPT_ITI.1.
2.8. MethSens Security Target Elaboration
- Developers’ action elements (marked “D”) expressing what the developers should provide as evidence;
- Contents and presentation elements (marked “C”) showing what kind of requirements the evidence should meet;
- Evaluators’ action elements (marked “E”) showing how the evaluator should verify the provided evidence.
2.9. Other Evaluation Evidences for the MethSens Device
- TOE architecture, its functional specification, design, security policy, implementation (ADV class);
- Life cycle definition, configuration management, product delivery, development process security, used tools and their options (ALC class);
- Tests specification, test depth and coverage (ATE class);
- Product manuals and procedures (AGD class);
3. Results and Discussion
- If it is possible to adapt this suite for the specific sensors application domain in order to support sensors developers;
- Whether the extended customized suite could be useful for intelligent sensors and systems developers.
3.1. Validation Context
- The management of a sensors-related project in the assumed life cycle (development, manufacturing, operation & maintenance, end of life) but the validation was focused on the development phase;
- The EAL2 for the sensors project;
- Security analyses and modelling (EA-plugin);
- Semi-automatic generation (GenDoc/MS Word) of evaluation evidences; the validation was focused on the basic evidence, i.e., security target;
- Self-assessment of the evidences;
- The preparation of a knowledge base;
- The establishment of a repository of project artefacts (SVN).
- Law enforcement—some products, especially for government-like applications, should have the given EAL (an arbitrary decision);
- Market requirements (trade-off based on market-related factors).
Conclusion 1
3.2. Range of Development Suite Customization
Conclusion 2
3.3. Course of Validation Experiment
Conclusion 3
3.4. Self-Assessment—Useful Optional Step
Conclusion 4
4. Conclusions
- To adapt the general-purpose CCMODE methodology and its supporting tools to the needs of the intelligent sensors and sensors networks domain;
- To disseminate CC-related knowledge in this domain.
4.1. Research Findings and Implications
- The development suite dedicated for sensors will be based on the general purpose, ready-made platform—CCMODE Tools;
- The feasibility study will be based on the representative sensor MethSens/EAL2.
- The security modelling and rationale—supported by the EA-plugin;
- The patterns- and tools-based semi-automatic generation of evidences (replacing the old laborious, manual elaboration of evidences)—the MethSens security target generated by the GenDoc application;
- The sensors-specific security specification work out—a set of enhanced generics was predefined in the CCMODE knowledge base and some of them were used to specify the MethSens security model.
4.2. Paper Contribution and Future Research
- Better project management—thanks to the Common Criteria compliant, IT security development framework equipped with the domain knowledge base, design patterns, defined development processes, life cycle models, supporting tools, and communication facilities;
- Automation of IT product development process—complex and laborious activities are supported by software tools; this way it is possible to achieve the project reusability and other advantages similar to those gained in the CAE systems.
Acknowledgments
Conflicts of Interest
References
- Yurish, S.Y. Sensors: Smart vs. Intelligent. Sens. Transducers J. 2010, 114, I–VI. [Google Scholar]
- Braeken, A.; Porambage, P.; Gurtov, A.; Ylianttila, M. Secure and Efficient Reactive Video Surveillance for Patient Monitoring. Sensors 2016, 16, 1–13. [Google Scholar] [CrossRef] [PubMed]
- Martín-Fernández, F.; Caballero-Gil, P.; Caballero-Gil, C. Authentication Based on Non-Interactive Zero-Knowledge Proofs for the Internet of Things. Sensors 2016, 16, 1–20. [Google Scholar] [CrossRef] [PubMed]
- Sánchez Alcón, J.A.; López, L.; Martínez, J.-F.; Rubio Cifuentes, G. Trust and Privacy Solutions Based on Holistic Service Requirements. Sensors 2016, 16, 1–38. [Google Scholar] [CrossRef] [PubMed]
- ISO/IEC. Information Technology—Security Techniques—Security Assurance Framework; ISO/IEC TR 15443:2012; International Organization for Standardization and International Electrotechnical Commission: Geneva, Switzerland, 2012. [Google Scholar]
- Common Criteria for IT Security Evaluation, Version 3.1 rev. 4, 2012; Common Criteria Member Organizations, Part 1–3. Available online: http://www.commoncriteriaportal.org/ (accessed on 12 February 2016).
- Common Criteria Portal Home Page. Available online: http://www.commoncriteriaportal.org/ (accessed on 12 February 2016).
- Hermann, D.S. Using the Common Criteria for IT Security Evaluation; CRC Press: Boca Raton, FL, USA, 2003. [Google Scholar]
- Higaki, W.H. Successful Common Criteria Evaluation. A Practical Guide for Vendors; CreateSpace Independent Publishing Platform: Lexington, KY, USA, 2011. [Google Scholar]
- Bialas, A. Intelligent Sensors Security. Sensors 2010, 10, 822–859. [Google Scholar] [CrossRef] [PubMed]
- Bialas, A. Common Criteria Related Security Design Patterns—Validation on the Intelligent Sensor Example Designed for Mine Environment. Sensors 2010, 10, 4456–4496. [Google Scholar] [CrossRef] [PubMed]
- Bialas, A. Common Criteria Related Security Design Patterns for Intelligent Sensors—Knowledge Engineering-Based Implementation. Sensors 2011, 11, 8085–8114. [Google Scholar] [CrossRef] [PubMed]
- Noy, N.F.; McGuiness, D.L. Ontology Development 101: A Guide to Creating Your First Ontology; Knowledge Systems Laboratory, Stanford University: Stanford, CA, USA, March 2001. [Google Scholar]
- Stanford University. Protégé Ontology Editor and Knowledge Acquisition System. Available online: http://protege.stanford.edu/ (accessed on 12 February 2016).
- CCMODE—Common Criteria Compliant, Modular, Open IT Security Development Environment Project. Available online: http://commoncriteria.pl/index.php/en/ (accessed on 14 February 2016).
- Malavenda, C.S.; Menichelli, F.; Olivieri, M. A Regulation-Based Security Evaluation Method for Data Link in Wireless Sensor Network. J. Comput. Netw. Commun. 2014, 2014, 591920. [Google Scholar] [CrossRef]
- Singh, K.; Muthukkumarasamy, V. Addressing Security, Privacy and Efficiency Issues in Health Care Systems. In Healthcare Sensor Networks: Challenges Toward Practical Implementation; Lai, D.T.H., Marimuthu, P., Begg, R., Eds.; CRC Press: Boca Raton, FL, USA, 2012; pp. 111–138. [Google Scholar]
- Sampigethaya, K.; Poovendran, R.; Bushnell, L. Secure Operation, Control, and Maintenance of Future E-Enabled Airplanes. IEEE Proc. 2008, 96, 1992–2007. [Google Scholar] [CrossRef]
- Sampigethaya, K.; Li, M.; Poovendran, R.; Robinson, R.; Bushnell, L.; Lintelman, S. Secure Wireless Collection and Distribution of Commercial Airplane Health Data. In Proceedings of the 26th Digital Avionics Systems Conference, Dallas, TX, USA, 21–25 October 2007.
- Robinson, R.; Li, M.; Lintelman, S.; Sampigethaya, K.; Poovendran, R.; von Oheimb, D.; Bußer, J.W.; Cuellar, J. Electronic Distribution of Airplane Software and the Impact of Information Security on Airplane Safety. In Proceedings of the 26th International Conference on Computer Safety, Reliability, and Security, Nuremberg, Germany, 18–21 September 2007; pp. 28–39.
- Lintelman, S.; Sampigethaya, K.; Li, M.; Poovendran, R.; Robinson, R. High Assurance Aerospace CPS & Implications for the Automotive Industry. Available online: https://www.ee.washington.edu/research/nsl/papers/HCSS-08.pdf (accessed on 28 March 2016).
- The Council of the European Union. Commission Regulation (EC) No.1360/2002 on Recording Equipment in Road Transport. Annex 1B Requirements for Construction, Testing, Installation and Inspection. Off. J. Eur. Commun. 2002, L207, 204–252. [Google Scholar]
- Furgel, I.; Lemke, K. A Review of the Digital Tachograph System. In Embedded Security in Cars; Springer: Berlin/Heidelberg, Germany, 2006; pp. 69–94. [Google Scholar]
- Actia. Security Target IS2000 Smartach SRES, P206412; Actia: Toulouse, France, 2005. [Google Scholar]
- Bialas, A. Security-Related Design Patterns for Intelligent Sensors Requiring Measurable Assurance. Electr. Rev. (Prz. Elektrotech.) 2009, 85, 92–99. [Google Scholar]
- Bialas, A. Ontological Approach to the Motion Sensor Security Development. Electr. Rev. (Prz. Elektrotech.) 2009, 85, 36–44. [Google Scholar]
- Federation International de l’Automobile. Protection against Mileage Fraud by Common Criteria. In Proceedings of the 108th Session of the Working Party on General Safety Provisions (GRSG), United Nations Economic Commission for Europe (UNECE), Geneva, Switzerland, 4–8 May 2015.
- Veryha, Y. SCADA Systems for Virtual Utilities. Electr. Today 2005, 17, 24–30. [Google Scholar]
- Falco, J.; Stouffer, K.; Wavering, A.; Proctor, F. IT Security for Industrial Control Systems, National Institute of Standards and Technology (NIST) in Coordination with the Process Control Security Requirements Forum (PCSRF), White Paper. Available online: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.13.9422&rep=rep1&type=pdf (accessed on 19 February 2016).
- National Institute of Standards and Technology (NIST) in Coordination with the Process Control Security Requirements Forum (PCSRF). System Protection Profile—Industrial Control Systems. NISTIR 7167. NIST, October 2004. Available online: https://scadahacker.com/library/Documents/Standards/NIST%20-%20System%20Protection%20Profile%20Industrial%20Control%20Systems.pdf (accessed on 19 February 2016).
- Schumacher, M.; Fernandez-Buglioni, E.; Hybertson, D.; Buschmann, F.; Sommerlad, P. Security Patterns: Integrating Security and Systems Engineering; John Wiley and Sons: Chichester, UK, 2006. [Google Scholar]
- Yoshioka, N.; Washizaki, H.; Maruyama, K. A survey on security patterns. Prog. Inf. 2008, 5, 35–47. [Google Scholar] [CrossRef]
- Beckers, K.; Heisel, M.; Hatebur, D. Supporting Common Criteria Security Analysis with Problem Frames. In Pattern and Security Requirements; Springer International Publishing: Cham, Switzerland, 2015; pp. 195–228. [Google Scholar]
- ISO/IEC. Information Technology—Security Techniques—Guide for the Production of Protection Profiles and Security Targets; ISO/IEC TR 15446:2009; International Organization for Standardization and International Electrotechnical Commission: Geneva, Switzerland, 2009. [Google Scholar]
- Bundesamt für Sicherheit in der Informationstechnik. Guidelines for Developer Documentation According to Common Criteria, Version 3.1; Bundesamt für Sicherheit in der Informationstechnik: Bonn, Germany, 2007. [Google Scholar]
- CC Toolbox. Available online: http://niatec.info/ViewPage.aspx?id=44 (accessed on 21 February 2016).
- Horie, D.; Yajima, K.; Azimah, N.; Goto, Y.; Cheng, J. GEST: A Generator of ISO/IEC 15408 Security Target Templates. In Computer and Information Science 2009; Lee, G., Hu, H., Eds.; Springer-Verlag: Berlin, Germany, 2009; pp. 149–158. [Google Scholar]
- TL SET. Available online: http://trusted-labs.com/security-consulting/tools-training/tl-set/ (accessed on 21 February 2016).
- Bialas, A. Semiformal Common Criteria Compliant IT Security Development Framework. Available online: http://studiainformatica.polsl.pl/index.php/SI (accessed on 23 February 2016).
- D2RQ Platform, Freie Universität Berlin, Germany. Available online: http://d2rq.org/ (accessed on 6 March 2016).
- SVN—Subversion. Available online: https://subversion.apache.org/ (accessed on 6 March 2016).
- Redmine—Open Source Project Management Software. Available online: http://www.redmine.org/ (accessed on 6 March 2016).
- Testlink—Web-based test management system. Available online: https://sourceforge.net/projects/testlink/ (accessed on 6 March 2016).
- Site Certification. Supporting Document Guidance, version 1.0 rev. 1, 2007, CCDB-2007-11-001; Common Criteria Member Organizations, Bundesamt Für Sicherheit in der Informationstechnik (Tech. Editor). Available online: http://www.commoncriteriaportal.org/cc/#supporting (accessed on 1 April 2016).
- SKOS—Simple Knowledge Organization System. Available online: https://www.w3.org/2004/02/skos/intro (accessed on 6 March 2016).
- Common Methodology for Information Technology Security Evaluation (CEM), version 3.1 rev. 4, 2012. Common Criteria member organizations. Available online: http://www.commoncriteriaportal.org/ (accessed on 20 March 2016).
- Rogowski, D. Software Support for Common Criteria Security Development Process on the Example of a Data Diode. In Advances in Intelligent Systems and Computing; Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J., Eds.; Springer-Verlag: Cham, Switzerland; Heidelberg, Germany; New York, NY, USA; Dordrecht, The Netherlands; London UK, 2014; pp. 363–372. [Google Scholar]
- Trustless Initiative. Available online: http://www.openmediacluster.com/user-verified-social-telematics/ (accessed on 28 March 2016).
Pattern Acronym | Pattern Name | Description |
---|---|---|
STp | Security Target pattern | Structure and contents of the security target (ST). |
laSTp | low assurance Security Target pattern | Structure and contents of the low assurance security target used for EAL1 |
PPp | Protection Profile pattern | Structure and contents of the protection profile (PP) |
laPPp | low assurance Protection Profile pattern | Structure and contents of the low assurance protection profile used for EAL1 |
SSTp | Site Security Target pattern | Structure and contents of the site security target (SST). |
Pattern Family | Name | Description |
---|---|---|
ALC_LCDp | Life-cycle model definition patterns | Presents high-level description of the TOE life-cycle and provides a framework for the entire development environment. |
ALC_DVSp | Development security patterns | Specifies physical, procedural, personnel, and other security measures to be used in the development environment to protect the TOE and its parts. |
ALC_CMCp | Configuration management (CM) capabilities patterns | Describes in detail the management of configuration items and enforces discipline and control in the processes of refinement and modification of the TOE and the related information. |
ALC_CMSp | Configuration management scope pattern | Shows how to specify items to be included as configuration items and hence controlled by the above CM capabilities. |
ALC_TATp | Tools and techniques patterns | Is responsible for control tools, their options and techniques used in the development environment (programming languages, documentation, implementation standards, runtime libraries, different equipment, etc.). |
ALC_DELp | Delivery patterns | Describes the secure transfer of the finished TOE from the development environment into the responsibility of the user. |
ALC_FLRp | Flaw remediation patterns | Concerns the detected security flaws that should be traced and corrected by the developer. |
Pattern Family | Name | Description |
---|---|---|
ADV_ARCp | Security Architecture patterns | Describes the security architecture of the TOE security functions to show if they achieve desired properties (how to use architectural properties to better protect security functions). |
ADV_FSPp | Functional specification patterns | Describes the TOE security functions (TSFs) interfaces (TSFIs) which contain the means for users to invoke a service from the TSF (by supplying data that are processed by the TSF) and the corresponding responses to those services invocations. |
ADV_TDSp | TOE design patterns | Provides context for the TSFs description and describes the TSFs. The TOE decomposition is specified on different levels of detail (subsystems, modules) with respect to the applied rigour (EAL). |
ADV_IMPp | Implementation representation patterns | Expresses how the TSFs are implemented (software/firmware/hardware design language source code, hardware/IC diagrams, layouts). |
ADV_INTp | TSF internals patterns | Addresses the assessment of the TSFs internal structure. Well-structured TSFs are easier to implement and have fewer flaws and vulnerabilities. |
ADV_SPMp | Security policy modelling patterns | Provides additional assurance from the development of a formal security policy model of the TSF and helps to gain correspondence between the functional specification and this security policy model. |
AGD_PREp | Preparative procedures patterns | Presents how the TOE has been received and installed in a secure manner as intended by the developer. |
AGD_OPEp | Operational user guidance patterns | Shows how to prepare written material intended for all types of users of the TOE in its evaluated configuration. |
ATE_FUNp | Functional tests patterns | Enforces the right specification, execution and documentation of tests. |
ATE_COVp | Test Coverage patterns | Helps to demonstrate that the above mentioned TSFIs are properly covered by tests. |
ATE_DPTp | Test Depth patterns | Helps to demonstrate that the specified TOE design elements (subsystems, modules) are properly covered by tests. |
ATE_INDp | Independent testing patterns | The ATE_IND evidences are elaborated by evaluators. This evidence is used to perform the tests provided by the developer and to perform additional tests defined by evaluator. |
© 2016 by the author; licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC-BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Bialas, A. Computer-Aided Sensor Development Focused on Security Issues. Sensors 2016, 16, 759. https://doi.org/10.3390/s16060759
Bialas A. Computer-Aided Sensor Development Focused on Security Issues. Sensors. 2016; 16(6):759. https://doi.org/10.3390/s16060759
Chicago/Turabian StyleBialas, Andrzej. 2016. "Computer-Aided Sensor Development Focused on Security Issues" Sensors 16, no. 6: 759. https://doi.org/10.3390/s16060759
APA StyleBialas, A. (2016). Computer-Aided Sensor Development Focused on Security Issues. Sensors, 16(6), 759. https://doi.org/10.3390/s16060759