Ontology-Based Security Problem Definition and Solution for the Common Criteria Compliant Development Process

Abstract

The paper shows how to apply a new ontology-based approach to the security problem definition (SPD), which is the key stage of the IT security development process compliant with the ISO/IEC 15408 Common Criteria standard. The SPD specifies threats, security policies and assumptions concerning the developed target of evaluation (TOE). On the SPD basis the security objectives (SO) are elaborated expressing the SPD problem solution, being the basis for further implementation works. The paper presents shortly the Specification Means Ontology (SMO), the related knowledge base and their use by the IT security developers while the security problem is formulated and solved. The paper gives some examples concerning a simple firewall, summarizes the results and experiences, and defines the plans of future works.