Defining Security Requirements with the Common Criteria: Applications,
Adoptions, and Challenges
- URL: http://arxiv.org/abs/2201.07417v4
- Date: Sat, 2 Apr 2022 10:54:13 GMT
- Title: Defining Security Requirements with the Common Criteria: Applications,
Adoptions, and Challenges
- Authors: Nan Sun, Chang-Tsun Li, Hin Chan, Ba Dung Le, MD Zahidul Islam, Leo Yu
Zhang, MD Rafiqul Islam, Warren Armstrong
- Abstract summary: The adoption of ICT products with security properties depends on consumers' confidence and markets' trust in the security functionalities.
Common Criteria for Information Technology Security Evaluation (often referred to as Common Criteria or CC) is an international standard for cyber security certification.
Best practices on developing Protection Profiles, recommendations, and future directions for trusted cybersecurity advancement are presented.
- Score: 17.700647389830774
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Advances of emerging Information and Communications Technology (ICT)
technologies push the boundaries of what is possible and open up new markets
for innovative ICT products and services. The adoption of ICT products and
systems with security properties depends on consumers' confidence and markets'
trust in the security functionalities and whether the assurance measures
applied to these products meet the inherent security requirements. Such
confidence and trust are primarily gained through the rigorous development of
security requirements, validation criteria, evaluation, and certification.
Common Criteria for Information Technology Security Evaluation (often referred
to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for
cyber security certification. In this paper, we conduct a systematic review of
the CC standards and its adoptions. Adoption barriers of the CC are also
investigated based on the analysis of current trends in security evaluation.
Specifically, we share the experiences and lessons gained through the recent
Development of Australian Cyber Criteria Assessment (DACCA) project that
promotes the CC among stakeholders in ICT security products related to
specification, development, evaluation, certification and approval,
procurement, and deployment. Best practices on developing Protection Profiles,
recommendations, and future directions for trusted cybersecurity advancement
are presented.
Related papers
- Towards Guaranteed Safe AI: A Framework for Ensuring Robust and Reliable AI Systems [88.80306881112313]
We will introduce and define a family of approaches to AI safety, which we will refer to as guaranteed safe (GS) AI.
The core feature of these approaches is that they aim to produce AI systems which are equipped with high-assurance quantitative safety guarantees.
We outline a number of approaches for creating each of these three core components, describe the main technical challenges, and suggest a number of potential solutions to them.
arXiv Detail & Related papers (2024-05-10T17:38:32Z) - Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems.
We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z) - Enhancing Energy Sector Resilience: Integrating Security by Design Principles [20.817229569050532]
Security by design (Sbd) is a concept for developing and maintaining systems that are impervious to security attacks.
This document presents the security requirements for the implementation of the SbD in industrial control systems.
arXiv Detail & Related papers (2024-02-18T11:04:22Z) - Service Level Agreements and Security SLA: A Comprehensive Survey [51.000851088730684]
This survey paper identifies state of the art covering concepts, approaches, and open problems of SLA management.
It contributes by carrying out a comprehensive review and covering the gap between the analyses proposed in existing surveys and the most recent literature on this topic.
It proposes a novel classification criterium to organize the analysis based on SLA life cycle phases.
arXiv Detail & Related papers (2024-01-31T12:33:41Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge.
This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI)
We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
arXiv Detail & Related papers (2024-01-03T07:47:22Z) - Cybersecurity in Motion: A Survey of Challenges and Requirements for Future Test Facilities of CAVs [11.853500347907826]
Cooperative Intelligent Transportation Systems (C-ITSs) are at the forefront of this evolution.
This paper presents an envisaged Cybersecurity Centre of Excellence (CSCE) designed to bolster research, testing, and evaluation of the cybersecurity of C-ITSs.
arXiv Detail & Related papers (2023-12-22T13:42:53Z) - Trust-based Approaches Towards Enhancing IoT Security: A Systematic Literature Review [3.0969632359049473]
This research paper presents a systematic literature review on the Trust-based cybersecurity security approaches for IoT.
We highlighted the common trust-based mitigation techniques in existence for dealing with these threats.
Several open issues were highlighted, and future research directions presented.
arXiv Detail & Related papers (2023-11-20T12:21:35Z) - Layered Security Guidance for Data Asset Management in Additive Manufacturing [0.0]
This paper proposes leveraging the National Institute of Standards and Technology's Cybersecurity Framework to develop layered, risk-based guidance for fulfilling specific security outcomes.
The authors believe implementation of the layered approach would result in value-added, non-redundant security guidance for AM that is consistent with the preexisting guidance.
arXiv Detail & Related papers (2023-09-28T20:48:40Z) - Assessing Trustworthiness of Autonomous Systems [0.0]
As Autonomous Systems (AS) become more ubiquitous in society, more responsible for our safety and our interaction with them more frequent, it is essential that they are trustworthy.
Assessing the trustworthiness of AS is a mandatory challenge for the verification and development community.
This will require appropriate standards and suitable metrics that may serve to objectively and comparatively judge trustworthiness of AS across the broad range of current and future applications.
arXiv Detail & Related papers (2023-05-05T10:26:16Z) - Towards Safer Generative Language Models: A Survey on Safety Risks,
Evaluations, and Improvements [76.80453043969209]
This survey presents a framework for safety research pertaining to large models.
We begin by introducing safety issues of wide concern, then delve into safety evaluation methods for large models.
We explore the strategies for enhancing large model safety from training to deployment.
arXiv Detail & Related papers (2023-02-18T09:32:55Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.