ISEE: AN INFORMATION SECURITY ENGINEERING ENVIRONMENT

Jingde Cheng, Yuichi Goto, Daisuke Horie

2009

Abstract

Security Engineering has some features that are intrinsically different from Software (Reliability) Engineering. Traditional software engineering environments are not adequate and effective for designing, developing, managing, and maintaining secure software systems. This position paper presents ISEE, an information security engineering environment we are developing, that integrates various tools and provides comprehensive facilities to support design, development, management, and maintenance of security facilities of information/software systems continuously and consistently, and guides and helps all users to perform their tasks regularly according to ISO/IEC security standards. The paper presents the basic ideas on development of ISEE, basic requirements for ISEE, and a design of ISEE. ISEE is the first real information security engineering environment.

References

  1. Anderson, R. J., 2008. Security Engineering: A Guide to Building Dependable Distributed Systems, John Wiley & Sons, 2nd edition.
  2. Cheng, J., 2005. Connecting Components with Soft System Buses: A New Methodology for Design, Development, and Maintenance of Reconfigurable, Ubiquitous, and Persistent Reactive Systems. In Proceedings of the 19th International Conference on Advanced Information Networking and Applications, Vol. 1, pp. 667-672. IEEE Computer Society Press.
  3. Cheng, J., 2005. Comparing Persistent Computing with Autonomic Computing. In Proceedings of the 11th International Conference on Parallel and Distributed Systems, Vol. II, pp. 428-432. IEEE Computer Society Press.
  4. Cheng, J., 2006. Persistent Computing Systems as Continuously Available, Reliable, and Secure Systems. In Proceedings of the 1st International Conference on Availability, Reliability and Security, pp. 631-638. IEEE Computer Society Press.
  5. Cheng, J., 2007. Persistent Computing Systems Based on Soft System Buses as an Infrastructure of Ubiquitous Computing and Intelligence (Invited Paper). Journal of Ubiquitous Computing and Intelligence, Vol. 1, No. 1, pp. 35-41. American Scientific Publishers.
  6. Cheng, J. Goto, Y., Morimoto, S., and Horie, D., 2008. A Security Engineering Environment Based on ISO/IEC Standards: Providing Standard, Formal, and Consistent Supports for Design, Development, Operation, and Maintenance of Secure Information Systems. In Proceedings of the 2nd International Conference on Information Security and Assurance, pp. 350-354. IEEE Computer Society Press.
  7. Devanbu, P. T., Stubblebine, S., 2000. Software Engineering for Security: A Roadmap. In Proceedings of the Conference on The Future of Software Engineering, International Conference on Software Engineering, pp. 227-239. ACM Press.
  8. Dittrich, K., Tombros, D., Geppert, A., 2000. Databases in Software Engineering: A Roadmap. In Proceedings of the Conference on The Future of Software Engineering, International Conference on Software Engineering, pp. 291-302. ACM Press.
  9. Finkelstein, A., Kramer, J., 2000. Software Engineering: A Roadmap. In Proceedings of the Conference on The Future of Software Engineering, International Conference on Software Engineering, pp. 3-22. ACM Press.
  10. Harrison, W., Ossher, H., Tarr, P., 2000. Software Engineering Tools and Environments: A Roadmap. In Proceedings of the Conference on The Future of Software Engineering, International Conference on Software Engineering, pp. 261-277. ACM Press.
  11. Horie, D., Morimoto, S., Azimah, N., Goto, Y., Cheng, J., 2008. ISEDS: An Information Security Engineering Database System Based on ISO Standards. In Proceedings of the 3rd International Conference on Availability, Reliability and Security, pp. 1219-1225. IEEE Computer Society Press.
  12. Horie, D., Yajima, Kasahara, T., Goto, Y., Cheng, J., 2009. A New Model of Software Life Cycle Processes for Consistent Design, Development, Management, and Maintenance of Secure Information Systems. In Proceedings of the 8th IEEE/ACIS International Conference on Computer and Information Science, to appear, IEEE Computer Society Press.
  13. Horie, D., Yajima, K., Azimah, N., Goto, Y., Cheng, J., 2009. GEST: A Generator of ISO/IEC 15408 Security Target Templates. Studies in Computational Intelligence, to appear, Springer-Verlag.
  14. IEEE Computer Society, 1990. IEEE Standard 610: IEEE Standard Computer Dictionary - A Compilation of IEEE Standard Computer Glossaries. IEEE Computer Society Press.
  15. IEEE Computer Society, 1990. IEEE Standard 610.12- 1990: IEEE Standard Glossary of Software Engineering Terminology. IEEE Computer Society Press.
  16. ISO/IEC, 2005. ISO/IEC 15408-1:2005: Information Technology - Security Techniques - Evaluation Criteria for IT Security.
  17. ISO/IEC, 2005. ISO/IEC 27001: Information technology - Security techniques - Information security management systems.
  18. ISO/IEC, 2005. ISO/IEC 27002: Information technology - Security techniques - Code of practice for information security management.
  19. ISO/IEC, 2007. ISO/IEC 27006: Information technology - Security techniques - Requirements for bodies providing audit and certification of Information Security Management Systems.
  20. ISO/IEC, 2008. ISO/IEC 12207: Systems and Software Engineering Software Life Cycle Processes.
  21. ISO/IEC, 2008. ISO/IEC 27000: Information technology - Security techniques - information security management systems - Overview and vocabulary.
  22. ISO/IEC, 2008. ISO/IEC 27005: Information technology - Security techniques - Information security risk management.
  23. Morimoto, S., Shigematsu, S., Goto, Y., Cheng, J., 2007. Formal Verification of Security Specifications with Common Criteria. In Proceedings of the 22nd Annual ACM Symposium on Applied Computing, pp. 1506- 1512. ACM Press.
  24. Morimoto, S., Shigematsu, S., Goto, Y., Cheng, J., 2008. Classification, Formalization and Verification of Security Functional Requirements. In V. Geffert et al. (Eds.), SOFSEM 2008: Theory and Practice of Computer Science, 34th Conference on Current Trends in Theory and Practice of Computer Science, Novy Smokovec, High Tatras, Slovakia, January 19- 25, 2008, Proceedings. Lecture Notes in Computer Science, Vol. 4910, pp. 622-633. Springer-Verlag.
  25. Naur, P., Randell, B., (Eds.), 1969. Software Engineering: Report of a conference sponsored by the NATO Science Committee, Garmisch, Germany, 7-11 Oct. 1968. NATO.
  26. Yajima, K., Morimoto, S., Horie, D., Azreen, N. S., Goto, Y., Cheng, J., 2009. FORVEST: A Formal Verification Support Tool of Security Specifications with ISO/IEC 15408. In Proceedings of the 4th International Conference on Availability, Reliability and Security, pp. 624-629. IEEE Computer Society Press.
Download


Paper Citation


in Harvard Style

Cheng J., Goto Y. and Horie D. (2009). ISEE: AN INFORMATION SECURITY ENGINEERING ENVIRONMENT . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009) ISBN 978-989-674-005-4, pages 395-400. DOI: 10.5220/0002242103950400


in Bibtex Style

@conference{secrypt09,
author={Jingde Cheng and Yuichi Goto and Daisuke Horie},
title={ISEE: AN INFORMATION SECURITY ENGINEERING ENVIRONMENT},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)},
year={2009},
pages={395-400},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002242103950400},
isbn={978-989-674-005-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)
TI - ISEE: AN INFORMATION SECURITY ENGINEERING ENVIRONMENT
SN - 978-989-674-005-4
AU - Cheng J.
AU - Goto Y.
AU - Horie D.
PY - 2009
SP - 395
EP - 400
DO - 10.5220/0002242103950400