Tools
Open source systems security certification
- Author
- Damiani, Ernesto, 1960-
- Title
- Open source systems security certification / Ernesto Damiani, Claudio Agostino Ardagna, Nabil El Ioini.
- Format
- Book
- Published
- New York : Springer, 2009.
- Description
- xix, 202 p. : ill. ; 25 cm.
- Other contributors
- Ardagna, Claudio Agostino. Ioini, Nabil El.
- Notes
- Includes bibliographical references and index.
- Contents
-
- Cover
- TOC$Contents
- CH$1 Introduction
- 1.1 Context and motivation
- 1.2 Software certification
- 1.2.1 Certification vs. standardization
- 1.2.2 Certification authorities
- 1.3 Software security certification
- 1.3.1 The state of the art
- 1.3.2 Changing scenarios
- 1.4 Certifying Open source
- 1.5 Conclusions
- References
- CH$2 Basic Notions on Access Control
- 2.1 Introduction
- 2.2 Access Control
- 2.2.1 Discretionary Access Control
- 2.2.2 Mandatory Access Control
- 2.2.3 Role Based Access Control
- 2.3 Conclusions
- References
- CH$3 Test based security certifications
- 3.1 Basic Notions on Software Testing
- 3.1.1 Types of Software Testing
- 3.1.2 Automation of Test Activities
- 3.1.3 Fault Terminology
- 3.1.4 Test Coverage
- 3.2 Test-based Security Certification
- 3.2.1 The Trusted Computer System Evaluation Criteria (TCSEC) standard
- 3.2.2 CTCPEC
- 3.2.3 ITSEC
- 3.3 The Common Criteria : A General Model for Test-based Certification
- 3.3.1 CC components
- 3.4 Conclusions
- References
- CH$4 Formal methods for software verification
- 4.1 Introduction
- 4.2 Formal methods for software verification
- 4.2.1 Model Checking
- 4.2.2 Static Analysis
- 4.2.3 Untrusted code
- 4.2.4 Security by contract
- 4.3 Formal Methods for Error Detection in OS C-based Software
- 4.3.1 Static Analysis for C code verification
- 4.3.2 Model Checking for large-scale C-based Software verification
- 4.3.3 Symbolic approximation for large-scale OS software verification
- 4.4 Conclusion
- References
- CH$5 OSS security certification
- 5.1 Open source software (OSS)
- 5.1.1 Open Source Licenses
- 5.1.2 Specificities of Open Source Development
- 5.2 OSS security
- 5.3 OSS certification
- 5.3.1 State of the art
- 5.4 Security driven OSS development
- 5.5 Security driven OSS development: A case study on Single Sign-On
- 5.5.1 Single Sign-On: Basic Concepts
- 5.5.2 A ST-based definition of trust models and requirements for SSO solutions
- 5.5.3 Requirements
- 5.5.4 A case study: CAS++
- 5.6 Conclusions
- References
- CH$6 Case Study 1: Linux certification
- 6.1 The Controlled Access Protection Profile and the SLES8 Security Target
- 6.1.1 SLES8 Overview
- 6.1.2 Target of Evaluation (TOE)
- 6.1.3 Security environment
- 6.1.4 Security objectives
- 6.1.5 Security requirements
- 6.2 Evaluation process
- 6.2.1 Producing the Evidence
- 6.3 The Linux Test Project
- 6.3.1 Writing a LTP test case
- 6.4 Evaluation Tests
- 6.4.1 Running the LTP test suite
- 6.4.2 Test suite mapping
- 6.4.3 Automatic Test Selection Example Based on SLES8 Security Functions
- 6.5 Evaluation Results
- 6.6 Horizontal and Vertical reuse of SLES8 evaluation
- 6.6.1 Across distribution extension
- 6.6.2 SLES8 certification within a composite product
- 6.7 Conclusions
- References
- CH$7 Case Study 2: ICSA and CCHIT Certifications
- 7.1 Introduction
- 7.2 ICSA Dynamic Certification Framework
- 7.3 A closer look to ICSA certification
- 7.3.1 Certification process
- 7.4 A case study: the ICSA certification of the Endian firewall
- 7.5 Endian Test Plan
- 7.5.1 Hardware configuration
- 7.5.2 Software configuration
- 7.5.3 Features to test
- 7.5.
- Summary
- This title discusses security certification standards and establishes the need to certify open source tools and applications. It is suitable for researchers and advanced-level students in computer science.
- Subject headings
- Open source software. Computer security.
- ISBN
- 9780387773230 (hbk.) 0387773231 (hbk.)