Search Results

Open source systems security certification

Author

Damiani, Ernesto, 1960-

Title

Open source systems security certification / Ernesto Damiani, Claudio Agostino Ardagna, Nabil El Ioini.

Format

Book

Published

New York : Springer, 2009.

Description

xix, 202 p. : ill. ; 25 cm.

Other contributors

Ardagna, Claudio Agostino. Ioini, Nabil El.

Notes

Includes bibliographical references and index.

Contents

• Cover
• TOC$Contents
• CH$1 Introduction
• 1.1 Context and motivation
• 1.2 Software certification
• 1.2.1 Certification vs. standardization
• 1.2.2 Certification authorities
• 1.3 Software security certification
• 1.3.1 The state of the art
• 1.3.2 Changing scenarios
• 1.4 Certifying Open source
• 1.5 Conclusions
• References
• CH$2 Basic Notions on Access Control
• 2.1 Introduction
• 2.2 Access Control
• 2.2.1 Discretionary Access Control
• 2.2.2 Mandatory Access Control
• 2.2.3 Role Based Access Control
• 2.3 Conclusions
• References
• CH$3 Test based security certifications
• 3.1 Basic Notions on Software Testing
• 3.1.1 Types of Software Testing
• 3.1.2 Automation of Test Activities
• 3.1.3 Fault Terminology
• 3.1.4 Test Coverage
• 3.2 Test-based Security Certification
• 3.2.1 The Trusted Computer System Evaluation Criteria (TCSEC) standard
• 3.2.2 CTCPEC
• 3.2.3 ITSEC
• 3.3 The Common Criteria : A General Model for Test-based Certification
• 3.3.1 CC components
• 3.4 Conclusions
• References
• CH$4 Formal methods for software verification
• 4.1 Introduction
• 4.2 Formal methods for software verification
• 4.2.1 Model Checking
• 4.2.2 Static Analysis
• 4.2.3 Untrusted code
• 4.2.4 Security by contract
• 4.3 Formal Methods for Error Detection in OS C-based Software
• 4.3.1 Static Analysis for C code verification
• 4.3.2 Model Checking for large-scale C-based Software verification
• 4.3.3 Symbolic approximation for large-scale OS software verification
• 4.4 Conclusion
• References
• CH$5 OSS security certification
• 5.1 Open source software (OSS)
• 5.1.1 Open Source Licenses
• 5.1.2 Specificities of Open Source Development
• 5.2 OSS security
• 5.3 OSS certification
• 5.3.1 State of the art
• 5.4 Security driven OSS development
• 5.5 Security driven OSS development: A case study on Single Sign-On
• 5.5.1 Single Sign-On: Basic Concepts
• 5.5.2 A ST-based definition of trust models and requirements for SSO solutions
• 5.5.3 Requirements
• 5.5.4 A case study: CAS++
• 5.6 Conclusions
• References
• CH$6 Case Study 1: Linux certification
• 6.1 The Controlled Access Protection Profile and the SLES8 Security Target
• 6.1.1 SLES8 Overview
• 6.1.2 Target of Evaluation (TOE)
• 6.1.3 Security environment
• 6.1.4 Security objectives
• 6.1.5 Security requirements
• 6.2 Evaluation process
• 6.2.1 Producing the Evidence
• 6.3 The Linux Test Project
• 6.3.1 Writing a LTP test case
• 6.4 Evaluation Tests
• 6.4.1 Running the LTP test suite
• 6.4.2 Test suite mapping
• 6.4.3 Automatic Test Selection Example Based on SLES8 Security Functions
• 6.5 Evaluation Results
• 6.6 Horizontal and Vertical reuse of SLES8 evaluation
• 6.6.1 Across distribution extension
• 6.6.2 SLES8 certification within a composite product
• 6.7 Conclusions
• References
• CH$7 Case Study 2: ICSA and CCHIT Certifications
• 7.1 Introduction
• 7.2 ICSA Dynamic Certification Framework
• 7.3 A closer look to ICSA certification
• 7.3.1 Certification process
• 7.4 A case study: the ICSA certification of the Endian firewall
• 7.5 Endian Test Plan
• 7.5.1 Hardware configuration
• 7.5.2 Software configuration
• 7.5.3 Features to test
• 7.5.

Summary

This title discusses security certification standards and establishes the need to certify open source tools and applications. It is suitable for researchers and advanced-level students in computer science.

Subject headings

Open source software. Computer security.

ISBN

9780387773230 (hbk.) 0387773231 (hbk.)